Merge pull request #36 from GitHubSecurityLab/python-update

Alvaro Muñoz · web-flow · commit 09d4fb757339 · 2024-01-12T09:34:58.000+01:00
Python: Bump dependencies and versions for Python
diff --git a/python/lib/codeql-pack.lock.yml b/python/lib/codeql-pack.lock.yml
@@ -2,19 +2,21 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/dataflow:
-    version: 0.0.3
+    version: 0.1.5
   codeql/mad:
-    version: 0.1.4
+    version: 0.2.5
   codeql/python-all:
-    version: 0.10.4
+    version: 0.11.5
   codeql/regex:
-    version: 0.1.4
+    version: 0.2.5
   codeql/ssa:
-    version: 0.1.4
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.4
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.4
+    version: 0.2.5
   codeql/yaml:
-    version: 0.1.4
+    version: 0.2.5
 compiled: false
diff --git a/python/lib/qlpack.yml b/python/lib/qlpack.yml
@@ -1,5 +1,5 @@
 library: true 
 name: githubsecuritylab/codeql-python-libs
-version: 0.0.1
+version: 0.1.0
 dependencies:
   codeql/python-all: '*'
diff --git a/python/src/audit/CWE-079/XssFlaskAudit.ql b/python/src/audit/CWE-079/XssFlaskAudit.ql
@@ -14,7 +14,6 @@
  */
 
 import python
-import DataFlow::PathGraph
 import semmle.python.Concepts
 import semmle.python.ApiGraphs
 import semmle.python.dataflow.new.DataFlow
@@ -33,17 +32,19 @@ class DynamicTemplate extends DataFlow::Node {
   }
 }
 
-class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "AuditXSSJinja2" }
+module Configuration implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof ReflectedXss::Source }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof ReflectedXss::Source }
+  predicate isSink(DataFlow::Node sink) { sink instanceof DynamicTemplate }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof DynamicTemplate }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof ReflectedXss::Sanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof ReflectedXss::Sanitizer }
 }
 
-from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+module ConfigurationFlow = TaintTracking::Global<Configuration>;
+
+import ConfigurationFlow::PathGraph //importing the path graph from the module
+
+from ConfigurationFlow::PathNode source, ConfigurationFlow::PathNode sink
+where ConfigurationFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to a $@.",
   source.getNode(), "user-provided value"
diff --git a/python/src/audit/CWE-089/SqlInjectionAudit.ql b/python/src/audit/CWE-089/SqlInjectionAudit.ql
@@ -17,25 +17,25 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.Concepts
 import semmle.python.dataflow.new.BarrierGuards
 import semmle.python.ApiGraphs
-import DataFlow::PathGraph
 private import semmle.python.security.dataflow.SqlInjectionCustomizations
-//
 import ghsl.Utils
 
 /**
  * A taint-tracking configuration for detecting SQL injection vulnerabilities.
  */
-class SqlInjectionHeuristic extends TaintTracking::Configuration {
-  SqlInjectionHeuristic() { this = "SqlInjectionHeuristic" }
+module SqlInjectionHeuristicConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof DynamicStrings }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof DynamicStrings }
+  predicate isSink(DataFlow::Node sink) { sink instanceof SqlInjection::Sink }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof SqlInjection::Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof SqlInjection::Sanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SqlInjection::Sanitizer }
 }
 
-from SqlInjectionHeuristic config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This SQL query depends on $@.", source.getNode(),
-  "a user-provided value"
+module SqlInjectionHeuristicFlow = TaintTracking::Global<SqlInjectionHeuristicConfig>;
+
+import SqlInjectionHeuristicFlow::PathGraph //importing the path graph from the module
+
+from SqlInjectionHeuristicFlow::PathNode source, SqlInjectionHeuristicFlow::PathNode sink
+where SqlInjectionHeuristicFlow::flowPath(source, sink)
+select sink.getNode(), source, sink, "This SQL query depends on a $@.", source.getNode(),
+  "user-provided value"
diff --git a/python/src/codeql-pack.lock.yml b/python/src/codeql-pack.lock.yml
@@ -2,19 +2,21 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/dataflow:
-    version: 0.0.3
+    version: 0.1.5
   codeql/mad:
-    version: 0.1.4
+    version: 0.2.5
   codeql/python-all:
-    version: 0.10.4
+    version: 0.11.5
   codeql/regex:
-    version: 0.1.4
+    version: 0.2.5
   codeql/ssa:
-    version: 0.1.4
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.4
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.4
+    version: 0.2.5
   codeql/yaml:
-    version: 0.1.4
+    version: 0.2.5
 compiled: false
diff --git a/python/src/qlpack.yml b/python/src/qlpack.yml
@@ -1,8 +1,8 @@
 library: false
 name: githubsecuritylab/codeql-python-queries
-version: 0.0.3
+version: 0.0.4
 suites: suites
 defaultSuiteFile: suites/python.qls
 dependencies:
   codeql/python-all: '*'
-  githubsecuritylab/codeql-python-libs: 0.0.1
+  githubsecuritylab/codeql-python-libs: 0.0.2
diff --git a/python/test/audit/CWE-079/XssFlaskAudit.expected b/python/test/audit/CWE-079/XssFlaskAudit.expected
@@ -1,15 +1,13 @@
 edges
 | app.py:1:26:1:32 | ControlFlowNode for ImportMember | app.py:1:26:1:32 | GSSA Variable request |
 | app.py:1:26:1:32 | GSSA Variable request | app.py:12:16:12:22 | ControlFlowNode for request |
-| app.py:12:16:12:22 | ControlFlowNode for request | app.py:12:16:12:27 | ControlFlowNode for Attribute |
-| app.py:12:16:12:27 | ControlFlowNode for Attribute | app.py:12:16:12:39 | ControlFlowNode for Subscript |
-| app.py:12:16:12:39 | ControlFlowNode for Subscript | app.py:14:51:14:58 | ControlFlowNode for username |
+| app.py:12:5:12:12 | SSA variable username | app.py:14:51:14:58 | ControlFlowNode for username |
+| app.py:12:16:12:22 | ControlFlowNode for request | app.py:12:5:12:12 | SSA variable username |
 nodes
 | app.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | app.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request |
+| app.py:12:5:12:12 | SSA variable username | semmle.label | SSA variable username |
 | app.py:12:16:12:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| app.py:12:16:12:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| app.py:12:16:12:39 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 | app.py:14:51:14:58 | ControlFlowNode for username | semmle.label | ControlFlowNode for username |
 subpaths
 #select
diff --git a/python/test/audit/CWE-089/SqlInjectionAudit.expected b/python/test/audit/CWE-089/SqlInjectionAudit.expected
@@ -1,20 +1,28 @@
 edges
-| sqli.py:17:9:17:60 | ControlFlowNode for Fstring | sqli.py:18:16:18:20 | ControlFlowNode for query |
-| sqli.py:21:9:21:68 | ControlFlowNode for Attribute() | sqli.py:22:16:22:20 | ControlFlowNode for query |
-| sqli.py:25:9:25:60 | ControlFlowNode for BinaryExpr | sqli.py:26:16:26:20 | ControlFlowNode for query |
-| sqli.py:30:9:30:58 | ControlFlowNode for BinaryExpr | sqli.py:31:16:31:20 | ControlFlowNode for query |
+| sqli.py:17:1:17:5 | GSSA Variable query | sqli.py:18:16:18:20 | ControlFlowNode for query |
+| sqli.py:17:9:17:60 | ControlFlowNode for Fstring | sqli.py:17:1:17:5 | GSSA Variable query |
+| sqli.py:21:1:21:5 | GSSA Variable query | sqli.py:22:16:22:20 | ControlFlowNode for query |
+| sqli.py:21:9:21:68 | ControlFlowNode for Attribute() | sqli.py:21:1:21:5 | GSSA Variable query |
+| sqli.py:25:1:25:5 | GSSA Variable query | sqli.py:26:16:26:20 | ControlFlowNode for query |
+| sqli.py:25:9:25:60 | ControlFlowNode for BinaryExpr | sqli.py:25:1:25:5 | GSSA Variable query |
+| sqli.py:30:1:30:5 | GSSA Variable query | sqli.py:31:16:31:20 | ControlFlowNode for query |
+| sqli.py:30:9:30:58 | ControlFlowNode for BinaryExpr | sqli.py:30:1:30:5 | GSSA Variable query |
 nodes
+| sqli.py:17:1:17:5 | GSSA Variable query | semmle.label | GSSA Variable query |
 | sqli.py:17:9:17:60 | ControlFlowNode for Fstring | semmle.label | ControlFlowNode for Fstring |
 | sqli.py:18:16:18:20 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
+| sqli.py:21:1:21:5 | GSSA Variable query | semmle.label | GSSA Variable query |
 | sqli.py:21:9:21:68 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | sqli.py:22:16:22:20 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
+| sqli.py:25:1:25:5 | GSSA Variable query | semmle.label | GSSA Variable query |
 | sqli.py:25:9:25:60 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
 | sqli.py:26:16:26:20 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
+| sqli.py:30:1:30:5 | GSSA Variable query | semmle.label | GSSA Variable query |
 | sqli.py:30:9:30:58 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
 | sqli.py:31:16:31:20 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
 subpaths
 #select
-| sqli.py:18:16:18:20 | ControlFlowNode for query | sqli.py:17:9:17:60 | ControlFlowNode for Fstring | sqli.py:18:16:18:20 | ControlFlowNode for query | This SQL query depends on $@. | sqli.py:17:9:17:60 | ControlFlowNode for Fstring | a user-provided value |
-| sqli.py:22:16:22:20 | ControlFlowNode for query | sqli.py:21:9:21:68 | ControlFlowNode for Attribute() | sqli.py:22:16:22:20 | ControlFlowNode for query | This SQL query depends on $@. | sqli.py:21:9:21:68 | ControlFlowNode for Attribute() | a user-provided value |
-| sqli.py:26:16:26:20 | ControlFlowNode for query | sqli.py:25:9:25:60 | ControlFlowNode for BinaryExpr | sqli.py:26:16:26:20 | ControlFlowNode for query | This SQL query depends on $@. | sqli.py:25:9:25:60 | ControlFlowNode for BinaryExpr | a user-provided value |
-| sqli.py:31:16:31:20 | ControlFlowNode for query | sqli.py:30:9:30:58 | ControlFlowNode for BinaryExpr | sqli.py:31:16:31:20 | ControlFlowNode for query | This SQL query depends on $@. | sqli.py:30:9:30:58 | ControlFlowNode for BinaryExpr | a user-provided value |
+| sqli.py:18:16:18:20 | ControlFlowNode for query | sqli.py:17:9:17:60 | ControlFlowNode for Fstring | sqli.py:18:16:18:20 | ControlFlowNode for query | This SQL query depends on a $@. | sqli.py:17:9:17:60 | ControlFlowNode for Fstring | user-provided value |
+| sqli.py:22:16:22:20 | ControlFlowNode for query | sqli.py:21:9:21:68 | ControlFlowNode for Attribute() | sqli.py:22:16:22:20 | ControlFlowNode for query | This SQL query depends on a $@. | sqli.py:21:9:21:68 | ControlFlowNode for Attribute() | user-provided value |
+| sqli.py:26:16:26:20 | ControlFlowNode for query | sqli.py:25:9:25:60 | ControlFlowNode for BinaryExpr | sqli.py:26:16:26:20 | ControlFlowNode for query | This SQL query depends on a $@. | sqli.py:25:9:25:60 | ControlFlowNode for BinaryExpr | user-provided value |
+| sqli.py:31:16:31:20 | ControlFlowNode for query | sqli.py:30:9:30:58 | ControlFlowNode for BinaryExpr | sqli.py:31:16:31:20 | ControlFlowNode for query | This SQL query depends on a $@. | sqli.py:30:9:30:58 | ControlFlowNode for BinaryExpr | user-provided value |
diff --git a/python/test/codeql-pack.lock.yml b/python/test/codeql-pack.lock.yml
@@ -2,23 +2,25 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/dataflow:
-    version: 0.0.3
+    version: 0.1.5
   codeql/mad:
-    version: 0.1.4
+    version: 0.2.5
   codeql/python-all:
-    version: 0.10.4
+    version: 0.11.5
   codeql/python-queries:
-    version: 0.8.4
+    version: 0.9.5
   codeql/regex:
-    version: 0.1.4
+    version: 0.2.5
   codeql/ssa:
-    version: 0.1.4
+    version: 0.2.5
   codeql/suite-helpers:
-    version: 0.6.4
+    version: 0.7.5
   codeql/tutorial:
-    version: 0.1.4
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.4
+    version: 0.2.5
   codeql/yaml:
-    version: 0.1.4
+    version: 0.2.5
 compiled: false
diff --git a/python/test/security/CWE-078/CommandInjectionLocal.expected b/python/test/security/CWE-078/CommandInjectionLocal.expected
@@ -1,14 +1,20 @@
 edges
-| cmdi.py:4:5:4:28 | ControlFlowNode for input() | cmdi.py:7:17:7:17 | ControlFlowNode for i |
-| cmdi.py:4:5:4:28 | ControlFlowNode for input() | cmdi.py:9:17:9:30 | ControlFlowNode for Fstring |
-| cmdi.py:14:6:14:29 | ControlFlowNode for Subscript | cmdi.py:15:17:15:43 | ControlFlowNode for BinaryExpr |
-| cmdi.py:17:6:17:33 | ControlFlowNode for Attribute() | cmdi.py:18:17:18:43 | ControlFlowNode for BinaryExpr |
+| cmdi.py:4:1:4:1 | GSSA Variable i | cmdi.py:7:17:7:17 | ControlFlowNode for i |
+| cmdi.py:4:1:4:1 | GSSA Variable i | cmdi.py:9:17:9:30 | ControlFlowNode for Fstring |
+| cmdi.py:4:5:4:28 | ControlFlowNode for input() | cmdi.py:4:1:4:1 | GSSA Variable i |
+| cmdi.py:14:1:14:2 | GSSA Variable e1 | cmdi.py:15:17:15:43 | ControlFlowNode for BinaryExpr |
+| cmdi.py:14:6:14:29 | ControlFlowNode for Subscript | cmdi.py:14:1:14:2 | GSSA Variable e1 |
+| cmdi.py:17:1:17:2 | GSSA Variable e2 | cmdi.py:18:17:18:43 | ControlFlowNode for BinaryExpr |
+| cmdi.py:17:6:17:33 | ControlFlowNode for Attribute() | cmdi.py:17:1:17:2 | GSSA Variable e2 |
 nodes
+| cmdi.py:4:1:4:1 | GSSA Variable i | semmle.label | GSSA Variable i |
 | cmdi.py:4:5:4:28 | ControlFlowNode for input() | semmle.label | ControlFlowNode for input() |
 | cmdi.py:7:17:7:17 | ControlFlowNode for i | semmle.label | ControlFlowNode for i |
 | cmdi.py:9:17:9:30 | ControlFlowNode for Fstring | semmle.label | ControlFlowNode for Fstring |
+| cmdi.py:14:1:14:2 | GSSA Variable e1 | semmle.label | GSSA Variable e1 |
 | cmdi.py:14:6:14:29 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 | cmdi.py:15:17:15:43 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
+| cmdi.py:17:1:17:2 | GSSA Variable e2 | semmle.label | GSSA Variable e2 |
 | cmdi.py:17:6:17:33 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | cmdi.py:18:17:18:43 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
 subpaths
diff --git a/python/test/security/CWE-094/CodeInjectionLocal.expected b/python/test/security/CWE-094/CodeInjectionLocal.expected
@@ -1,12 +1,18 @@
 edges
-| codei.py:3:5:3:28 | ControlFlowNode for input() | codei.py:6:6:6:6 | ControlFlowNode for i |
-| codei.py:9:6:9:29 | ControlFlowNode for Subscript | codei.py:10:6:10:7 | ControlFlowNode for e1 |
-| codei.py:12:6:12:33 | ControlFlowNode for Attribute() | codei.py:13:6:13:7 | ControlFlowNode for e2 |
+| codei.py:3:1:3:1 | GSSA Variable i | codei.py:6:6:6:6 | ControlFlowNode for i |
+| codei.py:3:5:3:28 | ControlFlowNode for input() | codei.py:3:1:3:1 | GSSA Variable i |
+| codei.py:9:1:9:2 | GSSA Variable e1 | codei.py:10:6:10:7 | ControlFlowNode for e1 |
+| codei.py:9:6:9:29 | ControlFlowNode for Subscript | codei.py:9:1:9:2 | GSSA Variable e1 |
+| codei.py:12:1:12:2 | GSSA Variable e2 | codei.py:13:6:13:7 | ControlFlowNode for e2 |
+| codei.py:12:6:12:33 | ControlFlowNode for Attribute() | codei.py:12:1:12:2 | GSSA Variable e2 |
 nodes
+| codei.py:3:1:3:1 | GSSA Variable i | semmle.label | GSSA Variable i |
 | codei.py:3:5:3:28 | ControlFlowNode for input() | semmle.label | ControlFlowNode for input() |
 | codei.py:6:6:6:6 | ControlFlowNode for i | semmle.label | ControlFlowNode for i |
+| codei.py:9:1:9:2 | GSSA Variable e1 | semmle.label | GSSA Variable e1 |
 | codei.py:9:6:9:29 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 | codei.py:10:6:10:7 | ControlFlowNode for e1 | semmle.label | ControlFlowNode for e1 |
+| codei.py:12:1:12:2 | GSSA Variable e2 | semmle.label | GSSA Variable e2 |
 | codei.py:12:6:12:33 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | codei.py:13:6:13:7 | ControlFlowNode for e2 | semmle.label | ControlFlowNode for e2 |
 subpaths
diff --git a/python/test/security/CWE-502/UnsafeDeserializationLocal.expected b/python/test/security/CWE-502/UnsafeDeserializationLocal.expected
@@ -1,9 +1,13 @@
 edges
-| unsafe.py:5:5:5:11 | ControlFlowNode for input() | unsafe.py:7:14:7:14 | ControlFlowNode for i |
-| unsafe.py:10:5:10:32 | ControlFlowNode for Attribute() | unsafe.py:12:14:12:14 | ControlFlowNode for e |
+| unsafe.py:5:1:5:1 | GSSA Variable i | unsafe.py:7:14:7:14 | ControlFlowNode for i |
+| unsafe.py:5:5:5:11 | ControlFlowNode for input() | unsafe.py:5:1:5:1 | GSSA Variable i |
+| unsafe.py:10:1:10:1 | GSSA Variable e | unsafe.py:12:14:12:14 | ControlFlowNode for e |
+| unsafe.py:10:5:10:32 | ControlFlowNode for Attribute() | unsafe.py:10:1:10:1 | GSSA Variable e |
 nodes
+| unsafe.py:5:1:5:1 | GSSA Variable i | semmle.label | GSSA Variable i |
 | unsafe.py:5:5:5:11 | ControlFlowNode for input() | semmle.label | ControlFlowNode for input() |
 | unsafe.py:7:14:7:14 | ControlFlowNode for i | semmle.label | ControlFlowNode for i |
+| unsafe.py:10:1:10:1 | GSSA Variable e | semmle.label | GSSA Variable e |
 | unsafe.py:10:5:10:32 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | unsafe.py:12:14:12:14 | ControlFlowNode for e | semmle.label | ControlFlowNode for e |
 | unsafe.py:17:22:17:29 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
