File tree Expand file tree Collapse file tree 4 files changed +5
-11
lines changed
src/semmle/python/security
test/query-tests/Security Expand file tree Collapse file tree 4 files changed +5
-11
lines changed Original file line number Diff line number Diff line change @@ -3,16 +3,18 @@ import python
33import semmle.python.security.TaintTracking
44
55query predicate edges ( TaintedNode fromnode , TaintedNode tonode ) {
6- fromnode .getASuccessor ( ) = tonode
6+ fromnode .getASuccessor ( ) = tonode and
7+ /* Don't record flow past sinks */
8+ not fromnode .isVulnerableSink ( )
79}
810
911private TaintedNode first_child ( TaintedNode parent ) {
1012 result .getContext ( ) .getCaller ( ) = parent .getContext ( ) and
11- parent . getASuccessor ( ) = result
13+ edges ( parent , result )
1214}
1315
1416private TaintedNode next_sibling ( TaintedNode child ) {
15- child . getASuccessor ( ) = result and
17+ edges ( child , result ) and
1618 child .getContext ( ) = result .getContext ( )
1719}
1820
Original file line number Diff line number Diff line change 11edges
22| command_injection.py:10:13:10:24 | dict of externally controlled string | command_injection.py:10:13:10:41 | externally controlled string |
33| command_injection.py:10:13:10:41 | externally controlled string | command_injection.py:12:23:12:27 | externally controlled string |
4- | command_injection.py:12:15:12:27 | externally controlled string | ../lib/os/__init__.py:1:12:1:14 | externally controlled string |
54| command_injection.py:12:23:12:27 | externally controlled string | command_injection.py:12:15:12:27 | externally controlled string |
65| command_injection.py:17:13:17:24 | dict of externally controlled string | command_injection.py:17:13:17:41 | externally controlled string |
76| command_injection.py:17:13:17:41 | externally controlled string | command_injection.py:19:29:19:33 | externally controlled string |
1211| command_injection.py:25:23:25:25 | externally controlled string | command_injection.py:25:22:25:36 | sequence of externally controlled string |
1312| command_injection.py:30:13:30:24 | dict of externally controlled string | command_injection.py:30:13:30:41 | externally controlled string |
1413| command_injection.py:30:13:30:41 | externally controlled string | command_injection.py:32:22:32:26 | externally controlled string |
15- | command_injection.py:32:14:32:26 | externally controlled string | ../lib/os/__init__.py:4:11:4:13 | externally controlled string |
1614| command_injection.py:32:22:32:26 | externally controlled string | command_injection.py:32:14:32:26 | externally controlled string |
1715parents
18- | ../lib/os/__init__.py:1:12:1:14 | externally controlled string | command_injection.py:12:15:12:27 | externally controlled string |
19- | ../lib/os/__init__.py:4:11:4:13 | externally controlled string | command_injection.py:32:14:32:26 | externally controlled string |
2016#select
2117| command_injection.py:12:15:12:27 | shell command | command_injection.py:10:13:10:24 | dict of externally controlled string | command_injection.py:12:15:12:27 | externally controlled string | This command depends on $@. | command_injection.py:10:13:10:24 | flask.request.args | a user-provided value |
2218| command_injection.py:19:22:19:34 | shell command | command_injection.py:17:13:17:24 | dict of externally controlled string | command_injection.py:19:22:19:34 | sequence of externally controlled string | This command depends on $@. | command_injection.py:17:13:17:24 | flask.request.args | a user-provided value |
Original file line number Diff line number Diff line change 44| test.py:11:15:11:41 | externally controlled string | test.py:13:15:13:21 | externally controlled string |
55| test.py:11:15:11:41 | externally controlled string | test.py:14:19:14:25 | externally controlled string |
66| test.py:11:15:11:41 | externally controlled string | test.py:16:16:16:22 | externally controlled string |
7- | test.py:13:15:13:21 | externally controlled string | ../lib/yaml.py:1:10:1:10 | externally controlled string |
87parents
9- | ../lib/yaml.py:1:10:1:10 | externally controlled string | test.py:13:15:13:21 | externally controlled string |
108#select
119| test.py:12:18:12:24 | unpickling untrusted data | test.py:11:15:11:26 | dict of externally controlled string | test.py:12:18:12:24 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
1210| test.py:13:15:13:21 | yaml.load vulnerability | test.py:11:15:11:26 | dict of externally controlled string | test.py:13:15:13:21 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
Original file line number Diff line number Diff line change 11edges
22| test.py:7:22:7:33 | dict of externally controlled string | test.py:7:22:7:51 | externally controlled string |
33| test.py:7:22:7:51 | externally controlled string | test.py:8:21:8:26 | externally controlled string |
4- | test.py:8:21:8:26 | externally controlled string | ../lib/flask/__init__.py:11:14:11:21 | externally controlled string |
54| test.py:15:17:15:28 | dict of externally controlled string | test.py:15:17:15:42 | externally controlled string |
65| test.py:15:17:15:42 | externally controlled string | test.py:17:13:17:21 | externally controlled string |
76parents
8- | ../lib/flask/__init__.py:11:14:11:21 | externally controlled string | test.py:8:21:8:26 | externally controlled string |
97#select
108| test.py:8:21:8:26 | flask.redirect | test.py:7:22:7:33 | dict of externally controlled string | test.py:8:21:8:26 | externally controlled string | Untrusted URL redirection due to $@. | test.py:7:22:7:33 | flask.request.args | a user-provided value |
You can’t perform that action at this time.
0 commit comments