File tree Expand file tree Collapse file tree 1 file changed +12
-10
lines changed
python/ql/src/Security/CWE-022 Expand file tree Collapse file tree 1 file changed +12
-10
lines changed Original file line number Diff line number Diff line change 1414 * external/cwe/cwe-036
1515 * external/cwe/cwe-073
1616 * external/cwe/cwe-099
17- *
17+ */
18+
19+ import python
20+ import semmle.python.dataflow.new.DataFlow
21+ import semmle.python.dataflow.new.DataFlow2
22+ import semmle.python.dataflow.new.TaintTracking
23+ import semmle.python.dataflow.new.TaintTracking2
24+ import semmle.python.Concepts
25+ import semmle.python.dataflow.new.RemoteFlowSources
26+ import ChainedConfigs12
27+
28+ /*
1829 * The query detects cases where a user-controlled path is used in an unsafe manner,
1930 * meaning it is not both normalized and _afterwards_ checked.
2031 *
3647 * to a sink.
3748 */
3849
39- import python
40- import semmle.python.dataflow.new.DataFlow
41- import semmle.python.dataflow.new.DataFlow2
42- import semmle.python.dataflow.new.TaintTracking
43- import semmle.python.dataflow.new.TaintTracking2
44- import semmle.python.Concepts
45- import semmle.python.dataflow.new.RemoteFlowSources
46- import ChainedConfigs12
47-
4850// ---------------------------------------------------------------------------
4951// Case 1. The path is never normalized.
5052// ---------------------------------------------------------------------------
You can’t perform that action at this time.
0 commit comments