Skip to content

Commit 1dd77f1

Browse files
committed
Fix undetected tests
1 parent b83b31c commit 1dd77f1

4 files changed

Lines changed: 17 additions & 13 deletions

File tree

python/ql/src/experimental/semmle/python/frameworks/XML.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -142,6 +142,8 @@ private module XML {
142142
exists(XMLParser xmlParser |
143143
xmlParser.mayBeDangerous() and this.getArgByName("parser").getALocalSource() = xmlParser
144144
)
145+
or
146+
not exists(this.getArgByName("parser"))
145147
}
146148
}
147149

python/ql/src/experimental/semmle/python/security/XXE.qll

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,17 +19,19 @@ class XXEFlowConfig extends TaintTracking::Configuration {
1919

2020
override predicate isSink(DataFlow::Node sink) {
2121
exists(XMLParsing xmlParsing | xmlParsing.mayBeDangerous() and sink = xmlParsing.getAnInput())
22+
or
23+
exists(XMLParser xmlParser | sink = xmlParser.getAnInput() and xmlParser.mayBeDangerous())
2224
}
2325

2426
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
2527
guard instanceof StringConstCompare
2628
}
2729

28-
override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeIn) {
30+
override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
2931
exists(DataFlow::CallCfgNode ioCalls |
3032
ioCalls = API::moduleImport("io").getMember(["StringIO", "BytesIO"]).getACall() and
31-
nodeFrom = ioCalls and
32-
nodeIn = ioCalls.getArg(0)
33+
nodeFrom = ioCalls.getArg(0) and
34+
nodeTo = ioCalls
3335
)
3436
}
3537
}

python/ql/test/experimental/query-tests/Security/CWE-611/general.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
from flask import request, Flask
2-
from io import StringIO
2+
from io import StringIO, BytesIO
33
import xml.etree
44
import xml.etree.ElementTree
55
import lxml.etree
@@ -42,31 +42,31 @@ def xmltodict_parse():
4242

4343

4444
@app.route("/lxml.etree.XMLParser+lxml.etree.fromstring")
45-
def test1():
45+
def lxml_XMLParser_fromstring():
4646
xml_content = request.args['xml_content']
4747

4848
parser = lxml.etree.XMLParser()
4949
return lxml.etree.fromstring(xml_content, parser=parser).text
5050

5151

5252
@app.route("/lxml.etree.get_default_parser+lxml.etree.fromstring")
53-
def test1():
53+
def lxml_defaultParser_fromstring():
5454
xml_content = request.args['xml_content']
5555

5656
parser = lxml.etree.get_default_parser()
5757
return lxml.etree.fromstring(xml_content, parser=parser).text
5858

5959

6060
@app.route("/lxml.etree.XMLParser+xml.etree.ElementTree.fromstring")
61-
def test1():
61+
def lxml_XMLParser_xml_fromstring():
6262
xml_content = request.args['xml_content']
6363

6464
parser = lxml.etree.XMLParser()
6565
return xml.etree.ElementTree.fromstring(xml_content, parser=parser).text
6666

6767

6868
@app.route("/lxml.etree.XMLParser+xml.etree.ElementTree.parse")
69-
def test1():
69+
def lxml_XMLParser_xml_parse():
7070
xml_content = request.args['xml_content']
7171

7272
parser = lxml.etree.XMLParser()

python/ql/test/experimental/query-tests/Security/CWE-611/xml_sax_make_parser.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,14 +22,14 @@ def parse(self, f):
2222

2323

2424
@app.route("/MainHandler")
25-
def test1():
25+
def mainHandler():
2626
xml_content = request.args['xml_content']
2727

2828
return MainHandler().parse(StringIO(xml_content))
2929

3030

3131
@app.route("/xml.sax.make_parser()+MainHandler")
32-
def test1():
32+
def xml_makeparser_MainHandler():
3333
xml_content = request.args['xml_content']
3434

3535
BadHandler = MainHandler()
@@ -40,7 +40,7 @@ def test1():
4040

4141

4242
@app.route("/xml.sax.make_parser()+MainHandler-xml.sax.handler.feature_external_ges_False")
43-
def test1():
43+
def xml_makeparser_MainHandler_entitiesFalse():
4444
xml_content = request.args['xml_content']
4545

4646
BadHandler = MainHandler()
@@ -55,7 +55,7 @@ def test1():
5555

5656

5757
@app.route("/xml.sax.make_parser()+MainHandler-xml.sax.handler.feature_external_ges_True")
58-
def test1():
58+
def xml_makeparser_MainHandler_entitiesTrue():
5959
xml_content = request.args['xml_content']
6060

6161
GoodHandler = MainHandler()
@@ -67,7 +67,7 @@ def test1():
6767

6868

6969
@app.route("/xml.sax.make_parser()+xml.dom.minidom.parse-xml.sax.handler.feature_external_ges_True")
70-
def test1():
70+
def xml_makeparser_minidom_entitiesTrue():
7171
xml_content = request.args['xml_content']
7272

7373
parser = xml.sax.make_parser()

0 commit comments

Comments
 (0)