Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Python : Improve Xpath Injection Query #6331

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RasmusWL merged 6 commits into from Sep 24, 2021
Merged

Python : Improve Xpath Injection Query #6331

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c6c925d
Python : Improve Xpath Injection Query
Jul 19, 2021
2896600
Merge branch 'main' into pythonXpath
RasmusWL Sep 24, 2021
c9640ff
Python: Minor adjustments to XPath Injection
RasmusWL Sep 24, 2021
913a679
Python: Replace old XPath injection query
RasmusWL Sep 24, 2021
26d2fbd
Python: Fix new XPath injection query
RasmusWL Sep 24, 2021
d39df18
Python: Minor test cleanup
RasmusWL Sep 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Python: Minor adjustments to XPath Injection
  • Loading branch information
@RasmusWL
RasmusWL committed Sep 24, 2021
commit c9640ffdbc833bb6f4b9c8e8067e339d9997ece5
7 changes: 2 additions & 5 deletions ...xperimental/Security/CWE-643-new/Xpath.ql → ...al/Security/CWE-643-new/XpathInjection.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,19 +18,16 @@ private import semmle.python.ApiGraphs
private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.dataflow.new.BarrierGuards
import XpathInjection::XpathInjection
import DataFlow::PathGraph

class XpathInjectionConfiguration extends TaintTracking::Configuration {
XpathInjectionConfiguration() { this = "PathNotNormalizedConfiguration" }

override predicate isSource(DataFlow::Node source) { source instanceof Source }

override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
// override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
// exists(AdditionalFlowStep af | af.isAdditionalTaintStep(node1, node2))
// }
}

from XpathInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
where config.hasFlowPath(source, sink)
select sink, source, sink, "This Xpath query depends on $@.", source,
"a user-provided value"
select sink, source, sink, "This Xpath query depends on $@.", source, "a user-provided value"