Python: Autoformat

Author: RasmusWL

python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll

@@ -13,23 +13,21 @@ private import semmle.python.Concepts
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.BarrierGuards
 private import semmle.python.dataflow.new.SensitiveDataSources
+import CleartextLoggingCustomizations::CleartextLogging
 
+/**
+ * A taint-tracking configuration for detecting "Clear-text logging of sensitive information".
+ */
+class Configuration extends TaintTracking::Configuration {
+  Configuration() { this = "CleartextLogging" }
 
-  import CleartextLoggingCustomizations::CleartextLogging
-
-  /**
-   * A taint-tracking configuration for detecting "Clear-text logging of sensitive information".
-   */
-  class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "CleartextLogging" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
+  override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node)
-      or
-      node instanceof Sanitizer
-    }
+  override predicate isSanitizer(DataFlow::Node node) {
+    super.isSanitizer(node)
+    or
+    node instanceof Sanitizer
   }
+}

python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll

@@ -13,22 +13,21 @@ private import semmle.python.Concepts
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.BarrierGuards
 private import semmle.python.dataflow.new.SensitiveDataSources
+import CleartextStorageCustomizations::CleartextStorage
 
-  import CleartextStorageCustomizations::CleartextStorage
-
-  /**
-   * A taint-tracking configuration for detecting "Clear-text storage of sensitive information".
-   */
-  class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "CleartextStorage" }
+/**
+ * A taint-tracking configuration for detecting "Clear-text storage of sensitive information".
+ */
+class Configuration extends TaintTracking::Configuration {
+  Configuration() { this = "CleartextStorage" }
 
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
+  override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node)
-      or
-      node instanceof Sanitizer
-    }
+  override predicate isSanitizer(DataFlow::Node node) {
+    super.isSanitizer(node)
+    or
+    node instanceof Sanitizer
   }
+}

python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll

@@ -9,22 +9,21 @@
 private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
+import CodeInjectionCustomizations::CodeInjection
 
-  import CodeInjectionCustomizations::CodeInjection
-
-  /**
-   * A taint-tracking configuration for detecting "code injection" vulnerabilities.
-   */
-  class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "CodeInjection" }
+/**
+ * A taint-tracking configuration for detecting "code injection" vulnerabilities.
+ */
+class Configuration extends TaintTracking::Configuration {
+  Configuration() { this = "CodeInjection" }
 
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
+  override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
-    override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
 
-    override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-      guard instanceof SanitizerGuard
-    }
+  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
+    guard instanceof SanitizerGuard
   }
+}

python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll

@@ -9,22 +9,21 @@
 private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
+import CommandInjectionCustomizations::CommandInjection
 
-  import CommandInjectionCustomizations::CommandInjection
-
-  /**
-   * A taint-tracking configuration for detecting "command injection" vulnerabilities.
-   */
-  class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "CommandInjection" }
+/**
+ * A taint-tracking configuration for detecting "command injection" vulnerabilities.
+ */
+class Configuration extends TaintTracking::Configuration {
+  Configuration() { this = "CommandInjection" }
 
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
+  override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
-    override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
 
-    override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-      guard instanceof SanitizerGuard
-    }
+  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
+    guard instanceof SanitizerGuard
   }
+}

python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll

@@ -11,41 +11,40 @@ import semmle.python.Concepts
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import semmle.python.dataflow.new.RemoteFlowSources
+import LdapInjectionCustomizations::LdapInjection
 
-  import LdapInjectionCustomizations::LdapInjection
-
-  /**
-   * A taint-tracking configuration for detecting LDAP injection vulnerabilities
-   * via the distinguished name (DN) parameter of an LDAP search.
-   */
-  class DnConfiguration extends TaintTracking::Configuration {
-    DnConfiguration() { this = "LdapDnInjection" }
+/**
+ * A taint-tracking configuration for detecting LDAP injection vulnerabilities
+ * via the distinguished name (DN) parameter of an LDAP search.
+ */
+class DnConfiguration extends TaintTracking::Configuration {
+  DnConfiguration() { this = "LdapDnInjection" }
 
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
+  override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
-    override predicate isSink(DataFlow::Node sink) { sink instanceof DnSink }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof DnSink }
 
-    override predicate isSanitizer(DataFlow::Node node) { node instanceof DnSanitizer }
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof DnSanitizer }
 
-    override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-      guard instanceof DnSanitizerGuard
-    }
+  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
+    guard instanceof DnSanitizerGuard
   }
+}
 
-  /**
-   * A taint-tracking configuration for detecting LDAP injection vulnerabilities
-   * via the filter parameter of an LDAP search.
-   */
-  class FilterConfiguration extends TaintTracking::Configuration {
-    FilterConfiguration() { this = "LdapFilterInjection" }
+/**
+ * A taint-tracking configuration for detecting LDAP injection vulnerabilities
+ * via the filter parameter of an LDAP search.
+ */
+class FilterConfiguration extends TaintTracking::Configuration {
+  FilterConfiguration() { this = "LdapFilterInjection" }
 
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
+  override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
-    override predicate isSink(DataFlow::Node sink) { sink instanceof FilterSink }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof FilterSink }
 
-    override predicate isSanitizer(DataFlow::Node node) { node instanceof FilterSanitizer }
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof FilterSanitizer }
 
-    override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-      guard instanceof FilterSanitizerGuard
-    }
+  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
+    guard instanceof FilterSanitizerGuard
   }
+}

python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll

@@ -9,22 +9,21 @@
 import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
+import LogInjectionCustomizations::LogInjection
 
-  import LogInjectionCustomizations::LogInjection
-
-  /**
-   * A taint-tracking configuration for tracking untrusted user input used in log entries.
-   */
-  class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "LogInjection" }
+/**
+ * A taint-tracking configuration for tracking untrusted user input used in log entries.
+ */
+class Configuration extends TaintTracking::Configuration {
+  Configuration() { this = "LogInjection" }
 
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
+  override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
-    override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
 
-    override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-      guard instanceof SanitizerGuard
-    }
+  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
+    guard instanceof SanitizerGuard
   }
+}

python/ql/lib/semmle/python/security/dataflow/PathInjection.qll

@@ -18,7 +18,6 @@ module PathInjection {
   import PathInjectionQuery // ignore-query-import
 }
 
-
 // ---------------------------------------------------------------------------
 // Old, deprecated code
 // ---------------------------------------------------------------------------

python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll

@@ -10,68 +10,67 @@ private import python
 private import semmle.python.Concepts
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
+import PathInjectionCustomizations::PathInjection
 
-  import PathInjectionCustomizations::PathInjection
-
-  /**
-   * A taint-tracking configuration for detecting "path injection" vulnerabilities.
-   *
-   * This configuration uses two flow states, `NotNormalized` and `NormalizedUnchecked`,
-   * to track the requirement that a file path must be first normalized and then checked
-   * before it is safe to use.
-   *
-   * At sources, paths are assumed not normalized. At normalization points, they change
-   * state to `NormalizedUnchecked` after which they can be made safe by an appropriate
-   * check of the prefix.
-   *
-   * Such checks are ineffective in the `NotNormalized` state.
-   */
-  class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "PathInjection" }
-
-    override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) {
-      source instanceof Source and state instanceof NotNormalized
-    }
-
-    override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
-      sink instanceof Sink and
-      (
-        state instanceof NotNormalized or
-        state instanceof NormalizedUnchecked
-      )
-    }
+/**
+ * A taint-tracking configuration for detecting "path injection" vulnerabilities.
+ *
+ * This configuration uses two flow states, `NotNormalized` and `NormalizedUnchecked`,
+ * to track the requirement that a file path must be first normalized and then checked
+ * before it is safe to use.
+ *
+ * At sources, paths are assumed not normalized. At normalization points, they change
+ * state to `NormalizedUnchecked` after which they can be made safe by an appropriate
+ * check of the prefix.
+ *
+ * Such checks are ineffective in the `NotNormalized` state.
+ */
+class Configuration extends TaintTracking::Configuration {
+  Configuration() { this = "PathInjection" }
 
-    override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
+  override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) {
+    source instanceof Source and state instanceof NotNormalized
+  }
 
-    override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) {
-      // Block `NotNormalized` paths here, since they change state to `NormalizedUnchecked`
-      node instanceof Path::PathNormalization and
-      state instanceof NotNormalized
-      or
-      node = any(Path::SafeAccessCheck c).getAGuardedNode() and
+  override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
+    sink instanceof Sink and
+    (
+      state instanceof NotNormalized or
       state instanceof NormalizedUnchecked
-    }
+    )
+  }
 
-    override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-      guard instanceof SanitizerGuard
-    }
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
 
-    override predicate isAdditionalTaintStep(
-      DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo,
-      DataFlow::FlowState stateTo
-    ) {
-      nodeFrom = nodeTo.(Path::PathNormalization).getPathArg() and
-      stateFrom instanceof NotNormalized and
-      stateTo instanceof NormalizedUnchecked
-    }
+  override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) {
+    // Block `NotNormalized` paths here, since they change state to `NormalizedUnchecked`
+    node instanceof Path::PathNormalization and
+    state instanceof NotNormalized
+    or
+    node = any(Path::SafeAccessCheck c).getAGuardedNode() and
+    state instanceof NormalizedUnchecked
   }
 
-  /** A state signifying that the file path has not been normalized. */
-  class NotNormalized extends DataFlow::FlowState {
-    NotNormalized() { this = "NotNormalized" }
+  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
+    guard instanceof SanitizerGuard
   }
 
-  /** A state signifying that the file path has been normalized, but not checked. */
-  class NormalizedUnchecked extends DataFlow::FlowState {
-    NormalizedUnchecked() { this = "NormalizedUnchecked" }
+  override predicate isAdditionalTaintStep(
+    DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo,
+    DataFlow::FlowState stateTo
+  ) {
+    nodeFrom = nodeTo.(Path::PathNormalization).getPathArg() and
+    stateFrom instanceof NotNormalized and
+    stateTo instanceof NormalizedUnchecked
   }
+}
+
+/** A state signifying that the file path has not been normalized. */
+class NotNormalized extends DataFlow::FlowState {
+  NotNormalized() { this = "NotNormalized" }
+}
+
+/** A state signifying that the file path has been normalized, but not checked. */
+class NormalizedUnchecked extends DataFlow::FlowState {
+  NormalizedUnchecked() { this = "NormalizedUnchecked" }
+}