|
6 | 6 | */ |
7 | 7 |
|
8 | 8 | private import python |
9 | | -private import semmle.python.Concepts |
10 | 9 | private import semmle.python.dataflow.new.TaintTracking |
11 | 10 | private import semmle.python.Concepts |
12 | 11 | private import semmle.python.ApiGraphs |
@@ -40,66 +39,17 @@ module XpathInjection { |
40 | 39 | */ |
41 | 40 | class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { } |
42 | 41 |
|
43 | | - /** Returns an API node referring to `lxml.etree` */ |
44 | | - API::Node etree() { result = API::moduleImport("lxml").getMember("etree") } |
45 | | - |
46 | | - /** Returns an API node referring to `lxml.etree` */ |
47 | | - API::Node etreeFromString() { result = etree().getMember("fromstring") } |
48 | | - |
49 | | - /** Returns an API node referring to `lxml.etree.parse` */ |
50 | | - API::Node etreeParse() { result = etree().getMember("parse") } |
51 | | - |
52 | | - /** Returns an API node referring to `lxml.etree.parse` */ |
53 | | - API::Node libxml2parseFile() { result = API::moduleImport("libxml2").getMember("parseFile") } |
54 | | - |
55 | | - /** |
56 | | - * A Sink representing an argument to `etree.XPath` or `etree.ETXPath` call. |
57 | | - * |
58 | | - * from lxml import etree |
59 | | - * root = etree.XML("<xmlContent>") |
60 | | - * find_text = etree.XPath("`sink`") |
61 | | - * find_text = etree.ETXPath("`sink`") |
62 | | - */ |
63 | | - private class EtreeXpathArgument extends Sink { |
64 | | - EtreeXpathArgument() { this = etree().getMember(["XPath", "ETXPath"]).getACall().getArg(0) } |
65 | | - } |
66 | | - |
67 | | - /** |
68 | | - * A Sink representing an argument to the `etree.XPath` call. |
69 | | - * |
70 | | - * from lxml import etree |
71 | | - * root = etree.fromstring(file(XML_DB).read(), XMLParser()) |
72 | | - * find_text = root.xpath("`sink`") |
73 | | - */ |
74 | | - private class EtreeFromstringXpathArgument extends Sink { |
75 | | - EtreeFromstringXpathArgument() { |
76 | | - this = etreeFromString().getReturn().getMember("xpath").getACall().getArg(0) |
77 | | - } |
78 | | - } |
79 | | - |
80 | 42 | /** |
81 | | - * A Sink representing an argument to the `xpath` call to a parsed xml document. |
82 | | - * |
83 | | - * from lxml import etree |
84 | | - * from io import StringIO |
85 | | - * f = StringIO('<foo><bar></bar></foo>') |
86 | | - * tree = etree.parse(f) |
87 | | - * r = tree.xpath('`sink`') |
| 43 | + * A construction of an XPath expression, considered as a sink. |
88 | 44 | */ |
89 | | - private class ParseXpathArgument extends Sink { |
90 | | - ParseXpathArgument() { this = etreeParse().getReturn().getMember("xpath").getACall().getArg(0) } |
| 45 | + class XPathConstructionArg extends Sink { |
| 46 | + XPathConstructionArg() { this = any(XPathConstruction c).getXPath() } |
91 | 47 | } |
92 | 48 |
|
93 | 49 | /** |
94 | | - * A Sink representing an argument to the `xpathEval` call to a parsed libxml2 document. |
95 | | - * |
96 | | - * import libxml2 |
97 | | - * tree = libxml2.parseFile("file.xml") |
98 | | - * r = tree.xpathEval('`sink`') |
| 50 | + * An execution of an XPath expression, considered as a sink. |
99 | 51 | */ |
100 | | - private class ParseFileXpathEvalArgument extends Sink { |
101 | | - ParseFileXpathEvalArgument() { |
102 | | - this = libxml2parseFile().getReturn().getMember("xpathEval").getACall().getArg(0) |
103 | | - } |
| 52 | + class XPathExecutionArg extends Sink { |
| 53 | + XPathExecutionArg() { this = any(XPathExecution e).getXPath() } |
104 | 54 | } |
105 | 55 | } |
0 commit comments