Skip to content

Commit 9ae3ea8

Browse files
RasmusWLRasmusWL
committed
Python: Remove spurious results in stdlib
1 parent d8fd457 commit 9ae3ea8

File tree

2 files changed

+4
-34
lines changed

2 files changed

+4
-34
lines changed

python/ql/src/experimental/semmle/python/security/DecompressionBomb.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -379,6 +379,10 @@ module BombsConfig implements DataFlow::ConfigSig {
379379

380380
predicate isSink(DataFlow::Node sink) { sink instanceof DecompressionBomb::Sink }
381381

382+
predicate isBarrierIn(DataFlow::Node node) {
383+
node.getScope().getEnclosingModule().getName() in ["tarfile", "zipfile"]
384+
}
385+
382386
predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
383387
(
384388
any(DecompressionBomb::AdditionalTaintStep a).isAdditionalTaintStep(pred, succ) or

python/ql/test/experimental/query-tests/Security/CWE-409/DecompressionBombs.expected

Lines changed: 0 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -1,41 +1,24 @@
11
edges
2-
| file:///usr/lib/python3.8/tarfile.py:1654:21:1654:24 | ControlFlowNode for name | file:///usr/lib/python3.8/tarfile.py:1667:32:1667:35 | ControlFlowNode for name | provenance | |
3-
| file:///usr/lib/python3.8/tarfile.py:1715:21:1715:24 | ControlFlowNode for name | file:///usr/lib/python3.8/tarfile.py:1727:28:1727:42 | ControlFlowNode for BoolExpr | provenance | |
4-
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | provenance | |
5-
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | provenance | |
6-
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | test.py:23:5:23:52 | ControlFlowNode for Attribute() | provenance | |
7-
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | test.py:27:5:27:60 | ControlFlowNode for Attribute() | provenance | |
82
| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:10:21:10:29 | ControlFlowNode for file_path | provenance | |
9-
| test.py:10:21:10:29 | ControlFlowNode for file_path | file:///usr/lib/python3.8/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | provenance | |
103
| test.py:10:21:10:29 | ControlFlowNode for file_path | test.py:10:5:10:52 | ControlFlowNode for Attribute() | provenance | |
114
| test.py:10:21:10:29 | ControlFlowNode for file_path | test.py:11:21:11:29 | ControlFlowNode for file_path | provenance | |
12-
| test.py:11:21:11:29 | ControlFlowNode for file_path | file:///usr/lib/python3.8/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | provenance | |
135
| test.py:11:21:11:29 | ControlFlowNode for file_path | test.py:11:5:11:48 | ControlFlowNode for Attribute() | provenance | |
146
| test.py:11:21:11:29 | ControlFlowNode for file_path | test.py:13:26:13:34 | ControlFlowNode for file_path | provenance | |
157
| test.py:13:26:13:34 | ControlFlowNode for file_path | test.py:14:14:14:29 | ControlFlowNode for Attribute() | provenance | |
168
| test.py:13:26:13:34 | ControlFlowNode for file_path | test.py:17:26:17:34 | ControlFlowNode for file_path | provenance | |
179
| test.py:17:26:17:34 | ControlFlowNode for file_path | test.py:18:14:18:39 | ControlFlowNode for Attribute() | provenance | |
1810
| test.py:17:26:17:34 | ControlFlowNode for file_path | test.py:21:21:21:29 | ControlFlowNode for file_path | provenance | |
19-
| test.py:21:21:21:29 | ControlFlowNode for file_path | file:///usr/lib/python3.8/zipfile.py:1475:14:1475:38 | ControlFlowNode for Attribute() | provenance | |
2011
| test.py:21:21:21:29 | ControlFlowNode for file_path | test.py:21:5:21:60 | ControlFlowNode for Attribute() | provenance | |
2112
| test.py:21:21:21:29 | ControlFlowNode for file_path | test.py:23:18:23:26 | ControlFlowNode for file_path | provenance | |
22-
| test.py:23:18:23:26 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | provenance | |
23-
| test.py:23:18:23:26 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | provenance | |
2413
| test.py:23:18:23:26 | ControlFlowNode for file_path | test.py:23:5:23:52 | ControlFlowNode for Attribute() | provenance | |
2514
| test.py:23:18:23:26 | ControlFlowNode for file_path | test.py:24:26:24:34 | ControlFlowNode for file_path | provenance | |
2615
| test.py:24:26:24:34 | ControlFlowNode for file_path | test.py:24:5:24:55 | ControlFlowNode for Attribute() | provenance | |
2716
| test.py:24:26:24:34 | ControlFlowNode for file_path | test.py:25:28:25:36 | ControlFlowNode for file_path | provenance | |
28-
| test.py:25:28:25:36 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:1715:21:1715:24 | ControlFlowNode for name | provenance | |
2917
| test.py:25:28:25:36 | ControlFlowNode for file_path | test.py:25:5:25:57 | ControlFlowNode for Attribute() | provenance | |
3018
| test.py:25:28:25:36 | ControlFlowNode for file_path | test.py:26:28:26:36 | ControlFlowNode for file_path | provenance | |
31-
| test.py:26:28:26:36 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:1654:21:1654:24 | ControlFlowNode for name | provenance | |
32-
| test.py:26:28:26:36 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2028:13:2029:53 | ControlFlowNode for Attribute() | provenance | |
3319
| test.py:26:28:26:36 | ControlFlowNode for file_path | test.py:26:5:26:50 | ControlFlowNode for Attribute() | provenance | |
3420
| test.py:26:28:26:36 | ControlFlowNode for file_path | test.py:27:26:27:34 | ControlFlowNode for file_path | provenance | |
35-
| test.py:27:26:27:34 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | provenance | |
36-
| test.py:27:26:27:34 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | provenance | |
3721
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:27:5:27:60 | ControlFlowNode for Attribute() | provenance | |
38-
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:30:28:30:36 | ControlFlowNode for file_path | provenance | |
3922
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:34:27:34:35 | ControlFlowNode for file_path | provenance | |
4023
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:38:15:38:23 | ControlFlowNode for file_path | provenance | |
4124
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:39:19:39:27 | ControlFlowNode for file_path | provenance | |
@@ -52,17 +35,7 @@ edges
5235
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:62:42:62:50 | ControlFlowNode for file_path | provenance | |
5336
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:64:23:64:31 | ControlFlowNode for file_path | provenance | |
5437
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:65:36:65:44 | ControlFlowNode for file_path | provenance | |
55-
| test.py:30:28:30:36 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:1654:21:1654:24 | ControlFlowNode for name | provenance | |
5638
nodes
57-
| file:///usr/lib/python3.8/tarfile.py:1654:21:1654:24 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
58-
| file:///usr/lib/python3.8/tarfile.py:1667:32:1667:35 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
59-
| file:///usr/lib/python3.8/tarfile.py:1715:21:1715:24 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
60-
| file:///usr/lib/python3.8/tarfile.py:1727:28:1727:42 | ControlFlowNode for BoolExpr | semmle.label | ControlFlowNode for BoolExpr |
61-
| file:///usr/lib/python3.8/tarfile.py:2028:13:2029:53 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
62-
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
63-
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
64-
| file:///usr/lib/python3.8/zipfile.py:1475:14:1475:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
65-
| file:///usr/lib/python3.8/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
6639
| test.py:9:16:9:24 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
6740
| test.py:10:5:10:52 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
6841
| test.py:10:21:10:29 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
@@ -84,7 +57,6 @@ nodes
8457
| test.py:26:28:26:36 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
8558
| test.py:27:5:27:60 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
8659
| test.py:27:26:27:34 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
87-
| test.py:30:28:30:36 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
8860
| test.py:34:27:34:35 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
8961
| test.py:38:15:38:23 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
9062
| test.py:39:19:39:27 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
@@ -103,12 +75,6 @@ nodes
10375
| test.py:65:36:65:44 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
10476
subpaths
10577
#select
106-
| file:///usr/lib/python3.8/tarfile.py:1667:32:1667:35 | ControlFlowNode for name | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:1667:32:1667:35 | ControlFlowNode for name | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
107-
| file:///usr/lib/python3.8/tarfile.py:1727:28:1727:42 | ControlFlowNode for BoolExpr | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:1727:28:1727:42 | ControlFlowNode for BoolExpr | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
108-
| file:///usr/lib/python3.8/tarfile.py:2028:13:2029:53 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2028:13:2029:53 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
109-
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
110-
| file:///usr/lib/python3.8/zipfile.py:1475:14:1475:38 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.8/zipfile.py:1475:14:1475:38 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
111-
| file:///usr/lib/python3.8/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.8/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
11278
| test.py:10:5:10:52 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:10:5:10:52 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
11379
| test.py:11:5:11:48 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:11:5:11:48 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
11480
| test.py:14:14:14:29 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:14:14:14:29 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |

0 commit comments

Comments
 (0)