Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Python: enable diff-informed data flow queries #18341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
asgerf merged 7 commits into from
Feb 11, 2025
Merged

Python: enable diff-informed data flow queries #18341

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e4a1847
Python: mass enable diff-informed data flow
asgerf Jan 23, 2025
9dfd1cc
Python: Fixup broken patch
asgerf Jan 23, 2025
15c2ccb
Python: ignore experimental for now
asgerf Jan 23, 2025
975ce06
Python: implement for polynomial redos
asgerf Jan 23, 2025
d3ee658
Python: resolve remaining TODOs
asgerf Dec 20, 2024
7d6abb4
JS: Disable diff-informedness for full SSRF
asgerf Feb 6, 2025
d3b9d1d
JS: Partial SSRF does not select the sink location
asgerf Feb 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Python: ignore experimental for now
  • Loading branch information
@asgerf
asgerf committed Feb 6, 2025
commit 15c2ccb880544ca51057d67acf8e6ec021a4f3d8
6 changes: 0 additions & 6 deletions .../experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,6 @@ private module PossibleTimingAttackAgainstHashConfig implements DataFlow::Config
predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }

predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql:41: Column 5 selects source.getResultType
none()
}
}

module PossibleTimingAttackAgainstHashFlow =
Expand Down
6 changes: 0 additions & 6 deletions ...n/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,6 @@ private module TimingAttackAgainstHashConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }

predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql:39: Column 5 selects source.getResultType
none()
}
}

module TimingAttackAgainstHashFlow = TaintTracking::Global<TimingAttackAgainstHashConfig>;
Expand Down
18 changes: 0 additions & 18 deletions python/ql/src/experimental/semmle/python/security/TimingAttack.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -271,12 +271,6 @@ module UserInputSecretConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }

predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof CredentialExpr }

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// ql/src/experimental/semmle/python/security/TimingAttack.qll:176: Flow call outside 'select' clause
none()
}
}

module UserInputSecretFlow = TaintTracking::Global<UserInputSecretConfig>;
Expand All @@ -294,12 +288,6 @@ module UserInputInComparisonConfig implements DataFlow::ConfigSig {
sink.asExpr() = [left, right]
)
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// ql/src/experimental/semmle/python/security/TimingAttack.qll:165: Flow call outside 'select' clause
none()
}
}

module UserInputInComparisonFlow = TaintTracking::Global<UserInputInComparisonConfig>;
Expand All @@ -316,12 +304,6 @@ private module ExcludeLenFuncConfig implements DataFlow::ConfigSig {
sink.asExpr() = call.getArg(0)
)
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// ql/src/experimental/semmle/python/security/TimingAttack.qll:347: Flow call outside 'select' clause
none()
}
}

module ExcludeLenFuncFlow = TaintTracking::Global<ExcludeLenFuncConfig>;
Expand Down