Skip to content

Commit 9342e3b

Browse files
RasmusWLRasmusWL
committed
Python: Enable new test
But look at all those elements from getpass.py implementation :(
1 parent e01df3e commit 9342e3b

File tree

2 files changed

+38
-3
lines changed

2 files changed

+38
-3
lines changed

python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,37 @@
11
edges
2+
| file:///usr/lib/python3.8/getpass.py:44:14:44:17 | ControlFlowNode for None | file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd |
3+
| file:///usr/lib/python3.8/getpass.py:44:14:44:17 | ControlFlowNode for None | file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd |
4+
| file:///usr/lib/python3.8/getpass.py:44:14:44:17 | ControlFlowNode for None | file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd |
5+
| file:///usr/lib/python3.8/getpass.py:62:26:62:57 | ControlFlowNode for fallback_getpass() | file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd |
6+
| file:///usr/lib/python3.8/getpass.py:77:30:77:68 | ControlFlowNode for _raw_input() | file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd |
7+
| file:///usr/lib/python3.8/getpass.py:77:30:77:68 | ControlFlowNode for _raw_input() | file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd |
8+
| file:///usr/lib/python3.8/getpass.py:77:30:77:68 | ControlFlowNode for _raw_input() | file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd |
9+
| file:///usr/lib/python3.8/getpass.py:91:26:91:57 | ControlFlowNode for fallback_getpass() | file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd |
10+
| file:///usr/lib/python3.8/getpass.py:91:26:91:57 | ControlFlowNode for fallback_getpass() | file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd |
11+
| file:///usr/lib/python3.8/getpass.py:91:26:91:57 | ControlFlowNode for fallback_getpass() | file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd |
12+
| file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd | test.py:44:9:44:25 | ControlFlowNode for Attribute() |
13+
| file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd | test.py:44:9:44:25 | ControlFlowNode for Attribute() |
14+
| file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd | test.py:44:9:44:25 | ControlFlowNode for Attribute() |
215
| test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:20:48:20:55 | ControlFlowNode for password |
316
| test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:22:58:22:65 | ControlFlowNode for password |
417
| test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:23:58:23:65 | ControlFlowNode for password |
518
| test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:27:40:27:47 | ControlFlowNode for password |
619
| test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:30:58:30:65 | ControlFlowNode for password |
20+
| test.py:44:9:44:25 | ControlFlowNode for Attribute() | test.py:45:11:45:11 | ControlFlowNode for x |
721
| test.py:70:14:73:5 | ControlFlowNode for Dict | test.py:74:11:74:31 | ControlFlowNode for Subscript |
822
| test.py:72:21:72:37 | ControlFlowNode for Attribute | test.py:70:14:73:5 | ControlFlowNode for Dict |
923
nodes
24+
| file:///usr/lib/python3.8/getpass.py:44:14:44:17 | ControlFlowNode for None | semmle.label | ControlFlowNode for None |
25+
| file:///usr/lib/python3.8/getpass.py:62:26:62:57 | ControlFlowNode for fallback_getpass() | semmle.label | ControlFlowNode for fallback_getpass() |
26+
| file:///usr/lib/python3.8/getpass.py:77:30:77:68 | ControlFlowNode for _raw_input() | semmle.label | ControlFlowNode for _raw_input() |
27+
| file:///usr/lib/python3.8/getpass.py:77:30:77:68 | ControlFlowNode for _raw_input() | semmle.label | ControlFlowNode for _raw_input() |
28+
| file:///usr/lib/python3.8/getpass.py:77:30:77:68 | ControlFlowNode for _raw_input() | semmle.label | ControlFlowNode for _raw_input() |
29+
| file:///usr/lib/python3.8/getpass.py:91:26:91:57 | ControlFlowNode for fallback_getpass() | semmle.label | ControlFlowNode for fallback_getpass() |
30+
| file:///usr/lib/python3.8/getpass.py:91:26:91:57 | ControlFlowNode for fallback_getpass() | semmle.label | ControlFlowNode for fallback_getpass() |
31+
| file:///usr/lib/python3.8/getpass.py:91:26:91:57 | ControlFlowNode for fallback_getpass() | semmle.label | ControlFlowNode for fallback_getpass() |
32+
| file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd | semmle.label | ControlFlowNode for passwd |
33+
| file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd | semmle.label | ControlFlowNode for passwd |
34+
| file:///usr/lib/python3.8/getpass.py:94:16:94:21 | ControlFlowNode for passwd | semmle.label | ControlFlowNode for passwd |
1035
| test.py:19:16:19:29 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() |
1136
| test.py:20:48:20:55 | ControlFlowNode for password | semmle.label | ControlFlowNode for password |
1237
| test.py:22:58:22:65 | ControlFlowNode for password | semmle.label | ControlFlowNode for password |
@@ -17,6 +42,8 @@ nodes
1742
| test.py:37:11:37:24 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() |
1843
| test.py:39:22:39:35 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() |
1944
| test.py:40:22:40:35 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() |
45+
| test.py:44:9:44:25 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
46+
| test.py:45:11:45:11 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
2047
| test.py:70:14:73:5 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
2148
| test.py:72:21:72:37 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
2249
| test.py:74:11:74:31 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
@@ -31,4 +58,12 @@ subpaths
3158
| test.py:37:11:37:24 | ControlFlowNode for get_password() | test.py:37:11:37:24 | ControlFlowNode for get_password() | test.py:37:11:37:24 | ControlFlowNode for get_password() | This expression logs $@ as clear text. | test.py:37:11:37:24 | ControlFlowNode for get_password() | sensitive data (password) |
3259
| test.py:39:22:39:35 | ControlFlowNode for get_password() | test.py:39:22:39:35 | ControlFlowNode for get_password() | test.py:39:22:39:35 | ControlFlowNode for get_password() | This expression logs $@ as clear text. | test.py:39:22:39:35 | ControlFlowNode for get_password() | sensitive data (password) |
3360
| test.py:40:22:40:35 | ControlFlowNode for get_password() | test.py:40:22:40:35 | ControlFlowNode for get_password() | test.py:40:22:40:35 | ControlFlowNode for get_password() | This expression logs $@ as clear text. | test.py:40:22:40:35 | ControlFlowNode for get_password() | sensitive data (password) |
61+
| test.py:45:11:45:11 | ControlFlowNode for x | file:///usr/lib/python3.8/getpass.py:44:14:44:17 | ControlFlowNode for None | test.py:45:11:45:11 | ControlFlowNode for x | This expression logs $@ as clear text. | file:///usr/lib/python3.8/getpass.py:44:14:44:17 | ControlFlowNode for None | sensitive data (password) |
62+
| test.py:45:11:45:11 | ControlFlowNode for x | file:///usr/lib/python3.8/getpass.py:62:26:62:57 | ControlFlowNode for fallback_getpass() | test.py:45:11:45:11 | ControlFlowNode for x | This expression logs $@ as clear text. | file:///usr/lib/python3.8/getpass.py:62:26:62:57 | ControlFlowNode for fallback_getpass() | sensitive data (password) |
63+
| test.py:45:11:45:11 | ControlFlowNode for x | file:///usr/lib/python3.8/getpass.py:77:30:77:68 | ControlFlowNode for _raw_input() | test.py:45:11:45:11 | ControlFlowNode for x | This expression logs $@ as clear text. | file:///usr/lib/python3.8/getpass.py:77:30:77:68 | ControlFlowNode for _raw_input() | sensitive data (password) |
64+
| test.py:45:11:45:11 | ControlFlowNode for x | file:///usr/lib/python3.8/getpass.py:77:30:77:68 | ControlFlowNode for _raw_input() | test.py:45:11:45:11 | ControlFlowNode for x | This expression logs $@ as clear text. | file:///usr/lib/python3.8/getpass.py:77:30:77:68 | ControlFlowNode for _raw_input() | sensitive data (password) |
65+
| test.py:45:11:45:11 | ControlFlowNode for x | file:///usr/lib/python3.8/getpass.py:77:30:77:68 | ControlFlowNode for _raw_input() | test.py:45:11:45:11 | ControlFlowNode for x | This expression logs $@ as clear text. | file:///usr/lib/python3.8/getpass.py:77:30:77:68 | ControlFlowNode for _raw_input() | sensitive data (password) |
66+
| test.py:45:11:45:11 | ControlFlowNode for x | file:///usr/lib/python3.8/getpass.py:91:26:91:57 | ControlFlowNode for fallback_getpass() | test.py:45:11:45:11 | ControlFlowNode for x | This expression logs $@ as clear text. | file:///usr/lib/python3.8/getpass.py:91:26:91:57 | ControlFlowNode for fallback_getpass() | sensitive data (password) |
67+
| test.py:45:11:45:11 | ControlFlowNode for x | file:///usr/lib/python3.8/getpass.py:91:26:91:57 | ControlFlowNode for fallback_getpass() | test.py:45:11:45:11 | ControlFlowNode for x | This expression logs $@ as clear text. | file:///usr/lib/python3.8/getpass.py:91:26:91:57 | ControlFlowNode for fallback_getpass() | sensitive data (password) |
68+
| test.py:45:11:45:11 | ControlFlowNode for x | file:///usr/lib/python3.8/getpass.py:91:26:91:57 | ControlFlowNode for fallback_getpass() | test.py:45:11:45:11 | ControlFlowNode for x | This expression logs $@ as clear text. | file:///usr/lib/python3.8/getpass.py:91:26:91:57 | ControlFlowNode for fallback_getpass() | sensitive data (password) |
3469
| test.py:74:11:74:31 | ControlFlowNode for Subscript | test.py:72:21:72:37 | ControlFlowNode for Attribute | test.py:74:11:74:31 | ControlFlowNode for Subscript | This expression logs $@ as clear text. | test.py:72:21:72:37 | ControlFlowNode for Attribute | sensitive data (password) |

python/ql/test/query-tests/Security/CWE-312-CleartextLogging/test.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -39,10 +39,10 @@ def print_password():
3939
sys.stdout.write(get_password()) # NOT OK
4040
sys.stderr.write(get_password()) # NOT OK
4141

42-
# import getpass
42+
import getpass
4343

44-
# x = getpass.getpass()
45-
# print(x) # NOT OK
44+
x = getpass.getpass()
45+
print(x) # NOT OK
4646

4747

4848
def FPs(account, account_id):

0 commit comments

Comments
 (0)