Python: move asyncio CMDi related tests to stdlib tests

p- · p- · commit 7aa5d2dc8a00 · 2023-09-06T16:54:18.000+02:00
diff --git a/python/ql/test/library-tests/frameworks/stdlib/SystemCommandExecution.py b/python/ql/test/library-tests/frameworks/stdlib/SystemCommandExecution.py
@@ -158,3 +158,21 @@ def os_members():
 wrong_use = shlex.quote("ls {}".format(tainted))
 # still dangerous, for example
 cmd = "sh -c " + wrong_use
+
+########################################
+# Program/shell command execution via asyncio
+
+import asyncio
+from asyncio import subprocess
+
+asyncio.run(asyncio.create_subprocess_exec("executable", "arg0"))  # $getCommand="executable" getAPathArgument="executable"
+asyncio.run(subprocess.create_subprocess_exec("executable", "arg0"))  # $getCommand="executable" getAPathArgument="executable"
+
+loop = asyncio.new_event_loop()
+loop.run_until_complete(loop.subprocess_exec(asyncio.SubprocessProtocol, "executable", "arg0")) # $getCommand="executable" getAPathArgument="executable"
+
+asyncio.run(asyncio.create_subprocess_shell("shell_command"))  # $getCommand="shell_command" getAPathArgument="shell_command"
+asyncio.run(subprocess.create_subprocess_shell("shell_command")) # $getCommand="shell_command" getAPathArgument="shell_command"
+
+loop = asyncio.get_running_loop()
+loop.run_until_complete(loop.subprocess_shell(asyncio.SubprocessProtocol, "shell_command")) # $getCommand="shell_command" getAPathArgument="shell_command"
diff --git a/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected b/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected
@@ -8,12 +8,6 @@ edges
 | command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:54:15:54:21 | ControlFlowNode for request |
 | command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:71:12:71:18 | ControlFlowNode for request |
 | command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:78:12:78:18 | ControlFlowNode for request |
-| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:87:13:87:19 | ControlFlowNode for request |
-| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:92:13:92:19 | ControlFlowNode for request |
-| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:102:13:102:19 | ControlFlowNode for request |
-| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:112:13:112:19 | ControlFlowNode for request |
-| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:117:13:117:19 | ControlFlowNode for request |
-| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:122:13:122:19 | ControlFlowNode for request |
 | command_injection.py:11:5:11:9 | SSA variable files | command_injection.py:13:15:13:27 | ControlFlowNode for BinaryExpr |
 | command_injection.py:11:13:11:19 | ControlFlowNode for request | command_injection.py:11:13:11:24 | ControlFlowNode for Attribute |
 | command_injection.py:11:13:11:24 | ControlFlowNode for Attribute | command_injection.py:11:13:11:41 | ControlFlowNode for Attribute() |
@@ -51,30 +45,6 @@ edges
 | command_injection.py:78:12:78:18 | ControlFlowNode for request | command_injection.py:78:12:78:23 | ControlFlowNode for Attribute |
 | command_injection.py:78:12:78:23 | ControlFlowNode for Attribute | command_injection.py:78:12:78:39 | ControlFlowNode for Attribute() |
 | command_injection.py:78:12:78:39 | ControlFlowNode for Attribute() | command_injection.py:78:5:78:8 | SSA variable path |
-| command_injection.py:87:5:87:9 | SSA variable files | command_injection.py:88:48:88:52 | ControlFlowNode for files |
-| command_injection.py:87:13:87:19 | ControlFlowNode for request | command_injection.py:87:13:87:24 | ControlFlowNode for Attribute |
-| command_injection.py:87:13:87:24 | ControlFlowNode for Attribute | command_injection.py:87:13:87:41 | ControlFlowNode for Attribute() |
-| command_injection.py:87:13:87:41 | ControlFlowNode for Attribute() | command_injection.py:87:5:87:9 | SSA variable files |
-| command_injection.py:92:5:92:9 | SSA variable files | command_injection.py:93:51:93:55 | ControlFlowNode for files |
-| command_injection.py:92:13:92:19 | ControlFlowNode for request | command_injection.py:92:13:92:24 | ControlFlowNode for Attribute |
-| command_injection.py:92:13:92:24 | ControlFlowNode for Attribute | command_injection.py:92:13:92:41 | ControlFlowNode for Attribute() |
-| command_injection.py:92:13:92:41 | ControlFlowNode for Attribute() | command_injection.py:92:5:92:9 | SSA variable files |
-| command_injection.py:102:5:102:9 | SSA variable files | command_injection.py:106:82:106:86 | ControlFlowNode for files |
-| command_injection.py:102:13:102:19 | ControlFlowNode for request | command_injection.py:102:13:102:24 | ControlFlowNode for Attribute |
-| command_injection.py:102:13:102:24 | ControlFlowNode for Attribute | command_injection.py:102:13:102:41 | ControlFlowNode for Attribute() |
-| command_injection.py:102:13:102:41 | ControlFlowNode for Attribute() | command_injection.py:102:5:102:9 | SSA variable files |
-| command_injection.py:112:5:112:9 | SSA variable files | command_injection.py:113:49:113:53 | ControlFlowNode for files |
-| command_injection.py:112:13:112:19 | ControlFlowNode for request | command_injection.py:112:13:112:24 | ControlFlowNode for Attribute |
-| command_injection.py:112:13:112:24 | ControlFlowNode for Attribute | command_injection.py:112:13:112:41 | ControlFlowNode for Attribute() |
-| command_injection.py:112:13:112:41 | ControlFlowNode for Attribute() | command_injection.py:112:5:112:9 | SSA variable files |
-| command_injection.py:117:5:117:9 | SSA variable files | command_injection.py:118:52:118:56 | ControlFlowNode for files |
-| command_injection.py:117:13:117:19 | ControlFlowNode for request | command_injection.py:117:13:117:24 | ControlFlowNode for Attribute |
-| command_injection.py:117:13:117:24 | ControlFlowNode for Attribute | command_injection.py:117:13:117:41 | ControlFlowNode for Attribute() |
-| command_injection.py:117:13:117:41 | ControlFlowNode for Attribute() | command_injection.py:117:5:117:9 | SSA variable files |
-| command_injection.py:122:5:122:9 | SSA variable files | command_injection.py:125:83:125:87 | ControlFlowNode for files |
-| command_injection.py:122:13:122:19 | ControlFlowNode for request | command_injection.py:122:13:122:24 | ControlFlowNode for Attribute |
-| command_injection.py:122:13:122:24 | ControlFlowNode for Attribute | command_injection.py:122:13:122:41 | ControlFlowNode for Attribute() |
-| command_injection.py:122:13:122:41 | ControlFlowNode for Attribute() | command_injection.py:122:5:122:9 | SSA variable files |
 nodes
 | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | command_injection.py:5:26:5:32 | GSSA Variable request | semmle.label | GSSA Variable request |
@@ -123,36 +93,6 @@ nodes
 | command_injection.py:78:12:78:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | command_injection.py:78:12:78:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | command_injection.py:80:19:80:30 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
-| command_injection.py:87:5:87:9 | SSA variable files | semmle.label | SSA variable files |
-| command_injection.py:87:13:87:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| command_injection.py:87:13:87:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| command_injection.py:87:13:87:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| command_injection.py:88:48:88:52 | ControlFlowNode for files | semmle.label | ControlFlowNode for files |
-| command_injection.py:92:5:92:9 | SSA variable files | semmle.label | SSA variable files |
-| command_injection.py:92:13:92:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| command_injection.py:92:13:92:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| command_injection.py:92:13:92:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| command_injection.py:93:51:93:55 | ControlFlowNode for files | semmle.label | ControlFlowNode for files |
-| command_injection.py:102:5:102:9 | SSA variable files | semmle.label | SSA variable files |
-| command_injection.py:102:13:102:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| command_injection.py:102:13:102:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| command_injection.py:102:13:102:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| command_injection.py:106:82:106:86 | ControlFlowNode for files | semmle.label | ControlFlowNode for files |
-| command_injection.py:112:5:112:9 | SSA variable files | semmle.label | SSA variable files |
-| command_injection.py:112:13:112:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| command_injection.py:112:13:112:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| command_injection.py:112:13:112:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| command_injection.py:113:49:113:53 | ControlFlowNode for files | semmle.label | ControlFlowNode for files |
-| command_injection.py:117:5:117:9 | SSA variable files | semmle.label | SSA variable files |
-| command_injection.py:117:13:117:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| command_injection.py:117:13:117:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| command_injection.py:117:13:117:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| command_injection.py:118:52:118:56 | ControlFlowNode for files | semmle.label | ControlFlowNode for files |
-| command_injection.py:122:5:122:9 | SSA variable files | semmle.label | SSA variable files |
-| command_injection.py:122:13:122:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| command_injection.py:122:13:122:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| command_injection.py:122:13:122:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| command_injection.py:125:83:125:87 | ControlFlowNode for files | semmle.label | ControlFlowNode for files |
 subpaths
 #select
 | command_injection.py:13:15:13:27 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:13:15:13:27 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value |
@@ -168,9 +108,3 @@ subpaths
 | command_injection.py:59:20:59:26 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:59:20:59:26 | ControlFlowNode for command | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value |
 | command_injection.py:73:19:73:30 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:73:19:73:30 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value |
 | command_injection.py:80:19:80:30 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:80:19:80:30 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value |
-| command_injection.py:88:48:88:52 | ControlFlowNode for files | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:88:48:88:52 | ControlFlowNode for files | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value |
-| command_injection.py:93:51:93:55 | ControlFlowNode for files | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:93:51:93:55 | ControlFlowNode for files | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value |
-| command_injection.py:106:82:106:86 | ControlFlowNode for files | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:106:82:106:86 | ControlFlowNode for files | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value |
-| command_injection.py:113:49:113:53 | ControlFlowNode for files | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:113:49:113:53 | ControlFlowNode for files | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value |
-| command_injection.py:118:52:118:56 | ControlFlowNode for files | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:118:52:118:56 | ControlFlowNode for files | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value |
-| command_injection.py:125:83:125:87 | ControlFlowNode for files | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:125:83:125:87 | ControlFlowNode for files | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value |
diff --git a/python/ql/test/query-tests/Security/CWE-078-CommandInjection/DataflowQueryTest.expected b/python/ql/test/query-tests/Security/CWE-078-CommandInjection/DataflowQueryTest.expected
@@ -1,3 +1,3 @@
-failures
 missingAnnotationOnSink
+failures
 testFailures
diff --git a/python/ql/test/query-tests/Security/CWE-078-CommandInjection/command_injection.py b/python/ql/test/query-tests/Security/CWE-078-CommandInjection/command_injection.py
@@ -78,50 +78,3 @@ def restricted_characters():
     path = request.args.get('path', '')
     if re.match(r'^[a-zA-Z0-9_-]+$', path):
         os.system("ls " + path) # $SPURIOUS: result=BAD
-
-import asyncio
-from asyncio import subprocess
-
-@app.route("/asyncio-exec1")
-def asyncio_exec_command_injection1():
-    files = request.args.get('files', '')
-    asyncio.run(asyncio.create_subprocess_exec(files)) # $result=BAD
-
-@app.route("/asyncio-exec2")
-def asyncio_exec_command_injection2():
-    files = request.args.get('files', '')
-    asyncio.run(subprocess.create_subprocess_exec(files)) # $result=BAD
-
-@app.route("/asyncio-exec-args")
-def asyncio_exec_arg_injection():
-    files = request.args.get('files', '')
-    asyncio.run(asyncio.create_subprocess_exec("ls", files)) # $result=OK - only an argument injection, not a command injection
-
-@app.route("/asyncio-eventloop-command1")
-def asyncio_eventloop_exec_command_injection1():
-    files = request.args.get('files', '')
-    args = ["-a", "-l"]
-    loop = asyncio.new_event_loop()
-    try:
-        loop.run_until_complete(loop.subprocess_exec(asyncio.SubprocessProtocol, files, *args)) # $result=BAD
-    finally:
-        loop.close()
-
-@app.route("/asyncio-shell1")
-def asyncio_shell_command_injection1():
-    files = request.args.get('files', '')
-    asyncio.run(asyncio.create_subprocess_shell(files)) # $result=BAD
-
-@app.route("/asyncio-shell2")
-def asyncio_shell_command_injection1():
-    files = request.args.get('files', '')
-    asyncio.run(subprocess.create_subprocess_shell(files)) # $result=BAD
-
-@app.route("/asyncio-eventloop-shell1")
-def asyncio_eventloop_shell_command_injection1():
-    files = request.args.get('files', '')
-    loop = asyncio.new_event_loop()
-    try:
-        loop.run_until_complete(loop.subprocess_shell(asyncio.SubprocessProtocol, files)) # $result=BAD
-    finally:
-        loop.close()
