Skip to content

Commit 36812af

Browse files
RasmusWLRasmusWL
committed
Python: Add test for Python2 specific command injection
1 parent 737b2b8 commit 36812af

File tree

4 files changed

+79
-0
lines changed

4 files changed

+79
-0
lines changed

python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-078-py2/CommandInjection.expected

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
edges
2+
| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:19:15:19:27 | ControlFlowNode for BinaryExpr |
3+
| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:20:15:20:27 | ControlFlowNode for BinaryExpr |
4+
| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:21:15:21:27 | ControlFlowNode for BinaryExpr |
5+
| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr |
6+
| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr |
7+
| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:25:19:25:31 | ControlFlowNode for BinaryExpr |
8+
| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:26:19:26:31 | ControlFlowNode for BinaryExpr |
9+
| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:27:19:27:31 | ControlFlowNode for BinaryExpr |
10+
| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:28:19:28:31 | ControlFlowNode for BinaryExpr |
11+
| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr |
12+
| command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr | file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:453:11:453:13 | SSA variable cmd |
13+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:415:23:415:25 | SSA variable cmd | file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:421:19:421:41 | ControlFlowNode for BinaryExpr |
14+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:453:11:453:13 | SSA variable cmd | file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:482:22:482:24 | ControlFlowNode for cmd |
15+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:453:11:453:13 | SSA variable cmd | file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:482:22:482:24 | ControlFlowNode for cmd |
16+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:453:11:453:13 | SSA variable cmd | file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:484:22:484:24 | ControlFlowNode for cmd |
17+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:482:22:482:24 | ControlFlowNode for cmd | file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:415:23:415:25 | SSA variable cmd |
18+
nodes
19+
| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
20+
| command_injection.py:19:15:19:27 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
21+
| command_injection.py:20:15:20:27 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
22+
| command_injection.py:21:15:21:27 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
23+
| command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
24+
| command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
25+
| command_injection.py:25:19:25:31 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
26+
| command_injection.py:26:19:26:31 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
27+
| command_injection.py:27:19:27:31 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
28+
| command_injection.py:28:19:28:31 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
29+
| command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
30+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:415:23:415:25 | SSA variable cmd | semmle.label | SSA variable cmd |
31+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:421:19:421:41 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
32+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:453:11:453:13 | SSA variable cmd | semmle.label | SSA variable cmd |
33+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:482:22:482:24 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
34+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:482:22:482:24 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
35+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:484:22:484:24 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
36+
#select
37+
| command_injection.py:19:15:19:27 | ControlFlowNode for BinaryExpr | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:19:15:19:27 | ControlFlowNode for BinaryExpr | This command depends on $@. | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | a user-provided value |
38+
| command_injection.py:20:15:20:27 | ControlFlowNode for BinaryExpr | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:20:15:20:27 | ControlFlowNode for BinaryExpr | This command depends on $@. | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | a user-provided value |
39+
| command_injection.py:21:15:21:27 | ControlFlowNode for BinaryExpr | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:21:15:21:27 | ControlFlowNode for BinaryExpr | This command depends on $@. | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | a user-provided value |
40+
| command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr | This command depends on $@. | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | a user-provided value |
41+
| command_injection.py:25:19:25:31 | ControlFlowNode for BinaryExpr | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:25:19:25:31 | ControlFlowNode for BinaryExpr | This command depends on $@. | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | a user-provided value |
42+
| command_injection.py:26:19:26:31 | ControlFlowNode for BinaryExpr | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:26:19:26:31 | ControlFlowNode for BinaryExpr | This command depends on $@. | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | a user-provided value |
43+
| command_injection.py:27:19:27:31 | ControlFlowNode for BinaryExpr | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:27:19:27:31 | ControlFlowNode for BinaryExpr | This command depends on $@. | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | a user-provided value |
44+
| command_injection.py:28:19:28:31 | ControlFlowNode for BinaryExpr | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:28:19:28:31 | ControlFlowNode for BinaryExpr | This command depends on $@. | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | a user-provided value |
45+
| command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr | This command depends on $@. | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | a user-provided value |
46+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:421:19:421:41 | ControlFlowNode for BinaryExpr | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:421:19:421:41 | ControlFlowNode for BinaryExpr | This command depends on $@. | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | a user-provided value |
47+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:482:22:482:24 | ControlFlowNode for cmd | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:482:22:482:24 | ControlFlowNode for cmd | This command depends on $@. | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | a user-provided value |
48+
| file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:484:22:484:24 | ControlFlowNode for cmd | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | file:///home/rasmus/.pyenv/versions/2.7.17/lib/python2.7/platform.py:484:22:484:24 | ControlFlowNode for cmd | This command depends on $@. | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | a user-provided value |

python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-078-py2/CommandInjection.qlref

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
experimental/Security-new-dataflow/CWE-078/CommandInjection.ql

python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-078-py2/command_injection.py

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
import os
2+
import platform
3+
import popen2
4+
5+
from flask import Flask, request
6+
7+
app = Flask(__name__)
8+
9+
10+
@app.route("/python2-specific")
11+
def python2_specific():
12+
"""
13+
These tests are mostly included to check for extra paths that can be generated if
14+
we can track flow into the implementation of stdlib function, and then to an other sink.
15+
See comment in query for more details.
16+
"""
17+
18+
files = request.args.get("files", "")
19+
os.popen2("ls " + files)
20+
os.popen3("ls " + files)
21+
os.popen4("ls " + files)
22+
23+
platform.popen("ls " + files)
24+
25+
popen2.popen2("ls " + files)
26+
popen2.popen3("ls " + files)
27+
popen2.popen4("ls " + files)
28+
popen2.Popen3("ls " + files)
29+
popen2.Popen4("ls " + files)

python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-078-py2/options

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
semmle-extractor-options: --max-import-depth=1 --lang=2

0 commit comments

Comments
 (0)