Added two new CMDi sinks fot python's stdlib

Alvaro Muñoz · Alvaro Muñoz · commit 7e0e56dadc65 · 2022-12-02T22:16:40.000+01:00
diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll
@@ -1169,7 +1169,9 @@ private module StdlibPrivate {
   private class SubprocessPopenCall extends SystemCommandExecution::Range, DataFlow::CallCfgNode {
     SubprocessPopenCall() {
       exists(string name |
-        name in ["Popen", "call", "check_call", "check_output", "run"] and
+        name in [
+            "Popen", "call", "check_call", "check_output", "run", "getoutput", "getstatusoutput"
+          ] and
         this = subprocess().getMember(name).getACall()
       )
     }

Original file line number	Diff line number	Diff line change
`@@ -1169,7 +1169,9 @@ private module StdlibPrivate {`
`1169`	`1169`	`private class SubprocessPopenCall extends SystemCommandExecution::Range, DataFlow::CallCfgNode {`
`1170`	`1170`	`SubprocessPopenCall() {`
`1171`	`1171`	`exists(string name \|`
`1172`		`- name in ["Popen", "call", "check_call", "check_output", "run"] and`
	`1172`	`+ name in [`
	`1173`	`+ "Popen", "call", "check_call", "check_output", "run", "getoutput", "getstatusoutput"`
	`1174`	`+ ] and`
`1173`	`1175`	`this = subprocess().getMember(name).getACall()`
`1174`	`1176`	`)`
`1175`	`1177`	`}`