-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathTestSensitiveDataSources.ql
More file actions
49 lines (42 loc) · 1.7 KB
/
TestSensitiveDataSources.ql
File metadata and controls
49 lines (42 loc) · 1.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
// /**
// * @kind path-problem
// */
import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
import TestUtilities.InlineExpectationsTest
import semmle.python.dataflow.new.SensitiveDataSources
private import semmle.python.ApiGraphs
module SensitiveDataSourcesTest implements TestSig {
string getARelevantTag() { result in ["SensitiveDataSource", "SensitiveUse"] }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(location.getFile().getRelativePath()) and
exists(SensitiveDataSource source |
location = source.getLocation() and
element = source.toString() and
value = source.getClassification() and
tag = "SensitiveDataSource"
or
exists(DataFlow::Node use |
SensitiveUseFlow::flow(source, use) and
location = use.getLocation() and
element = use.toString() and
value = source.getClassification() and
tag = "SensitiveUse"
)
)
}
}
import MakeTest<SensitiveDataSourcesTest>
module SensitiveUseConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node instanceof SensitiveDataSource }
predicate isSink(DataFlow::Node node) { node = API::builtin("print").getACall().getArg(_) }
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
sensitiveDataExtraStepForCalls(node1, node2)
}
}
module SensitiveUseFlow = TaintTracking::Global<SensitiveUseConfig>;
// import DataFlow::PathGraph
// from SensitiveUseConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
// where cfg.hasFlowPath(source, sink)
// select sink, source, sink, "taint from $@", source.getNode(), "here"