Skip to content

Commit a20ac73

Browse files
committed
Python: patch-generated stubs
1 parent aeba0f5 commit a20ac73

File tree

4 files changed

+30
-6
lines changed

4 files changed

+30
-6
lines changed

python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,17 @@ private module LdapInjectionDnConfig implements DataFlow::ConfigSig {
2020

2121
predicate isBarrier(DataFlow::Node node) { node instanceof DnSanitizer }
2222

23-
predicate observeDiffInformedIncrementalMode() { any() }
23+
predicate observeDiffInformedIncrementalMode() {
24+
any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 21 (/Users/d10c/src/semmle-code/ql/python/ql/src/Security/CWE-090/LdapInjection.ql@26:8:26:21), Column 5 does not select a source or sink originating from the flow call on line 21 (/Users/d10c/src/semmle-code/ql/python/ql/src/Security/CWE-090/LdapInjection.ql@27:68:27:83)
25+
}
26+
27+
Location getASelectedSourceLocation(DataFlow::Node source) {
28+
none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 21 (/Users/d10c/src/semmle-code/ql/python/ql/src/Security/CWE-090/LdapInjection.ql@26:8:26:21), Column 5 does not select a source or sink originating from the flow call on line 21 (/Users/d10c/src/semmle-code/ql/python/ql/src/Security/CWE-090/LdapInjection.ql@27:68:27:83)
29+
}
30+
31+
Location getASelectedSinkLocation(DataFlow::Node sink) {
32+
none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 21 (/Users/d10c/src/semmle-code/ql/python/ql/src/Security/CWE-090/LdapInjection.ql@26:8:26:21), Column 5 does not select a source or sink originating from the flow call on line 21 (/Users/d10c/src/semmle-code/ql/python/ql/src/Security/CWE-090/LdapInjection.ql@27:68:27:83)
33+
}
2434
}
2535

2636
/** Global taint-tracking for detecting "LDAP injection via the distinguished name (DN) parameter" vulnerabilities. */
@@ -33,7 +43,17 @@ private module LdapInjectionFilterConfig implements DataFlow::ConfigSig {
3343

3444
predicate isBarrier(DataFlow::Node node) { node instanceof FilterSanitizer }
3545

36-
predicate observeDiffInformedIncrementalMode() { any() }
46+
predicate observeDiffInformedIncrementalMode() {
47+
any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 24 (/Users/d10c/src/semmle-code/ql/python/ql/src/Security/CWE-090/LdapInjection.ql@26:8:26:21), Column 5 does not select a source or sink originating from the flow call on line 24 (/Users/d10c/src/semmle-code/ql/python/ql/src/Security/CWE-090/LdapInjection.ql@27:68:27:83)
48+
}
49+
50+
Location getASelectedSourceLocation(DataFlow::Node source) {
51+
none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 24 (/Users/d10c/src/semmle-code/ql/python/ql/src/Security/CWE-090/LdapInjection.ql@26:8:26:21), Column 5 does not select a source or sink originating from the flow call on line 24 (/Users/d10c/src/semmle-code/ql/python/ql/src/Security/CWE-090/LdapInjection.ql@27:68:27:83)
52+
}
53+
54+
Location getASelectedSinkLocation(DataFlow::Node sink) {
55+
none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 24 (/Users/d10c/src/semmle-code/ql/python/ql/src/Security/CWE-090/LdapInjection.ql@26:8:26:21), Column 5 does not select a source or sink originating from the flow call on line 24 (/Users/d10c/src/semmle-code/ql/python/ql/src/Security/CWE-090/LdapInjection.ql@27:68:27:83)
56+
}
3757
}
3858

3959
/** Global taint-tracking for detecting "LDAP injection via the filter parameter" vulnerabilities. */

python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,6 @@ module NormalHashFunction {
3333
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
3434
sensitiveDataExtraStepForCalls(node1, node2)
3535
}
36-
37-
predicate observeDiffInformedIncrementalMode() { any() }
3836
}
3937

4038
/** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on sensitive data" vulnerabilities. */
@@ -65,8 +63,6 @@ module ComputationallyExpensiveHashFunction {
6563
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
6664
sensitiveDataExtraStepForCalls(node1, node2)
6765
}
68-
69-
predicate observeDiffInformedIncrementalMode() { any() }
7066
}
7167

7268
/** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on passwords" vulnerabilities. */

python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,10 @@ private module PossibleTimingAttackAgainstHashConfig implements DataFlow::Config
2626
predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
2727

2828
predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
29+
30+
predicate observeDiffInformedIncrementalMode() {
31+
any() // TODO: Make sure that the location overrides match the query's select clause: Column 5 selects source.getResultType (/Users/d10c/src/semmle-code/ql/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql@41:3:41:54)
32+
}
2933
}
3034

3135
module PossibleTimingAttackAgainstHashFlow =

python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,10 @@ private module TimingAttackAgainstHashConfig implements DataFlow::ConfigSig {
2525
predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
2626

2727
predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
28+
29+
predicate observeDiffInformedIncrementalMode() {
30+
any() // TODO: Make sure that the location overrides match the query's select clause: Column 5 selects source.getResultType (/Users/d10c/src/semmle-code/ql/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql@39:3:39:54)
31+
}
2832
}
2933

3034
module TimingAttackAgainstHashFlow = TaintTracking::Global<TimingAttackAgainstHashConfig>;

0 commit comments

Comments
 (0)