Skip to content

Commit 172e058

Browse files
committed
Python: unsafe -> mayExecuteInput
1 parent 00566f0 commit 172e058

File tree

9 files changed

+16
-16
lines changed

9 files changed

+16
-16
lines changed

python/ql/src/experimental/Security-new-dataflow/CWE-502/UnsafeDeserialization.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ class UnsafeDeserializationConfiguration extends TaintTracking::Configuration {
2525

2626
override predicate isSink(DataFlow::Node sink) {
2727
exists(Decoding d |
28-
d.unsafe() and
28+
d.mayExecuteInput() and
2929
sink = d.getAnInput()
3030
)
3131
}

python/ql/src/experimental/semmle/python/Concepts.qll

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -56,8 +56,8 @@ class Decoding extends DataFlow::Node {
5656

5757
Decoding() { this = range }
5858

59-
/** Holds if this call is unsafe, e.g. if it may execute arbitrary code. */
60-
predicate unsafe() { range.unsafe() }
59+
/** Holds if this call may execute code embedded in its input. */
60+
predicate mayExecuteInput() { range.mayExecuteInput() }
6161

6262
/** Gets an input that is decoded by this function. */
6363
DataFlow::Node getAnInput() { result = range.getAnInput() }
@@ -83,8 +83,8 @@ module Decoding {
8383
* extend `Decoding` instead.
8484
*/
8585
abstract class Range extends DataFlow::Node {
86-
/** Holds if this call is unsafe, e.g. if it may execute arbitrary code. */
87-
abstract predicate unsafe();
86+
/** Holds if this call may execute code embedded in its input. */
87+
abstract predicate mayExecuteInput();
8888

8989
/** Gets an input that is decoded by this function. */
9090
abstract DataFlow::Node getAnInput();

python/ql/src/experimental/semmle/python/frameworks/Dill.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ private module Dill {
4646
private class DillLoadsCall extends Decoding::Range {
4747
DillLoadsCall() { this.asCfgNode().(CallNode).getFunction() = Dill::dill::loads().asCfgNode() }
4848

49-
override predicate unsafe() { any() }
49+
override predicate mayExecuteInput() { any() }
5050

5151
override DataFlow::Node getAnInput() {
5252
result.asCfgNode() = this.asCfgNode().(CallNode).getArg(0)

python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -365,7 +365,7 @@ private module Stdlib {
365365

366366
MarshalLoadsCall() { node.getFunction() = marshal::loads().asCfgNode() }
367367

368-
override predicate unsafe() { any() }
368+
override predicate mayExecuteInput() { any() }
369369

370370
override DataFlow::Node getAnInput() { result.asCfgNode() = node.getArg(0) }
371371

@@ -416,7 +416,7 @@ private module Stdlib {
416416

417417
PickleLoadsCall() { node.getFunction() = pickle::loads().asCfgNode() }
418418

419-
override predicate unsafe() { any() }
419+
override predicate mayExecuteInput() { any() }
420420

421421
override DataFlow::Node getAnInput() { result.asCfgNode() = node.getArg(0) }
422422

python/ql/src/experimental/semmle/python/frameworks/Yaml.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ private class YamlLoadCall extends Decoding::Range, DataFlow::CfgNode {
8383
* Until 6.0 is released, we will mark `yaml.load` as possibly leading to arbitrary code execution.
8484
* See https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation for more details.
8585
*/
86-
override predicate unsafe() {
86+
override predicate mayExecuteInput() {
8787
// If the `Loader` is not set to either `SafeLoader` or `BaseLoader` or not set at all,
8888
// then the default loader will be used, which is not safe.
8989
not node.getArgByName("Loader") =
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
import dill
22

3-
dill.loads(payload) # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=dill $decodeUnsafe
3+
dill.loads(payload) # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=dill $decodeMayExecuteInput
Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
import pickle
22
import marshal
33

4-
pickle.loads(payload) # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=pickle $decodeUnsafe
5-
marshal.loads(payload) # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=marshal $decodeUnsafe
4+
pickle.loads(payload) # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=pickle $decodeMayExecuteInput
5+
marshal.loads(payload) # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=marshal $decodeMayExecuteInput
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
import yaml
22
from yaml import SafeLoader
33

4-
yaml.load(payload) # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=YAML $decodeUnsafe
4+
yaml.load(payload) # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=YAML $decodeMayExecuteInput
55
yaml.load(payload, Loader=SafeLoader) # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=YAML
66
yaml.load(payload, Loader=yaml.BaseLoader) # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=YAML

python/ql/test/experimental/meta/ConceptsTest.qll

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ class DecodingTest extends InlineExpectationsTest {
3737
DecodingTest() { this = "DecodingTest" }
3838

3939
override string getARelevantTag() {
40-
result in ["decodeInput", "decodeOutput", "decodeFormat", "decodeUnsafe"]
40+
result in ["decodeInput", "decodeOutput", "decodeFormat", "decodeMayExecuteInput"]
4141
}
4242

4343
override predicate hasActualResult(Location location, string element, string tag, string value) {
@@ -64,11 +64,11 @@ class DecodingTest extends InlineExpectationsTest {
6464
tag = "decodeFormat"
6565
)
6666
or
67-
d.unsafe() and
67+
d.mayExecuteInput() and
6868
location = d.getLocation() and
6969
element = d.toString() and
7070
value = "" and
71-
tag = "decodeUnsafe"
71+
tag = "decodeMayExecuteInput"
7272
)
7373
}
7474
}

0 commit comments

Comments
 (0)