Merge pull request #3008 from RasmusWL/python-modernise-security-files

BekaValentine · web-flow · commit f80e206d33c7 · 2020-03-11T08:56:19.000-07:00
Python: modernise remaining security files
diff --git a/python/ql/src/semmle/python/objects/ObjectAPI.qll b/python/ql/src/semmle/python/objects/ObjectAPI.qll
@@ -574,7 +574,8 @@ class ClassValue extends Value {
     /** Whether this class is a legal exception class.
      *  What constitutes a legal exception class differs between major versions */
     predicate isLegalExceptionType() {
-        not this.isNewStyle() or
+        not this.isNewStyle()
+        or
         this.getASuperType() = ClassValue::baseException()
         or
         major_version() = 2 and this = ClassValue::tuple()
diff --git a/python/ql/src/semmle/python/security/ClearText.qll b/python/ql/src/semmle/python/security/ClearText.qll
@@ -43,7 +43,7 @@ module ClearTextLogging {
         PrintSink() {
             exists(CallNode call |
                 call.getAnArg() = this and
-                thePrintFunction().(FunctionObject).getACall() = call
+                call = Value::named("print").getACall()
             )
         }
     }
diff --git a/python/ql/src/semmle/python/security/Crypto.qll b/python/ql/src/semmle/python/security/Crypto.qll
@@ -12,13 +12,11 @@ abstract class WeakCryptoSink extends TaintSink {
     }
 }
 
+/** Modeling the 'pycrypto' package https://github.com/dlitz/pycrypto (latest release 2013) */
 module Pycrypto {
 
-    ModuleObject cipher(string name) {
-        exists(PackageObject crypto |
-            crypto.getName() = "Crypto.Cipher" |
-            crypto.submodule(name) = result
-        )
+    ModuleValue cipher(string name) {
+        result = Module::named("Crypto.Cipher").attr(name)
     }
 
     class CipherInstance extends TaintKind {
@@ -51,15 +49,15 @@ module Pycrypto {
         CipherInstanceSource() {
             exists(AttrNode attr |
                 this.(CallNode).getFunction() = attr and
-                attr.getObject("new").refersTo(cipher(instance.getName()))
+                attr.getObject("new").pointsTo(cipher(instance.getName()))
             )
         }
 
         override string toString() {
             result = "Source of " + instance
         }
 
-        override predicate isSourceOf(TaintKind kind) { 
+        override predicate isSourceOf(TaintKind kind) {
             kind = instance
         }
 
@@ -70,12 +68,12 @@ module Pycrypto {
         string name;
 
         PycryptoWeakCryptoSink() {
-            exists(CallNode call, AttrNode method, CipherInstance Cipher |
+            exists(CallNode call, AttrNode method, CipherInstance cipher |
                 call.getAnArg() = this and
                 call.getFunction() = method and
-                Cipher.taints(method.getObject("encrypt")) and
-                Cipher.isWeak() and
-                Cipher.getName() = name
+                cipher.taints(method.getObject("encrypt")) and
+                cipher.isWeak() and
+                cipher.getName() = name
             )
         }
 
@@ -89,25 +87,25 @@ module Pycrypto {
 
 module Cryptography {
 
-    PackageObject ciphers() {
-        result.getName() = "cryptography.hazmat.primitives.ciphers"
+    ModuleValue ciphers() {
+        result = Module::named("cryptography.hazmat.primitives.ciphers") and
+        result.isPackage()
     }
 
-    class CipherClass extends ClassObject {
+    class CipherClass extends ClassValue {
         CipherClass() {
             ciphers().attr("Cipher") = this
         }
-
     }
 
-    class AlgorithmClass extends ClassObject {
+    class AlgorithmClass extends ClassValue {
 
         AlgorithmClass()  {
-            ciphers().submodule("algorithms").attr(_) = this
+            ciphers().attr("algorithms").attr(_) = this
         }
 
         string getAlgorithmName() {
-            result = this.declaredAttribute("name").(StringObject).getText()
+            result = this.declaredAttribute("name").(StringValue).getText()
         }
 
         predicate isWeak() {
@@ -134,7 +132,7 @@ module Cryptography {
             cls.isWeak()
         }
 
-        override TaintKind getTaintOfMethodResult(string name) { 
+        override TaintKind getTaintOfMethodResult(string name) {
             name = "encryptor" and
             result.(Encryptor).getAlgorithm() = this.getAlgorithm()
         }
@@ -144,11 +142,11 @@ module Cryptography {
     class CipherSource extends TaintSource {
 
         CipherSource() {
-            this.(CallNode).getFunction().refersTo(any(CipherClass cls))
+            this.(CallNode).getFunction().pointsTo(any(CipherClass cls))
         }
 
         override predicate isSourceOf(TaintKind kind) {
-            this.(CallNode).getArg(0).refersTo(_, kind.(CipherInstance).getAlgorithm(), _)
+            this.(CallNode).getArg(0).pointsTo().getClass() = kind.(CipherInstance).getAlgorithm()
         }
 
         override string toString() {
@@ -203,5 +201,3 @@ private class CipherConfig extends TaintTracking::Configuration {
     }
 
 }
-
-
diff --git a/python/ql/src/semmle/python/security/Exceptions.qll b/python/ql/src/semmle/python/security/Exceptions.qll
@@ -27,7 +27,7 @@ class ExceptionInfo extends StringKind {
 
 }
 
-/** A class representing sources of information about 
+/** A class representing sources of information about
  * execution state exposed in tracebacks and the like.
  */
 abstract class ErrorInfoSource extends TaintSource {}
@@ -59,9 +59,9 @@ class ExceptionKind extends TaintKind {
 class ExceptionSource extends ErrorInfoSource {
 
     ExceptionSource() {
-        exists(ClassObject cls |
-            cls.isSubclassOf(theExceptionType()) and
-            this.(ControlFlowNode).refersTo(_, cls, _)
+        exists(ClassValue cls |
+            cls.getASuperType() = ClassValue::baseException() and
+            this.(ControlFlowNode).pointsTo().getClass() = cls
         )
         or
         this = any(ExceptStmt s).getName().getAFlowNode()
@@ -116,7 +116,7 @@ class CallToTracebackFunction extends ErrorInfoSource {
     }
 }
 
-/** 
+/**
  * Represents calls to functions in the `traceback` module that return a single
  * string of information about an exception.
  */
diff --git a/python/ql/src/semmle/python/security/SensitiveData.qll b/python/ql/src/semmle/python/security/SensitiveData.qll
@@ -166,9 +166,9 @@ module SensitiveData {
 
         SensitiveRequestParameter() {
             this.(CallNode).getFunction().(AttrNode).getName() = "get" and
-            exists(string sensitive |
-                this.(CallNode).getAnArg().refersTo(any(StringObject s | s.getText() = sensitive)) and
-                data = HeuristicNames::getSensitiveDataForName(sensitive)
+            exists(StringValue sensitive |
+                this.(CallNode).getAnArg().pointsTo(sensitive) and
+                data = HeuristicNames::getSensitiveDataForName(sensitive.getText())
             )
         }
 

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ module ClearTextLogging {`
`43`	`43`	`PrintSink() {`
`44`	`44`	`exists(CallNode call \|`
`45`	`45`	`call.getAnArg() = this and`
`46`		`- thePrintFunction().(FunctionObject).getACall() = call`
	`46`	`+ call = Value::named("print").getACall()`
`47`	`47`	`)`
`48`	`48`	`}`
`49`	`49`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,13 +12,11 @@ abstract class WeakCryptoSink extends TaintSink {`
`12`	`12`	`}`
`13`	`13`	`}`
`14`	`14`
	`15`	`+/** Modeling the 'pycrypto' package https://github.com/dlitz/pycrypto (latest release 2013) */`
`15`	`16`	`module Pycrypto {`
`16`	`17`
`17`		`- ModuleObject cipher(string name) {`
`18`		`- exists(PackageObject crypto \|`
`19`		`- crypto.getName() = "Crypto.Cipher" \|`
`20`		`- crypto.submodule(name) = result`
`21`		`- )`
	`18`	`+ ModuleValue cipher(string name) {`
	`19`	`+ result = Module::named("Crypto.Cipher").attr(name)`
`22`	`20`	`}`
`23`	`21`
`24`	`22`	`class CipherInstance extends TaintKind {`
`@@ -51,15 +49,15 @@ module Pycrypto {`
`51`	`49`	`CipherInstanceSource() {`
`52`	`50`	`exists(AttrNode attr \|`
`53`	`51`	`this.(CallNode).getFunction() = attr and`
`54`		`- attr.getObject("new").refersTo(cipher(instance.getName()))`
	`52`	`+ attr.getObject("new").pointsTo(cipher(instance.getName()))`
`55`	`53`	`)`
`56`	`54`	`}`
`57`	`55`
`58`	`56`	`override string toString() {`
`59`	`57`	`result = "Source of " + instance`
`60`	`58`	`}`
`61`	`59`
`62`		`- override predicate isSourceOf(TaintKind kind) {`
	`60`	`+ override predicate isSourceOf(TaintKind kind) {`
`63`	`61`	`kind = instance`
`64`	`62`	`}`
`65`	`63`
`@@ -70,12 +68,12 @@ module Pycrypto {`
`70`	`68`	`string name;`
`71`	`69`
`72`	`70`	`PycryptoWeakCryptoSink() {`
`73`		`- exists(CallNode call, AttrNode method, CipherInstance Cipher \|`
	`71`	`+ exists(CallNode call, AttrNode method, CipherInstance cipher \|`
`74`	`72`	`call.getAnArg() = this and`
`75`	`73`	`call.getFunction() = method and`
`76`		`- Cipher.taints(method.getObject("encrypt")) and`
`77`		`- Cipher.isWeak() and`
`78`		`- Cipher.getName() = name`
	`74`	`+ cipher.taints(method.getObject("encrypt")) and`
	`75`	`+ cipher.isWeak() and`
	`76`	`+ cipher.getName() = name`
`79`	`77`	`)`
`80`	`78`	`}`
`81`	`79`
`@@ -89,25 +87,25 @@ module Pycrypto {`
`89`	`87`
`90`	`88`	`module Cryptography {`
`91`	`89`
`92`		`- PackageObject ciphers() {`
`93`		`- result.getName() = "cryptography.hazmat.primitives.ciphers"`
	`90`	`+ ModuleValue ciphers() {`
	`91`	`+ result = Module::named("cryptography.hazmat.primitives.ciphers") and`
	`92`	`+ result.isPackage()`
`94`	`93`	`}`
`95`	`94`
`96`		`- class CipherClass extends ClassObject {`
	`95`	`+ class CipherClass extends ClassValue {`
`97`	`96`	`CipherClass() {`
`98`	`97`	`ciphers().attr("Cipher") = this`
`99`	`98`	`}`
`100`		`-`
`101`	`99`	`}`
`102`	`100`
`103`		`- class AlgorithmClass extends ClassObject {`
	`101`	`+ class AlgorithmClass extends ClassValue {`
`104`	`102`
`105`	`103`	`AlgorithmClass() {`
`106`		`- ciphers().submodule("algorithms").attr(_) = this`
	`104`	`+ ciphers().attr("algorithms").attr(_) = this`
`107`	`105`	`}`
`108`	`106`
`109`	`107`	`string getAlgorithmName() {`
`110`		`- result = this.declaredAttribute("name").(StringObject).getText()`
	`108`	`+ result = this.declaredAttribute("name").(StringValue).getText()`
`111`	`109`	`}`
`112`	`110`
`113`	`111`	`predicate isWeak() {`
`@@ -134,7 +132,7 @@ module Cryptography {`
`134`	`132`	`cls.isWeak()`
`135`	`133`	`}`
`136`	`134`
`137`		`- override TaintKind getTaintOfMethodResult(string name) {`
	`135`	`+ override TaintKind getTaintOfMethodResult(string name) {`
`138`	`136`	`name = "encryptor" and`
`139`	`137`	`result.(Encryptor).getAlgorithm() = this.getAlgorithm()`
`140`	`138`	`}`
`@@ -144,11 +142,11 @@ module Cryptography {`
`144`	`142`	`class CipherSource extends TaintSource {`
`145`	`143`
`146`	`144`	`CipherSource() {`
`147`		`- this.(CallNode).getFunction().refersTo(any(CipherClass cls))`
	`145`	`+ this.(CallNode).getFunction().pointsTo(any(CipherClass cls))`
`148`	`146`	`}`
`149`	`147`
`150`	`148`	`override predicate isSourceOf(TaintKind kind) {`
`151`		`- this.(CallNode).getArg(0).refersTo(_, kind.(CipherInstance).getAlgorithm(), _)`
	`149`	`+ this.(CallNode).getArg(0).pointsTo().getClass() = kind.(CipherInstance).getAlgorithm()`
`152`	`150`	`}`
`153`	`151`
`154`	`152`	`override string toString() {`
`@@ -203,5 +201,3 @@ private class CipherConfig extends TaintTracking::Configuration {`
`203`	`201`	`}`
`204`	`202`
`205`	`203`	`}`
`206`		`-`
`207`		`-`
Original file line number	Diff line number	Diff line change
`@@ -166,9 +166,9 @@ module SensitiveData {`
`166`	`166`
`167`	`167`	`SensitiveRequestParameter() {`
`168`	`168`	`this.(CallNode).getFunction().(AttrNode).getName() = "get" and`
`169`		`- exists(string sensitive \|`
`170`		`- this.(CallNode).getAnArg().refersTo(any(StringObject s \| s.getText() = sensitive)) and`
`171`		`- data = HeuristicNames::getSensitiveDataForName(sensitive)`
	`169`	`+ exists(StringValue sensitive \|`
	`170`	`+ this.(CallNode).getAnArg().pointsTo(sensitive) and`
	`171`	`+ data = HeuristicNames::getSensitiveDataForName(sensitive.getText())`
`172`	`172`	`)`
`173`	`173`	`}`
`174`	`174`