feat(python): Add Debugging queries

Author: GeekMasher

python/src/debugging/PartialPathsFromSink.ql

@@ -0,0 +1,44 @@
+/**
+ * @name Partial Path Query from Sink
+ * @kind path-problem
+ * @problem.severity warning
+ * @security-severity 1.0
+ * @sub-severity low
+ * @precision low
+ * @id py/debugging/partial-path-from-sink
+ * @tags debugging
+ */
+
+import python
+import ghsl
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+import semmle.python.Concepts
+import semmle.python.dataflow.new.RemoteFlowSources
+import semmle.python.dataflow.new.BarrierGuards
+import semmle.python.ApiGraphs
+
+// Partial Graph
+module PartialFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { any() }
+
+  predicate isSink(DataFlow::Node sink) { sink instanceof AllSinks }
+}
+
+int explorationLimit() { result = 10 }
+
+private module PartialFlows = DataFlow::Global<PartialFlowConfig>;
+
+private module PartialFlowsGraph = PartialFlows::FlowExplorationRev<explorationLimit/0>;
+
+private import PartialFlowsGraph::PartialPathGraph
+
+from PartialFlowsGraph::PartialPathNode source, PartialFlowsGraph::PartialPathNode sink
+where
+  /// Only show sinks from a certain file
+  // findByLocation(sink.getNode(), "File.java", _) and
+  /// Only show sources that match our criteria
+  // checkSource(source.getNode()) and
+  /// Partical Path
+  PartialFlowsGraph::partialFlow(source, sink, _)
+select sink.getNode(), source, sink, "Partial Graph $@.", source.getNode(), "user-provided value"

python/src/debugging/PartialPathsFromSource.ql

@@ -0,0 +1,47 @@
+/**
+ * @name Partial Path Query from Source
+ * @kind path-problem
+ * @problem.severity warning
+ * @security-severity 1.0
+ * @sub-severity low
+ * @precision low
+ * @id py/debugging/partial-path-from-source
+ * @tags debugging
+ */
+
+import python
+import ghsl
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+import semmle.python.Concepts
+import semmle.python.dataflow.new.RemoteFlowSources
+import semmle.python.dataflow.new.BarrierGuards
+import semmle.python.ApiGraphs
+
+// Partial Graph
+module PartialFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    source instanceof AllSources and
+    // Make sure the source node is in the source code
+    source.getScope().inSource()
+  }
+
+  predicate isSink(DataFlow::Node sink) { none() }
+}
+
+int explorationLimit() { result = 10 }
+
+module PartialFlows = DataFlow::Global<PartialFlowConfig>;
+
+module PartialFlowsGraph = PartialFlows::FlowExplorationFwd<explorationLimit/0>;
+
+import PartialFlowsGraph::PartialPathGraph
+
+from PartialFlowsGraph::PartialPathNode source, PartialFlowsGraph::PartialPathNode sink
+where
+  PartialFlowsGraph::partialFlow(source, sink, _) and
+  /// Filter by location
+  filterByLocation(source.getNode(), "app.py", _)
+/// Filter by Function Parameters
+// and functionParameters(sink.getNode())
+select sink.getNode(), source, sink, "Partial Graph $@.", source.getNode(), "user-provided value"

python/src/debugging/Sinks.ql

@@ -0,0 +1,16 @@
+/**
+ * @name List of all known sinks
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 1.0
+ * @sub-severity low
+ * @precision high
+ * @id py/debugging/sinks
+ * @tags debugging
+ */
+
+import python
+import ghsl
+
+from AllSinks sinks
+select sinks, "sink[" + sinks.sinkType() + "]"

python/src/debugging/Sources.ql

@@ -0,0 +1,19 @@
+/**
+ * @name List of all known sources (remote, local, etc.)
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 1.0
+ * @sub-severity low
+ * @precision high
+ * @id py/debugging/sources
+ * @tags debugging
+ */
+
+import python
+import ghsl
+
+from AllSources sources, string threatModel
+where threatModel = sources.getThreatModel()
+// Local sources
+// sources.getThreatModel() = "local"
+select sources, "source[" + threatModel + "]"