python: rewrite `HardcodedCredentials` away from `PointsTo`

- `ModuleValue.attr` and `ClassValue.lookup` are approximated by `Function.getName`
- `ClassValue.getName` is apprximated by `Class.getName`
- `Module::named` is approximated by `Module.getName`
- `Value::named` is approximated by `Builtins::likelyBuiltin`
- `FunctionValue.getNamedArgumentForCall` is approximated by `ArgumentNode.argumentOf`
This commit is contained in:
Rasmus Lerchedahl Petersen 2024-02-26 17:18:40 +01:00
Родитель 9ecac04709
Коммит 3eb9491cb4
1 изменённых файлов: 9 добавлений и 7 удалений

Просмотреть файл

@ -16,6 +16,8 @@ import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
import semmle.python.filters.Tests
private import semmle.python.dataflow.new.internal.DataFlowDispatch as DataFlowDispatch
private import semmle.python.dataflow.new.internal.Builtins::Builtins as Builtins
bindingset[char, fraction]
predicate fewer_characters_than(StrConst str, string char, float fraction) {
@ -30,15 +32,13 @@ predicate fewer_characters_than(StrConst str, string char, float fraction) {
}
predicate possible_reflective_name(string name) {
exists(any(ModuleValue m).attr(name))
any(Function f).getName() = name
or
exists(any(ClassValue c).lookup(name))
any(Class c).getName() = name
or
any(ClassValue c).getName() = name
any(Module m).getName() = name
or
exists(Module::named(name))
or
exists(Value::named(name))
exists(Builtins::likelyBuiltin(name))
}
int char_count(StrConst str) { result = count(string c | c = str.getText().charAt(_)) }
@ -84,7 +84,9 @@ class CredentialSink extends DataFlow::Node {
name.regexpMatch(getACredentialRegex()) and
not name.matches("%file")
|
any(FunctionValue func).getNamedArgumentForCall(_, name) = this.asCfgNode()
exists(DataFlowDispatch::ArgumentPosition pos | pos.isKeyword(name) |
this.(DataFlow::ArgumentNode).argumentOf(_, pos)
)
or
exists(Keyword k | k.getArg() = name and k.getValue().getAFlowNode() = this.asCfgNode())
or