Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit dba6b60

Browse files
RasmusWLRasmusWL
committed
Python: Deprecate old library modeling
1 parent a40fdf7 commit dba6b60

13 files changed

Lines changed: 69 additions & 63 deletions

File tree

python/ql/lib/semmle/python/security/ClearText.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ import semmle.python.security.SensitiveData
44
import semmle.python.dataflow.Files
55
import semmle.python.web.Http
66

7-
module ClearTextStorage {
7+
deprecated module ClearTextStorage {
88
abstract class Sink extends TaintSink {
99
override predicate sinks(TaintKind kind) { kind instanceof SensitiveData }
1010
}
@@ -26,7 +26,7 @@ module ClearTextStorage {
2626
}
2727
}
2828

29-
module ClearTextLogging {
29+
deprecated module ClearTextLogging {
3030
abstract class Sink extends TaintSink {
3131
override predicate sinks(TaintKind kind) { kind instanceof SensitiveData }
3232
}

python/ql/lib/semmle/python/security/Crypto.qll

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,12 @@ import semmle.python.dataflow.TaintTracking
33
private import semmle.python.security.SensitiveData
44
private import semmle.crypto.Crypto as CryptoLib
55

6-
abstract class WeakCryptoSink extends TaintSink {
6+
abstract deprecated class WeakCryptoSink extends TaintSink {
77
override predicate sinks(TaintKind taint) { taint instanceof SensitiveData }
88
}
99

1010
/** Modeling the 'pycrypto' package https://github.com/dlitz/pycrypto (latest release 2013) */
11-
module Pycrypto {
11+
deprecated module Pycrypto {
1212
ModuleValue cipher(string name) { result = Module::named("Crypto.Cipher").attr(name) }
1313

1414
class CipherInstance extends TaintKind {
@@ -58,7 +58,7 @@ module Pycrypto {
5858
}
5959
}
6060

61-
module Cryptography {
61+
deprecated module Cryptography {
6262
ModuleValue ciphers() {
6363
result = Module::named("cryptography.hazmat.primitives.ciphers") and
6464
result.isPackage()
@@ -128,7 +128,7 @@ module Cryptography {
128128
}
129129
}
130130

131-
private class CipherConfig extends TaintTracking::Configuration {
131+
deprecated private class CipherConfig extends TaintTracking::Configuration {
132132
CipherConfig() { this = "Crypto cipher config" }
133133

134134
override predicate isSource(TaintTracking::Source source) {

python/ql/lib/semmle/python/security/Exceptions.qll

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -7,13 +7,15 @@ import python
77
import semmle.python.dataflow.TaintTracking
88
import semmle.python.security.strings.Basic
99

10-
private Value traceback_function(string name) { result = Module::named("traceback").attr(name) }
10+
deprecated private Value traceback_function(string name) {
11+
result = Module::named("traceback").attr(name)
12+
}
1113

1214
/**
1315
* This represents information relating to an exception, for instance the
1416
* message, arguments or parts of the exception traceback.
1517
*/
16-
class ExceptionInfo extends StringKind {
18+
deprecated class ExceptionInfo extends StringKind {
1719
ExceptionInfo() { this = "exception.info" }
1820

1921
override string repr() { result = "exception info" }
@@ -23,12 +25,12 @@ class ExceptionInfo extends StringKind {
2325
* A class representing sources of information about
2426
* execution state exposed in tracebacks and the like.
2527
*/
26-
abstract class ErrorInfoSource extends TaintSource { }
28+
abstract deprecated class ErrorInfoSource extends TaintSource { }
2729

2830
/**
2931
* This kind represents exceptions themselves.
3032
*/
31-
class ExceptionKind extends TaintKind {
33+
deprecated class ExceptionKind extends TaintKind {
3234
ExceptionKind() { this = "exception.kind" }
3335

3436
override string repr() { result = "exception" }
@@ -44,7 +46,7 @@ class ExceptionKind extends TaintKind {
4446
* A source of exception objects, either explicitly created, or captured by an
4547
* `except` statement.
4648
*/
47-
class ExceptionSource extends ErrorInfoSource {
49+
deprecated class ExceptionSource extends ErrorInfoSource {
4850
ExceptionSource() {
4951
exists(ClassValue cls |
5052
cls.getASuperType() = ClassValue::baseException() and
@@ -63,15 +65,15 @@ class ExceptionSource extends ErrorInfoSource {
6365
* Represents a sequence of pieces of information relating to an exception,
6466
* for instance the contents of the `args` attribute, or the stack trace.
6567
*/
66-
class ExceptionInfoSequence extends SequenceKind {
68+
deprecated class ExceptionInfoSequence extends SequenceKind {
6769
ExceptionInfoSequence() { this.getItem() instanceof ExceptionInfo }
6870
}
6971

7072
/**
7173
* Represents calls to functions in the `traceback` module that return
7274
* sequences of exception information.
7375
*/
74-
class CallToTracebackFunction extends ErrorInfoSource {
76+
deprecated class CallToTracebackFunction extends ErrorInfoSource {
7577
CallToTracebackFunction() {
7678
exists(string name |
7779
name in [
@@ -92,7 +94,7 @@ class CallToTracebackFunction extends ErrorInfoSource {
9294
* Represents calls to functions in the `traceback` module that return a single
9395
* string of information about an exception.
9496
*/
95-
class FormattedTracebackSource extends ErrorInfoSource {
97+
deprecated class FormattedTracebackSource extends ErrorInfoSource {
9698
FormattedTracebackSource() { this = traceback_function("format_exc").getACall() }
9799

98100
override string toString() { result = "exception.info.source" }

python/ql/lib/semmle/python/security/SensitiveData.qll

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,15 @@ import semmle.python.web.HttpRequest
1515
import semmle.python.security.internal.SensitiveDataHeuristics
1616
private import HeuristicNames
1717

18-
abstract class SensitiveData extends TaintKind {
18+
abstract deprecated class SensitiveData extends TaintKind {
1919
bindingset[this]
2020
SensitiveData() { this = this }
2121

2222
/** Gets the classification of this sensitive data taint kind. */
2323
abstract SensitiveDataClassification getClassification();
2424
}
2525

26-
module SensitiveData {
26+
deprecated module SensitiveData {
2727
class Secret extends SensitiveData {
2828
Secret() { this = "sensitive.data.secret" }
2929

@@ -115,4 +115,4 @@ module SensitiveData {
115115
}
116116

117117
//Backwards compatibility
118-
class SensitiveDataSource = SensitiveData::Source;
118+
deprecated class SensitiveDataSource = SensitiveData::Source;

python/ql/lib/semmle/python/security/injection/Command.qll

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -11,18 +11,18 @@ import semmle.python.dataflow.TaintTracking
1111
import semmle.python.security.strings.Untrusted
1212

1313
/** Abstract taint sink that is potentially vulnerable to malicious shell commands. */
14-
abstract class CommandSink extends TaintSink { }
14+
abstract deprecated class CommandSink extends TaintSink { }
1515

16-
private ModuleObject osOrPopenModule() { result.getName() = ["os", "popen2"] }
16+
deprecated private ModuleObject osOrPopenModule() { result.getName() = ["os", "popen2"] }
1717

18-
private Object makeOsCall() {
18+
deprecated private Object makeOsCall() {
1919
exists(string name | result = ModuleObject::named("subprocess").attr(name) |
2020
name = ["Popen", "call", "check_call", "check_output", "run"]
2121
)
2222
}
2323

2424
/**Special case for first element in sequence. */
25-
class FirstElementKind extends TaintKind {
25+
deprecated class FirstElementKind extends TaintKind {
2626
FirstElementKind() { this = "sequence[" + any(ExternalStringKind key) + "][0]" }
2727

2828
override string repr() { result = "first item in sequence of " + this.getItem().repr() }
@@ -31,7 +31,7 @@ class FirstElementKind extends TaintKind {
3131
ExternalStringKind getItem() { this = "sequence[" + result + "][0]" }
3232
}
3333

34-
class FirstElementFlow extends DataFlowExtension::DataFlowNode {
34+
deprecated class FirstElementFlow extends DataFlowExtension::DataFlowNode {
3535
FirstElementFlow() { this = any(SequenceNode s).getElement(0) }
3636

3737
override ControlFlowNode getASuccessorNode(TaintKind fromkind, TaintKind tokind) {
@@ -43,7 +43,7 @@ class FirstElementFlow extends DataFlowExtension::DataFlowNode {
4343
* A taint sink that is potentially vulnerable to malicious shell commands.
4444
* The `vuln` in `subprocess.call(shell=vuln)` and similar calls.
4545
*/
46-
class ShellCommand extends CommandSink {
46+
deprecated class ShellCommand extends CommandSink {
4747
override string toString() { result = "shell command" }
4848

4949
ShellCommand() {
@@ -81,7 +81,7 @@ class ShellCommand extends CommandSink {
8181
* A taint sink that is potentially vulnerable to malicious shell commands.
8282
* The `vuln` in `subprocess.call(vuln, ...)` and similar calls.
8383
*/
84-
class OsCommandFirstArgument extends CommandSink {
84+
deprecated class OsCommandFirstArgument extends CommandSink {
8585
override string toString() { result = "OS command first argument" }
8686

8787
OsCommandFirstArgument() {
@@ -111,7 +111,7 @@ class OsCommandFirstArgument extends CommandSink {
111111
* A taint sink that is potentially vulnerable to malicious shell commands.
112112
* The `vuln` in `invoke.run(vuln, ...)` and similar calls.
113113
*/
114-
class InvokeRun extends CommandSink {
114+
deprecated class InvokeRun extends CommandSink {
115115
InvokeRun() {
116116
this = Value::named("invoke.run").(FunctionValue).getArgumentForCall(_, 0)
117117
or
@@ -127,12 +127,12 @@ class InvokeRun extends CommandSink {
127127
* Internal TaintKind to track the invoke.Context instance passed to functions
128128
* marked with @invoke.task
129129
*/
130-
private class InvokeContextArg extends TaintKind {
130+
deprecated private class InvokeContextArg extends TaintKind {
131131
InvokeContextArg() { this = "InvokeContextArg" }
132132
}
133133

134134
/** Internal TaintSource to track the context passed to functions marked with @invoke.task */
135-
private class InvokeContextArgSource extends TaintSource {
135+
deprecated private class InvokeContextArgSource extends TaintSource {
136136
InvokeContextArgSource() {
137137
exists(Function f, Expr decorator |
138138
count(f.getADecorator()) = 1 and
@@ -158,7 +158,7 @@ private class InvokeContextArgSource extends TaintSource {
158158
* A taint sink that is potentially vulnerable to malicious shell commands.
159159
* The `vuln` in `invoke.Context().run(vuln, ...)` and similar calls.
160160
*/
161-
class InvokeContextRun extends CommandSink {
161+
deprecated class InvokeContextRun extends CommandSink {
162162
InvokeContextRun() {
163163
exists(CallNode call |
164164
any(InvokeContextArg k).taints(call.getFunction().(AttrNode).getObject("run"))
@@ -187,7 +187,7 @@ class InvokeContextRun extends CommandSink {
187187
* A taint sink that is potentially vulnerable to malicious shell commands.
188188
* The `vuln` in `fabric.Group().run(vuln, ...)` and similar calls.
189189
*/
190-
class FabricGroupRun extends CommandSink {
190+
deprecated class FabricGroupRun extends CommandSink {
191191
FabricGroupRun() {
192192
exists(ClassValue cls |
193193
cls.getASuperType() = Value::named("fabric.Group") and
@@ -203,7 +203,7 @@ class FabricGroupRun extends CommandSink {
203203
// -------------------------------------------------------------------------- //
204204
// Modeling of the 'invoke' package and 'fabric' package (v 1.x)
205205
// -------------------------------------------------------------------------- //
206-
class FabricV1Commands extends CommandSink {
206+
deprecated class FabricV1Commands extends CommandSink {
207207
FabricV1Commands() {
208208
// since `run` and `sudo` are decorated, we can't use FunctionValue's :(
209209
exists(CallNode call |
@@ -228,7 +228,7 @@ class FabricV1Commands extends CommandSink {
228228
* An extension that propagates taint from the arguments of `fabric.api.execute(func, arg0, arg1, ...)`
229229
* to the parameters of `func`, since this will call `func(arg0, arg1, ...)`.
230230
*/
231-
class FabricExecuteExtension extends DataFlowExtension::DataFlowNode {
231+
deprecated class FabricExecuteExtension extends DataFlowExtension::DataFlowNode {
232232
CallNode call;
233233

234234
FabricExecuteExtension() {

python/ql/lib/semmle/python/security/injection/Deserialization.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ import python
22
import semmle.python.dataflow.TaintTracking
33

44
/** `pickle.loads(untrusted)` vulnerability. */
5-
abstract class DeserializationSink extends TaintSink {
5+
abstract deprecated class DeserializationSink extends TaintSink {
66
bindingset[this]
77
DeserializationSink() { this = this }
88
}

python/ql/lib/semmle/python/security/injection/Exec.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ import semmle.python.security.strings.Untrusted
1414
* A taint sink that represents an argument to exec or eval that is vulnerable to malicious input.
1515
* The `vuln` in `exec(vuln)` or similar.
1616
*/
17-
class StringEvaluationNode extends TaintSink {
17+
deprecated class StringEvaluationNode extends TaintSink {
1818
override string toString() { result = "exec or eval" }
1919

2020
StringEvaluationNode() {

python/ql/lib/semmle/python/security/injection/Marshal.qll

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,13 +11,15 @@ import semmle.python.dataflow.TaintTracking
1111
import semmle.python.security.strings.Untrusted
1212
import semmle.python.security.injection.Deserialization
1313

14-
private FunctionObject marshalLoads() { result = ModuleObject::named("marshal").attr("loads") }
14+
deprecated private FunctionObject marshalLoads() {
15+
result = ModuleObject::named("marshal").attr("loads")
16+
}
1517

1618
/**
1719
* A taint sink that is potentially vulnerable to malicious marshaled objects.
1820
* The `vuln` in `marshal.loads(vuln)`.
1921
*/
20-
class UnmarshalingNode extends DeserializationSink {
22+
deprecated class UnmarshalingNode extends DeserializationSink {
2123
override string toString() { result = "unmarshaling vulnerability" }
2224

2325
UnmarshalingNode() {

python/ql/lib/semmle/python/security/injection/Path.qll

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ import semmle.python.security.strings.Untrusted
66
* Prevents taint flowing through ntpath.normpath()
77
* NormalizedPath below handles that case.
88
*/
9-
class PathSanitizer extends Sanitizer {
9+
deprecated class PathSanitizer extends Sanitizer {
1010
PathSanitizer() { this = "path.sanitizer" }
1111

1212
override predicate sanitizingNode(TaintKind taint, ControlFlowNode node) {
@@ -15,7 +15,7 @@ class PathSanitizer extends Sanitizer {
1515
}
1616
}
1717

18-
private FunctionObject abspath() {
18+
deprecated private FunctionObject abspath() {
1919
exists(ModuleObject os_path | ModuleObject::named("os").attr("path") = os_path |
2020
os_path.attr("abspath") = result
2121
or
@@ -24,18 +24,18 @@ private FunctionObject abspath() {
2424
}
2525

2626
/** A path that has been normalized, but not verified to be safe */
27-
class NormalizedPath extends TaintKind {
27+
deprecated class NormalizedPath extends TaintKind {
2828
NormalizedPath() { this = "normalized.path.injection" }
2929

3030
override string repr() { result = "normalized path" }
3131
}
3232

33-
private predicate abspath_call(CallNode call, ControlFlowNode arg) {
33+
deprecated private predicate abspath_call(CallNode call, ControlFlowNode arg) {
3434
call.getFunction().refersTo(abspath()) and
3535
arg = call.getArg(0)
3636
}
3737

38-
class AbsPath extends DataFlowExtension::DataFlowNode {
38+
deprecated class AbsPath extends DataFlowExtension::DataFlowNode {
3939
AbsPath() { abspath_call(_, this) }
4040

4141
override ControlFlowNode getASuccessorNode(TaintKind fromkind, TaintKind tokind) {
@@ -45,7 +45,7 @@ class AbsPath extends DataFlowExtension::DataFlowNode {
4545
}
4646
}
4747

48-
class NormalizedPathSanitizer extends Sanitizer {
48+
deprecated class NormalizedPathSanitizer extends Sanitizer {
4949
NormalizedPathSanitizer() { this = "normalized.path.sanitizer" }
5050

5151
override predicate sanitizingEdge(TaintKind taint, PyEdgeRefinement test) {
@@ -59,7 +59,7 @@ class NormalizedPathSanitizer extends Sanitizer {
5959
* A taint sink that is vulnerable to malicious paths.
6060
* The `vuln` in `open(vuln)` and similar.
6161
*/
62-
class OpenNode extends TaintSink {
62+
deprecated class OpenNode extends TaintSink {
6363
override string toString() { result = "argument to open()" }
6464

6565
OpenNode() {

python/ql/lib/semmle/python/security/injection/Pickle.qll

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,18 +11,18 @@ import semmle.python.dataflow.TaintTracking
1111
import semmle.python.security.strings.Untrusted
1212
import semmle.python.security.injection.Deserialization
1313

14-
private ModuleObject pickleModule() {
14+
deprecated private ModuleObject pickleModule() {
1515
result.getName() = "pickle"
1616
or
1717
result.getName() = "cPickle"
1818
or
1919
result.getName() = "dill"
2020
}
2121

22-
private FunctionObject pickleLoads() { result = pickleModule().attr("loads") }
22+
deprecated private FunctionObject pickleLoads() { result = pickleModule().attr("loads") }
2323

2424
/** `pickle.loads(untrusted)` vulnerability. */
25-
class UnpicklingNode extends DeserializationSink {
25+
deprecated class UnpicklingNode extends DeserializationSink {
2626
override string toString() { result = "unpickling untrusted data" }
2727

2828
UnpicklingNode() {

0 commit comments

Comments
 (0)