Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e4b8385

Browse files
RasmusWLRasmusWL
committed
Python: Autoformat security/strings/External.qll
1 parent c94582a commit e4b8385

1 file changed

Lines changed: 25 additions & 47 deletions

File tree

python/ql/src/semmle/python/security/strings/External.qll

Lines changed: 25 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -2,45 +2,36 @@ import python
22
import Basic
33
private import Common
44

5-
/** An extensible kind of taint representing an externally controlled string.
5+
/**
6+
* An extensible kind of taint representing an externally controlled string.
67
*/
78
abstract class ExternalStringKind extends StringKind {
8-
99
bindingset[this]
10-
ExternalStringKind() {
11-
this = this
12-
}
10+
ExternalStringKind() { this = this }
1311

1412
override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) {
1513
result = StringKind.super.getTaintForFlowStep(fromnode, tonode)
1614
or
17-
tonode.(SequenceNode).getElement(_) = fromnode and result.(ExternalStringSequenceKind).getItem() = this
15+
tonode.(SequenceNode).getElement(_) = fromnode and
16+
result.(ExternalStringSequenceKind).getItem() = this
1817
or
1918
json_load(fromnode, tonode) and result.(ExternalJsonKind).getValue() = this
2019
or
2120
tonode.(DictNode).getAValue() = fromnode and result.(ExternalStringDictKind).getValue() = this
2221
}
23-
2422
}
2523

2624
/** A kind of "taint", representing a sequence, with a "taint" member */
2725
class ExternalStringSequenceKind extends SequenceKind {
28-
29-
ExternalStringSequenceKind() {
30-
this.getItem() instanceof ExternalStringKind
31-
}
32-
26+
ExternalStringSequenceKind() { this.getItem() instanceof ExternalStringKind }
3327
}
3428

35-
/** An hierachical dictionary or list where the entire structure is externally controlled
29+
/**
30+
* An hierachical dictionary or list where the entire structure is externally controlled
3631
* This is typically a parsed JSON object.
3732
*/
3833
class ExternalJsonKind extends TaintKind {
39-
40-
ExternalJsonKind() {
41-
this = "json[" + any(ExternalStringKind key) + "]"
42-
}
43-
34+
ExternalJsonKind() { this = "json[" + any(ExternalStringKind key) + "]" }
4435

4536
/** Gets the taint kind for item in this sequence */
4637
TaintKind getValue() {
@@ -54,65 +45,52 @@ class ExternalJsonKind extends TaintKind {
5445
json_subscript_taint(tonode, fromnode, this, result)
5546
or
5647
result = this and copy_call(fromnode, tonode)
57-
}
48+
}
5849

5950
override TaintKind getTaintOfMethodResult(string name) {
6051
name = "get" and result = this.getValue()
61-
}
62-
52+
}
6353
}
6454

6555
/** A kind of "taint", representing a dictionary mapping str->"taint" */
6656
class ExternalStringDictKind extends DictKind {
67-
68-
ExternalStringDictKind() {
69-
this.getValue() instanceof ExternalStringKind
70-
}
71-
57+
ExternalStringDictKind() { this.getValue() instanceof ExternalStringKind }
7258
}
7359

74-
/** A kind of "taint", representing a dictionary mapping strings to sequences of
75-
* tainted strings */
76-
60+
/**
61+
* A kind of "taint", representing a dictionary mapping strings to sequences of
62+
* tainted strings
63+
*/
7764
class ExternalStringSequenceDictKind extends DictKind {
78-
ExternalStringSequenceDictKind() {
79-
this.getValue() instanceof ExternalStringSequenceKind
80-
}
65+
ExternalStringSequenceDictKind() { this.getValue() instanceof ExternalStringSequenceKind }
8166
}
8267

8368
/* Helper for getTaintForStep() */
84-
pragma [noinline]
85-
private predicate json_subscript_taint(SubscriptNode sub, ControlFlowNode obj, ExternalJsonKind seq, TaintKind key) {
69+
pragma[noinline]
70+
private predicate json_subscript_taint(
71+
SubscriptNode sub, ControlFlowNode obj, ExternalJsonKind seq, TaintKind key
72+
) {
8673
sub.isLoad() and
8774
sub.getValue() = obj and
8875
key = seq.getValue()
8976
}
9077

91-
9278
private predicate json_load(ControlFlowNode fromnode, CallNode tonode) {
9379
exists(FunctionObject json_loads |
9480
ModuleObject::named("json").attr("loads") = json_loads and
95-
json_loads.getACall() = tonode and tonode.getArg(0) = fromnode
81+
json_loads.getACall() = tonode and
82+
tonode.getArg(0) = fromnode
9683
)
9784
}
9885

9986
/** A kind of "taint", representing an open file-like object from an external source. */
10087
class ExternalFileObject extends TaintKind {
101-
102-
ExternalFileObject() {
103-
this = "file[" + any(ExternalStringKind key) + "]"
104-
}
105-
88+
ExternalFileObject() { this = "file[" + any(ExternalStringKind key) + "]" }
10689

10790
/** Gets the taint kind for the contents of this file */
108-
TaintKind getValue() {
109-
this = "file[" + result + "]"
110-
}
91+
TaintKind getValue() { this = "file[" + result + "]" }
11192

11293
override TaintKind getTaintOfMethodResult(string name) {
11394
name = "read" and result = this.getValue()
11495
}
115-
11696
}
117-
118-

0 commit comments

Comments
 (0)