зеркало из https://github.com/github/codeql.git
Python: Improve API and representation of taint tracking nodes. Update queries and tests accordingly.
This commit is contained in:
Mark Shannon
Родитель
c01db23f58
Коммит
61bd8682df
|
|
@ -26,8 +26,6 @@ import semmle.python.web.HttpRequest
|
|||
import semmle.python.security.injection.Path
|
||||
|
||||
|
||||
|
||||
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
|
||||
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
|
||||
|
||||
select sink, srcnode, sinknode, "This path depends on $@.", src, "a user-provided value"
|
||||
from TaintedPathSource src, TaintedPathSink sink
|
||||
where src.flowsTo(sink)
|
||||
select sink.getSink(), src, sink, "This path depends on $@.", src.getSource(), "a user-provided value"
|
||||
|
|
@ -23,7 +23,6 @@ import semmle.python.web.HttpRequest
|
|||
/* Sinks */
|
||||
import semmle.python.security.injection.Command
|
||||
|
||||
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
|
||||
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
|
||||
|
||||
select sink, srcnode, sinknode, "This command depends on $@.", src, "a user-provided value"
|
||||
from TaintedPathSource src, TaintedPathSink sink
|
||||
where src.flowsTo(sink)
|
||||
select sink.getSink(), src, sink, "This command depends on $@.", src.getSource(), "a user-provided value"
|
||||
|
|
|
|||
|
|
@ -25,9 +25,6 @@ import semmle.python.web.HttpResponse
|
|||
/* Flow */
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
|
||||
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
|
||||
|
||||
select sink, srcnode, sinknode, "Cross-site scripting vulnerability due to $@.",
|
||||
src, "user-provided value"
|
||||
|
||||
from TaintedPathSource src, TaintedPathSink sink
|
||||
where src.flowsTo(sink)
|
||||
select sink.getSink(), src, sink, "Cross-site scripting vulnerability due to $@.", src.getSource(), "user-provided value"
|
||||
|
|
|
|||
|
|
@ -23,7 +23,6 @@ import semmle.python.web.django.Db
|
|||
import semmle.python.web.django.Model
|
||||
|
||||
|
||||
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
|
||||
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
|
||||
|
||||
select sink, srcnode, sinknode, "This SQL query depends on $@.", src, "a user-provided value"
|
||||
from TaintedPathSource src, TaintedPathSink sink
|
||||
where src.flowsTo(sink)
|
||||
select sink.getSink(), src, sink, "This SQL query depends on $@.", src.getSource(), "a user-provided value"
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ import semmle.python.web.HttpRequest
|
|||
import semmle.python.security.injection.Exec
|
||||
|
||||
|
||||
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
|
||||
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
|
||||
|
||||
select sink, srcnode, sinknode, "$@ flows to here and is interpreted as code.", src, "User-provided value"
|
||||
from TaintedPathSource src, TaintedPathSink sink
|
||||
where src.flowsTo(sink)
|
||||
select sink.getSink(), src, sink, "$@ flows to here and is interpreted as code.", src.getSource(), "User-provided value"
|
||||
|
|
|
|||
|
|
@ -18,6 +18,6 @@ import semmle.python.security.Paths
|
|||
import semmle.python.security.Exceptions
|
||||
import semmle.python.web.HttpResponse
|
||||
|
||||
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
|
||||
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
|
||||
select sink, srcnode, sinknode, "$@ may be exposed to an external user", src, "Error information"
|
||||
from TaintedPathSource src, TaintedPathSink sink
|
||||
where src.flowsTo(sink)
|
||||
select sink.getSink(), src, sink, "$@ may be exposed to an external user", src.getSource(), "Error information"
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import semmle.python.security.injection.Marshal
|
|||
import semmle.python.security.injection.Yaml
|
||||
|
||||
|
||||
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
|
||||
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
|
||||
|
||||
select sink, srcnode, sinknode, "Deserializing of $@.", src, "untrusted input"
|
||||
from TaintedPathSource src, TaintedPathSink sink
|
||||
where src.flowsTo(sink)
|
||||
select sink.getSink(), src, sink, "Deserializing of $@.", src.getSource(), "untrusted input"
|
||||
|
|
|
|||
|
|
@ -28,8 +28,7 @@ class UntrustedPrefixStringKind extends UntrustedStringKind {
|
|||
|
||||
}
|
||||
|
||||
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
|
||||
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
|
||||
|
||||
select sink, srcnode, sinknode, "Untrusted URL redirection due to $@.", src, "a user-provided value"
|
||||
from TaintedPathSource src, TaintedPathSink sink
|
||||
where src.flowsTo(sink)
|
||||
select sink.getSink(), src, sink, "Untrusted URL redirection due to $@.", src.getSource(), "a user-provided value"
|
||||
|
||||
|
|
|
|||
|
|
@ -24,6 +24,11 @@ class ExceptionInfo extends StringKind {
|
|||
ExceptionInfo() {
|
||||
this = "exception.info"
|
||||
}
|
||||
|
||||
override string repr() {
|
||||
result = "exception info"
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -36,6 +41,10 @@ class ExceptionKind extends TaintKind {
|
|||
this = "exception.kind"
|
||||
}
|
||||
|
||||
override string repr() {
|
||||
result = "exception"
|
||||
}
|
||||
|
||||
override TaintKind getTaintOfAttribute(string name) {
|
||||
name = "args" and result instanceof ExceptionInfoSequence
|
||||
or
|
||||
|
|
|
|||
|
|
@ -148,6 +148,8 @@ abstract class TaintKind extends string {
|
|||
none()
|
||||
}
|
||||
|
||||
string repr() { result = this }
|
||||
|
||||
}
|
||||
|
||||
/** Taint kinds representing collections of other taint kind.
|
||||
|
|
@ -208,6 +210,10 @@ class SequenceKind extends CollectionKind {
|
|||
name = "pop" and result = this.getItem()
|
||||
}
|
||||
|
||||
override string repr() {
|
||||
result = "sequence of " + itemKind
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/* Helper for getTaintForStep() */
|
||||
|
|
@ -281,6 +287,10 @@ class DictKind extends CollectionKind {
|
|||
name = "itervalues" and result.(SequenceKind).getItem() = valueKind
|
||||
}
|
||||
|
||||
override string repr() {
|
||||
result = "dict of " + valueKind
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -603,7 +613,9 @@ private predicate user_tainted_def(TaintedDefinition def, TaintFlowImplementatio
|
|||
*/
|
||||
class TaintedNode extends TTaintedNode {
|
||||
|
||||
string toString() { result = this.getTrackedValue().toString() + " at " + this.getLocation() }
|
||||
string toString() { result = this.getTrackedValue().repr() }
|
||||
|
||||
string debug() { result = this.getTrackedValue().toString() + " at " + this.getNode().getLocation() }
|
||||
|
||||
TaintedNode getASuccessor() {
|
||||
exists(TaintFlowImplementation::TrackedValue tokind, CallContext tocontext, ControlFlowNode tonode |
|
||||
|
|
@ -675,25 +687,33 @@ class TaintedNode extends TTaintedNode {
|
|||
|
||||
}
|
||||
|
||||
class TaintedNodeSource extends TaintedNode {
|
||||
class TaintedPathSource extends TaintedNode {
|
||||
|
||||
TaintedNodeSource() {
|
||||
TaintedPathSource() {
|
||||
this.getNode().(TaintSource).isSourceOf(this.getTaintKind(), this.getContext())
|
||||
}
|
||||
|
||||
/** Holds if taint can flow from this source to sink `sink` */
|
||||
final predicate flowsTo(TaintedNodeSink sink) {
|
||||
final predicate flowsTo(TaintedPathSink sink) {
|
||||
this.getASuccessor*() = sink
|
||||
}
|
||||
|
||||
TaintSource getSource() {
|
||||
result = this.getNode()
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
class TaintedNodeSink extends TaintedNode {
|
||||
class TaintedPathSink extends TaintedNode {
|
||||
|
||||
TaintedNodeSink() {
|
||||
TaintedPathSink() {
|
||||
this.getNode().(TaintSink).sinks(this.getTaintKind())
|
||||
}
|
||||
|
||||
TaintSink getSink() {
|
||||
result = this.getNode()
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/** This module contains the implementation of taint-flow.
|
||||
|
|
@ -739,12 +759,18 @@ library module TaintFlowImplementation {
|
|||
|
||||
abstract string toString();
|
||||
|
||||
abstract string repr();
|
||||
|
||||
abstract TrackedValue toKind(TaintKind kind);
|
||||
|
||||
}
|
||||
|
||||
class TrackedTaint extends TrackedValue, TTrackedTaint {
|
||||
|
||||
override string repr() {
|
||||
result = this.getKind().repr()
|
||||
}
|
||||
|
||||
override string toString() {
|
||||
result = "Taint " + this.getKind()
|
||||
}
|
||||
|
|
@ -761,6 +787,13 @@ library module TaintFlowImplementation {
|
|||
|
||||
class TrackedAttribute extends TrackedValue, TTrackedAttribute {
|
||||
|
||||
override string repr() {
|
||||
exists(string name, TaintKind kind |
|
||||
this = TTrackedAttribute(name, kind) and
|
||||
result = "." + name + "=" + kind.repr()
|
||||
)
|
||||
}
|
||||
|
||||
override string toString() {
|
||||
exists(string name, TaintKind kind |
|
||||
this = TTrackedAttribute(name, kind) and
|
||||
|
|
|
|||
|
|
@ -36,6 +36,9 @@ class FirstElementKind extends TaintKind {
|
|||
this = "sequence[" + any(ExternalStringKind key) + "][0]"
|
||||
}
|
||||
|
||||
override string repr() {
|
||||
result = "first item in sequence of " + this.getItem().repr()
|
||||
}
|
||||
|
||||
/** Gets the taint kind for item in this sequence. */
|
||||
ExternalStringKind getItem() {
|
||||
|
|
|
|||
|
|
@ -36,6 +36,10 @@ class NormalizedPath extends TaintKind {
|
|||
this = "normalized.path.injection"
|
||||
}
|
||||
|
||||
override string repr() {
|
||||
result = "normalized path"
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private predicate abspath_call(CallNode call, ControlFlowNode arg) {
|
||||
|
|
|
|||
|
|
@ -1,34 +1,34 @@
|
|||
edges
|
||||
| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | ../lib/os/path.py:5:12:5:12 | Taint externally controlled string at ../lib/os/path.py:5 |
|
||||
| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | ../lib/os/path.py:5:12:5:12 | Taint externally controlled string at ../lib/os/path.py:5 |
|
||||
| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | ../lib/os/path.py:5:12:5:12 | Taint externally controlled string at ../lib/os/path.py:5 |
|
||||
| path_injection.py:9:12:9:23 | Taint {externally controlled string} at path_injection.py:9 | path_injection.py:9:12:9:39 | Taint externally controlled string at path_injection.py:9 |
|
||||
| path_injection.py:9:12:9:39 | Taint externally controlled string at path_injection.py:9 | path_injection.py:10:40:10:43 | Taint externally controlled string at path_injection.py:10 |
|
||||
| path_injection.py:10:40:10:43 | Taint externally controlled string at path_injection.py:10 | path_injection.py:10:14:10:44 | Taint externally controlled string at path_injection.py:10 |
|
||||
| path_injection.py:15:12:15:23 | Taint {externally controlled string} at path_injection.py:15 | path_injection.py:15:12:15:39 | Taint externally controlled string at path_injection.py:15 |
|
||||
| path_injection.py:15:12:15:39 | Taint externally controlled string at path_injection.py:15 | path_injection.py:16:56:16:59 | Taint externally controlled string at path_injection.py:16 |
|
||||
| path_injection.py:16:13:16:61 | Taint normalized.path.injection at path_injection.py:16 | path_injection.py:17:14:17:18 | Taint normalized.path.injection at path_injection.py:17 |
|
||||
| path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 | ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 |
|
||||
| path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 | path_injection.py:16:13:16:61 | Taint normalized.path.injection at path_injection.py:16 |
|
||||
| path_injection.py:16:56:16:59 | Taint externally controlled string at path_injection.py:16 | path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 |
|
||||
| path_injection.py:24:12:24:23 | Taint {externally controlled string} at path_injection.py:24 | path_injection.py:24:12:24:39 | Taint externally controlled string at path_injection.py:24 |
|
||||
| path_injection.py:24:12:24:39 | Taint externally controlled string at path_injection.py:24 | path_injection.py:25:56:25:59 | Taint externally controlled string at path_injection.py:25 |
|
||||
| path_injection.py:25:13:25:61 | Taint normalized.path.injection at path_injection.py:25 | path_injection.py:26:8:26:12 | Taint normalized.path.injection at path_injection.py:26 |
|
||||
| path_injection.py:25:13:25:61 | Taint normalized.path.injection at path_injection.py:25 | path_injection.py:28:14:28:18 | Taint normalized.path.injection at path_injection.py:28 |
|
||||
| path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 | ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 |
|
||||
| path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 | path_injection.py:25:13:25:61 | Taint normalized.path.injection at path_injection.py:25 |
|
||||
| path_injection.py:25:56:25:59 | Taint externally controlled string at path_injection.py:25 | path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 |
|
||||
| path_injection.py:33:12:33:23 | Taint {externally controlled string} at path_injection.py:33 | path_injection.py:33:12:33:39 | Taint externally controlled string at path_injection.py:33 |
|
||||
| path_injection.py:33:12:33:39 | Taint externally controlled string at path_injection.py:33 | path_injection.py:34:56:34:59 | Taint externally controlled string at path_injection.py:34 |
|
||||
| path_injection.py:34:13:34:61 | Taint normalized.path.injection at path_injection.py:34 | path_injection.py:35:8:35:12 | Taint normalized.path.injection at path_injection.py:35 |
|
||||
| path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 | ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 |
|
||||
| path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 | path_injection.py:34:13:34:61 | Taint normalized.path.injection at path_injection.py:34 |
|
||||
| path_injection.py:34:56:34:59 | Taint externally controlled string at path_injection.py:34 | path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 |
|
||||
| ../lib/os/path.py:4:14:4:14 | externally controlled string | ../lib/os/path.py:5:12:5:12 | externally controlled string |
|
||||
| ../lib/os/path.py:4:14:4:14 | externally controlled string | ../lib/os/path.py:5:12:5:12 | externally controlled string |
|
||||
| ../lib/os/path.py:4:14:4:14 | externally controlled string | ../lib/os/path.py:5:12:5:12 | externally controlled string |
|
||||
| path_injection.py:9:12:9:23 | dict of externally controlled string | path_injection.py:9:12:9:39 | externally controlled string |
|
||||
| path_injection.py:9:12:9:39 | externally controlled string | path_injection.py:10:40:10:43 | externally controlled string |
|
||||
| path_injection.py:10:40:10:43 | externally controlled string | path_injection.py:10:14:10:44 | externally controlled string |
|
||||
| path_injection.py:15:12:15:23 | dict of externally controlled string | path_injection.py:15:12:15:39 | externally controlled string |
|
||||
| path_injection.py:15:12:15:39 | externally controlled string | path_injection.py:16:56:16:59 | externally controlled string |
|
||||
| path_injection.py:16:13:16:61 | normalized path | path_injection.py:17:14:17:18 | normalized path |
|
||||
| path_injection.py:16:30:16:60 | externally controlled string | ../lib/os/path.py:4:14:4:14 | externally controlled string |
|
||||
| path_injection.py:16:30:16:60 | externally controlled string | path_injection.py:16:13:16:61 | normalized path |
|
||||
| path_injection.py:16:56:16:59 | externally controlled string | path_injection.py:16:30:16:60 | externally controlled string |
|
||||
| path_injection.py:24:12:24:23 | dict of externally controlled string | path_injection.py:24:12:24:39 | externally controlled string |
|
||||
| path_injection.py:24:12:24:39 | externally controlled string | path_injection.py:25:56:25:59 | externally controlled string |
|
||||
| path_injection.py:25:13:25:61 | normalized path | path_injection.py:26:8:26:12 | normalized path |
|
||||
| path_injection.py:25:13:25:61 | normalized path | path_injection.py:28:14:28:18 | normalized path |
|
||||
| path_injection.py:25:30:25:60 | externally controlled string | ../lib/os/path.py:4:14:4:14 | externally controlled string |
|
||||
| path_injection.py:25:30:25:60 | externally controlled string | path_injection.py:25:13:25:61 | normalized path |
|
||||
| path_injection.py:25:56:25:59 | externally controlled string | path_injection.py:25:30:25:60 | externally controlled string |
|
||||
| path_injection.py:33:12:33:23 | dict of externally controlled string | path_injection.py:33:12:33:39 | externally controlled string |
|
||||
| path_injection.py:33:12:33:39 | externally controlled string | path_injection.py:34:56:34:59 | externally controlled string |
|
||||
| path_injection.py:34:13:34:61 | normalized path | path_injection.py:35:8:35:12 | normalized path |
|
||||
| path_injection.py:34:30:34:60 | externally controlled string | ../lib/os/path.py:4:14:4:14 | externally controlled string |
|
||||
| path_injection.py:34:30:34:60 | externally controlled string | path_injection.py:34:13:34:61 | normalized path |
|
||||
| path_injection.py:34:56:34:59 | externally controlled string | path_injection.py:34:30:34:60 | externally controlled string |
|
||||
parents
|
||||
| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 |
|
||||
| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 |
|
||||
| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 |
|
||||
| ../lib/os/path.py:4:14:4:14 | externally controlled string | path_injection.py:16:30:16:60 | externally controlled string |
|
||||
| ../lib/os/path.py:4:14:4:14 | externally controlled string | path_injection.py:25:30:25:60 | externally controlled string |
|
||||
| ../lib/os/path.py:4:14:4:14 | externally controlled string | path_injection.py:34:30:34:60 | externally controlled string |
|
||||
#select
|
||||
| path_injection.py:10:14:10:44 | argument to open() | path_injection.py:9:12:9:23 | Taint {externally controlled string} at path_injection.py:9 | path_injection.py:10:14:10:44 | Taint externally controlled string at path_injection.py:10 | This path depends on $@. | path_injection.py:9:12:9:23 | flask.request.args | a user-provided value |
|
||||
| path_injection.py:17:14:17:18 | argument to open() | path_injection.py:15:12:15:23 | Taint {externally controlled string} at path_injection.py:15 | path_injection.py:17:14:17:18 | Taint normalized.path.injection at path_injection.py:17 | This path depends on $@. | path_injection.py:15:12:15:23 | flask.request.args | a user-provided value |
|
||||
| path_injection.py:28:14:28:18 | argument to open() | path_injection.py:24:12:24:23 | Taint {externally controlled string} at path_injection.py:24 | path_injection.py:28:14:28:18 | Taint normalized.path.injection at path_injection.py:28 | This path depends on $@. | path_injection.py:24:12:24:23 | flask.request.args | a user-provided value |
|
||||
| path_injection.py:10:14:10:44 | argument to open() | path_injection.py:9:12:9:23 | dict of externally controlled string | path_injection.py:10:14:10:44 | externally controlled string | This path depends on $@. | path_injection.py:9:12:9:23 | flask.request.args | a user-provided value |
|
||||
| path_injection.py:17:14:17:18 | argument to open() | path_injection.py:15:12:15:23 | dict of externally controlled string | path_injection.py:17:14:17:18 | normalized path | This path depends on $@. | path_injection.py:15:12:15:23 | flask.request.args | a user-provided value |
|
||||
| path_injection.py:28:14:28:18 | argument to open() | path_injection.py:24:12:24:23 | dict of externally controlled string | path_injection.py:28:14:28:18 | normalized path | This path depends on $@. | path_injection.py:24:12:24:23 | flask.request.args | a user-provided value |
|
||||
|
|
|
|||
|
|
@ -1,19 +1,18 @@
|
|||
edges
|
||||
| command_injection.py:10:13:10:24 | Taint {externally controlled string} at command_injection.py:10 | command_injection.py:10:13:10:41 | Taint externally controlled string at command_injection.py:10 |
|
||||
| command_injection.py:10:13:10:41 | Taint externally controlled string at command_injection.py:10 | command_injection.py:12:23:12:27 | Taint externally controlled string at command_injection.py:12 |
|
||||
| command_injection.py:12:15:12:27 | Taint externally controlled string at command_injection.py:12 | ../lib/os/__init__.py:1:12:1:14 | Taint externally controlled string at ../lib/os/__init__.py:1 |
|
||||
| command_injection.py:12:23:12:27 | Taint externally controlled string at command_injection.py:12 | command_injection.py:12:15:12:27 | Taint externally controlled string at command_injection.py:12 |
|
||||
| command_injection.py:17:13:17:24 | Taint {externally controlled string} at command_injection.py:17 | command_injection.py:17:13:17:41 | Taint externally controlled string at command_injection.py:17 |
|
||||
| command_injection.py:17:13:17:41 | Taint externally controlled string at command_injection.py:17 | command_injection.py:19:29:19:33 | Taint externally controlled string at command_injection.py:19 |
|
||||
| command_injection.py:19:29:19:33 | Taint externally controlled string at command_injection.py:19 | command_injection.py:19:22:19:34 | Taint [externally controlled string] at command_injection.py:19 |
|
||||
| command_injection.py:24:11:24:22 | Taint {externally controlled string} at command_injection.py:24 | command_injection.py:24:11:24:37 | Taint externally controlled string at command_injection.py:24 |
|
||||
| command_injection.py:24:11:24:37 | Taint externally controlled string at command_injection.py:24 | command_injection.py:25:23:25:25 | Taint externally controlled string at command_injection.py:25 |
|
||||
| command_injection.py:25:23:25:25 | Taint externally controlled string at command_injection.py:25 | command_injection.py:25:22:25:36 | Taint [externally controlled string] at command_injection.py:25 |
|
||||
| command_injection.py:25:23:25:25 | Taint externally controlled string at command_injection.py:25 | command_injection.py:25:22:25:36 | Taint sequence[externally controlled string][0] at command_injection.py:25 |
|
||||
| command_injection.py:10:13:10:24 | dict of externally controlled string | command_injection.py:10:13:10:41 | externally controlled string |
|
||||
| command_injection.py:10:13:10:41 | externally controlled string | command_injection.py:12:23:12:27 | externally controlled string |
|
||||
| command_injection.py:12:15:12:27 | externally controlled string | ../lib/os/__init__.py:1:12:1:14 | externally controlled string |
|
||||
| command_injection.py:12:23:12:27 | externally controlled string | command_injection.py:12:15:12:27 | externally controlled string |
|
||||
| command_injection.py:17:13:17:24 | dict of externally controlled string | command_injection.py:17:13:17:41 | externally controlled string |
|
||||
| command_injection.py:17:13:17:41 | externally controlled string | command_injection.py:19:29:19:33 | externally controlled string |
|
||||
| command_injection.py:19:29:19:33 | externally controlled string | command_injection.py:19:22:19:34 | sequence of externally controlled string |
|
||||
| command_injection.py:24:11:24:22 | dict of externally controlled string | command_injection.py:24:11:24:37 | externally controlled string |
|
||||
| command_injection.py:24:11:24:37 | externally controlled string | command_injection.py:25:23:25:25 | externally controlled string |
|
||||
| command_injection.py:25:23:25:25 | externally controlled string | command_injection.py:25:22:25:36 | first item in sequence of externally controlled string |
|
||||
| command_injection.py:25:23:25:25 | externally controlled string | command_injection.py:25:22:25:36 | sequence of externally controlled string |
|
||||
parents
|
||||
| ../lib/os/__init__.py:1:12:1:14 | Taint externally controlled string at ../lib/os/__init__.py:1 | command_injection.py:12:15:12:27 | Taint externally controlled string at command_injection.py:12 |
|
||||
| ../lib/os/__init__.py:1:12:1:14 | externally controlled string | command_injection.py:12:15:12:27 | externally controlled string |
|
||||
#select
|
||||
| command_injection.py:12:15:12:27 | shell command | command_injection.py:10:13:10:24 | Taint {externally controlled string} at command_injection.py:10 | command_injection.py:12:15:12:27 | Taint externally controlled string at command_injection.py:12 | This command depends on $@. | command_injection.py:10:13:10:24 | flask.request.args | a user-provided value |
|
||||
| command_injection.py:19:22:19:34 | shell command | command_injection.py:17:13:17:24 | Taint {externally controlled string} at command_injection.py:17 | command_injection.py:19:22:19:34 | Taint [externally controlled string] at command_injection.py:19 | This command depends on $@. | command_injection.py:17:13:17:24 | flask.request.args | a user-provided value |
|
||||
| command_injection.py:25:22:25:36 | OS command first argument | command_injection.py:24:11:24:22 | Taint {externally controlled string} at command_injection.py:24 | command_injection.py:25:22:25:36 | Taint [externally controlled string] at command_injection.py:25 | This command depends on $@. | command_injection.py:24:11:24:22 | flask.request.args | a user-provided value |
|
||||
| command_injection.py:25:22:25:36 | OS command first argument | command_injection.py:24:11:24:22 | Taint {externally controlled string} at command_injection.py:24 | command_injection.py:25:22:25:36 | Taint sequence[externally controlled string][0] at command_injection.py:25 | This command depends on $@. | command_injection.py:24:11:24:22 | flask.request.args | a user-provided value |
|
||||
| command_injection.py:12:15:12:27 | shell command | command_injection.py:10:13:10:24 | dict of externally controlled string | command_injection.py:12:15:12:27 | externally controlled string | This command depends on $@. | command_injection.py:10:13:10:24 | flask.request.args | a user-provided value |
|
||||
| command_injection.py:19:22:19:34 | shell command | command_injection.py:17:13:17:24 | dict of externally controlled string | command_injection.py:19:22:19:34 | sequence of externally controlled string | This command depends on $@. | command_injection.py:17:13:17:24 | flask.request.args | a user-provided value |
|
||||
| command_injection.py:25:22:25:36 | OS command first argument | command_injection.py:24:11:24:22 | dict of externally controlled string | command_injection.py:25:22:25:36 | first item in sequence of externally controlled string | This command depends on $@. | command_injection.py:24:11:24:22 | flask.request.args | a user-provided value |
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
edges
|
||||
| ../lib/flask/__init__.py:14:19:14:20 | Taint externally controlled string at ../lib/flask/__init__.py:14 | ../lib/flask/__init__.py:15:19:15:20 | Taint externally controlled string at ../lib/flask/__init__.py:15 |
|
||||
| ../lib/flask/__init__.py:14:19:14:20 | Taint externally controlled string at ../lib/flask/__init__.py:14 | ../lib/flask/__init__.py:16:25:16:26 | Taint externally controlled string at ../lib/flask/__init__.py:16 |
|
||||
| reflected_xss.py:7:18:7:29 | Taint {externally controlled string} at reflected_xss.py:7 | reflected_xss.py:7:18:7:45 | Taint externally controlled string at reflected_xss.py:7 |
|
||||
| reflected_xss.py:7:18:7:45 | Taint externally controlled string at reflected_xss.py:7 | reflected_xss.py:8:44:8:53 | Taint externally controlled string at reflected_xss.py:8 |
|
||||
| reflected_xss.py:8:26:8:53 | Taint externally controlled string at reflected_xss.py:8 | ../lib/flask/__init__.py:14:19:14:20 | Taint externally controlled string at ../lib/flask/__init__.py:14 |
|
||||
| reflected_xss.py:8:44:8:53 | Taint externally controlled string at reflected_xss.py:8 | reflected_xss.py:8:26:8:53 | Taint externally controlled string at reflected_xss.py:8 |
|
||||
| reflected_xss.py:12:18:12:29 | Taint {externally controlled string} at reflected_xss.py:12 | reflected_xss.py:12:18:12:45 | Taint externally controlled string at reflected_xss.py:12 |
|
||||
| reflected_xss.py:12:18:12:45 | Taint externally controlled string at reflected_xss.py:12 | reflected_xss.py:13:51:13:60 | Taint externally controlled string at reflected_xss.py:13 |
|
||||
| ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | ../lib/flask/__init__.py:15:19:15:20 | externally controlled string |
|
||||
| ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | ../lib/flask/__init__.py:16:25:16:26 | externally controlled string |
|
||||
| reflected_xss.py:7:18:7:29 | dict of externally controlled string | reflected_xss.py:7:18:7:45 | externally controlled string |
|
||||
| reflected_xss.py:7:18:7:45 | externally controlled string | reflected_xss.py:8:44:8:53 | externally controlled string |
|
||||
| reflected_xss.py:8:26:8:53 | externally controlled string | ../lib/flask/__init__.py:14:19:14:20 | externally controlled string |
|
||||
| reflected_xss.py:8:44:8:53 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
|
||||
| reflected_xss.py:12:18:12:29 | dict of externally controlled string | reflected_xss.py:12:18:12:45 | externally controlled string |
|
||||
| reflected_xss.py:12:18:12:45 | externally controlled string | reflected_xss.py:13:51:13:60 | externally controlled string |
|
||||
parents
|
||||
| ../lib/flask/__init__.py:14:19:14:20 | Taint externally controlled string at ../lib/flask/__init__.py:14 | reflected_xss.py:8:26:8:53 | Taint externally controlled string at reflected_xss.py:8 |
|
||||
| ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
|
||||
#select
|
||||
| ../lib/flask/__init__.py:16:25:16:26 | flask.response.argument | reflected_xss.py:7:18:7:29 | Taint {externally controlled string} at reflected_xss.py:7 | ../lib/flask/__init__.py:16:25:16:26 | Taint externally controlled string at ../lib/flask/__init__.py:16 | Cross-site scripting vulnerability due to $@. | reflected_xss.py:7:18:7:29 | flask.request.args | user-provided value |
|
||||
| ../lib/flask/__init__.py:16:25:16:26 | flask.response.argument | reflected_xss.py:7:18:7:29 | dict of externally controlled string | ../lib/flask/__init__.py:16:25:16:26 | externally controlled string | Cross-site scripting vulnerability due to $@. | reflected_xss.py:7:18:7:29 | flask.request.args | user-provided value |
|
||||
|
|
|
|||
|
|
@ -1,25 +1,25 @@
|
|||
edges
|
||||
| sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:11:8:11:14 | Taint django.request.HttpRequest at sql_injection.py:11 |
|
||||
| sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:12:16:12:22 | Taint django.request.HttpRequest at sql_injection.py:12 |
|
||||
| sql_injection.py:12:16:12:22 | Taint django.request.HttpRequest at sql_injection.py:12 | sql_injection.py:12:16:12:27 | Taint django.http.request.QueryDict at sql_injection.py:12 |
|
||||
| sql_injection.py:12:16:12:27 | Taint django.http.request.QueryDict at sql_injection.py:12 | sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 |
|
||||
| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:16:62:16:65 | Taint externally controlled string at sql_injection.py:16 |
|
||||
| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:19:63:19:66 | Taint externally controlled string at sql_injection.py:19 |
|
||||
| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:22:88:22:91 | Taint externally controlled string at sql_injection.py:22 |
|
||||
| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:23:76:23:79 | Taint externally controlled string at sql_injection.py:23 |
|
||||
| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:24:78:24:81 | Taint externally controlled string at sql_injection.py:24 |
|
||||
| sql_injection.py:13:16:13:34 | Taint django.db.connection.cursor at sql_injection.py:13 | sql_injection.py:15:9:15:12 | Taint django.db.connection.cursor at sql_injection.py:15 |
|
||||
| sql_injection.py:13:16:13:34 | Taint django.db.connection.cursor at sql_injection.py:13 | sql_injection.py:18:9:18:12 | Taint django.db.connection.cursor at sql_injection.py:18 |
|
||||
| sql_injection.py:19:63:19:66 | Taint externally controlled string at sql_injection.py:19 | sql_injection.py:19:13:19:66 | Taint externally controlled string at sql_injection.py:19 |
|
||||
| sql_injection.py:22:9:22:20 | Taint django.db.models.Model.objects at sql_injection.py:22 | sql_injection.py:22:9:22:93 | Taint django.db.models.Model.objects at sql_injection.py:22 |
|
||||
| sql_injection.py:22:88:22:91 | Taint externally controlled string at sql_injection.py:22 | sql_injection.py:22:38:22:91 | Taint externally controlled string at sql_injection.py:22 |
|
||||
| sql_injection.py:23:9:23:20 | Taint django.db.models.Model.objects at sql_injection.py:23 | sql_injection.py:23:9:23:80 | Taint django.db.models.Model.objects at sql_injection.py:23 |
|
||||
| sql_injection.py:23:76:23:79 | Taint externally controlled string at sql_injection.py:23 | sql_injection.py:23:26:23:79 | Taint externally controlled string at sql_injection.py:23 |
|
||||
| sql_injection.py:24:9:24:20 | Taint django.db.models.Model.objects at sql_injection.py:24 | sql_injection.py:24:9:24:82 | Taint django.db.models.Model.objects at sql_injection.py:24 |
|
||||
| sql_injection.py:24:78:24:81 | Taint externally controlled string at sql_injection.py:24 | sql_injection.py:24:28:24:81 | Taint externally controlled string at sql_injection.py:24 |
|
||||
| sql_injection.py:9:15:9:21 | django.request.HttpRequest | sql_injection.py:11:8:11:14 | django.request.HttpRequest |
|
||||
| sql_injection.py:9:15:9:21 | django.request.HttpRequest | sql_injection.py:12:16:12:22 | django.request.HttpRequest |
|
||||
| sql_injection.py:12:16:12:22 | django.request.HttpRequest | sql_injection.py:12:16:12:27 | django.http.request.QueryDict |
|
||||
| sql_injection.py:12:16:12:27 | django.http.request.QueryDict | sql_injection.py:12:16:12:39 | externally controlled string |
|
||||
| sql_injection.py:12:16:12:39 | externally controlled string | sql_injection.py:16:62:16:65 | externally controlled string |
|
||||
| sql_injection.py:12:16:12:39 | externally controlled string | sql_injection.py:19:63:19:66 | externally controlled string |
|
||||
| sql_injection.py:12:16:12:39 | externally controlled string | sql_injection.py:22:88:22:91 | externally controlled string |
|
||||
| sql_injection.py:12:16:12:39 | externally controlled string | sql_injection.py:23:76:23:79 | externally controlled string |
|
||||
| sql_injection.py:12:16:12:39 | externally controlled string | sql_injection.py:24:78:24:81 | externally controlled string |
|
||||
| sql_injection.py:13:16:13:34 | django.db.connection.cursor | sql_injection.py:15:9:15:12 | django.db.connection.cursor |
|
||||
| sql_injection.py:13:16:13:34 | django.db.connection.cursor | sql_injection.py:18:9:18:12 | django.db.connection.cursor |
|
||||
| sql_injection.py:19:63:19:66 | externally controlled string | sql_injection.py:19:13:19:66 | externally controlled string |
|
||||
| sql_injection.py:22:9:22:20 | django.db.models.Model.objects | sql_injection.py:22:9:22:93 | django.db.models.Model.objects |
|
||||
| sql_injection.py:22:88:22:91 | externally controlled string | sql_injection.py:22:38:22:91 | externally controlled string |
|
||||
| sql_injection.py:23:9:23:20 | django.db.models.Model.objects | sql_injection.py:23:9:23:80 | django.db.models.Model.objects |
|
||||
| sql_injection.py:23:76:23:79 | externally controlled string | sql_injection.py:23:26:23:79 | externally controlled string |
|
||||
| sql_injection.py:24:9:24:20 | django.db.models.Model.objects | sql_injection.py:24:9:24:82 | django.db.models.Model.objects |
|
||||
| sql_injection.py:24:78:24:81 | externally controlled string | sql_injection.py:24:28:24:81 | externally controlled string |
|
||||
parents
|
||||
#select
|
||||
| sql_injection.py:19:13:19:66 | db.connection.execute | sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:19:13:19:66 | Taint externally controlled string at sql_injection.py:19 | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
|
||||
| sql_injection.py:22:38:22:91 | django.db.models.expressions.RawSQL(sink,...) | sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:22:38:22:91 | Taint externally controlled string at sql_injection.py:22 | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
|
||||
| sql_injection.py:23:26:23:79 | django.models.QuerySet.raw(sink,...) | sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:23:26:23:79 | Taint externally controlled string at sql_injection.py:23 | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
|
||||
| sql_injection.py:24:28:24:81 | django.models.QuerySet.extra(sink,...) | sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:24:28:24:81 | Taint externally controlled string at sql_injection.py:24 | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
|
||||
| sql_injection.py:19:13:19:66 | db.connection.execute | sql_injection.py:9:15:9:21 | django.request.HttpRequest | sql_injection.py:19:13:19:66 | externally controlled string | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
|
||||
| sql_injection.py:22:38:22:91 | django.db.models.expressions.RawSQL(sink,...) | sql_injection.py:9:15:9:21 | django.request.HttpRequest | sql_injection.py:22:38:22:91 | externally controlled string | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
|
||||
| sql_injection.py:23:26:23:79 | django.models.QuerySet.raw(sink,...) | sql_injection.py:9:15:9:21 | django.request.HttpRequest | sql_injection.py:23:26:23:79 | externally controlled string | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
|
||||
| sql_injection.py:24:28:24:81 | django.models.QuerySet.extra(sink,...) | sql_injection.py:9:15:9:21 | django.request.HttpRequest | sql_injection.py:24:28:24:81 | externally controlled string | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
edges
|
||||
| code_injection.py:4:20:4:26 | Taint django.request.HttpRequest at code_injection.py:4 | code_injection.py:5:8:5:14 | Taint django.request.HttpRequest at code_injection.py:5 |
|
||||
| code_injection.py:4:20:4:26 | Taint django.request.HttpRequest at code_injection.py:4 | code_injection.py:6:22:6:28 | Taint django.request.HttpRequest at code_injection.py:6 |
|
||||
| code_injection.py:6:22:6:28 | Taint django.request.HttpRequest at code_injection.py:6 | code_injection.py:6:22:6:33 | Taint django.http.request.QueryDict at code_injection.py:6 |
|
||||
| code_injection.py:6:22:6:33 | Taint django.http.request.QueryDict at code_injection.py:6 | code_injection.py:6:22:6:55 | Taint externally controlled string at code_injection.py:6 |
|
||||
| code_injection.py:6:22:6:55 | Taint externally controlled string at code_injection.py:6 | code_injection.py:7:34:7:43 | Taint externally controlled string at code_injection.py:7 |
|
||||
| code_injection.py:7:34:7:43 | Taint externally controlled string at code_injection.py:7 | ../lib/base64.py:1:18:1:18 | Taint externally controlled string at ../lib/base64.py:1 |
|
||||
| code_injection.py:7:34:7:43 | Taint externally controlled string at code_injection.py:7 | code_injection.py:7:14:7:44 | Taint externally controlled string at code_injection.py:7 |
|
||||
| code_injection.py:4:20:4:26 | django.request.HttpRequest | code_injection.py:5:8:5:14 | django.request.HttpRequest |
|
||||
| code_injection.py:4:20:4:26 | django.request.HttpRequest | code_injection.py:6:22:6:28 | django.request.HttpRequest |
|
||||
| code_injection.py:6:22:6:28 | django.request.HttpRequest | code_injection.py:6:22:6:33 | django.http.request.QueryDict |
|
||||
| code_injection.py:6:22:6:33 | django.http.request.QueryDict | code_injection.py:6:22:6:55 | externally controlled string |
|
||||
| code_injection.py:6:22:6:55 | externally controlled string | code_injection.py:7:34:7:43 | externally controlled string |
|
||||
| code_injection.py:7:34:7:43 | externally controlled string | ../lib/base64.py:1:18:1:18 | externally controlled string |
|
||||
| code_injection.py:7:34:7:43 | externally controlled string | code_injection.py:7:14:7:44 | externally controlled string |
|
||||
parents
|
||||
| ../lib/base64.py:1:18:1:18 | Taint externally controlled string at ../lib/base64.py:1 | code_injection.py:7:34:7:43 | Taint externally controlled string at code_injection.py:7 |
|
||||
| ../lib/base64.py:1:18:1:18 | externally controlled string | code_injection.py:7:34:7:43 | externally controlled string |
|
||||
#select
|
||||
| code_injection.py:7:14:7:44 | exec or eval | code_injection.py:4:20:4:26 | Taint django.request.HttpRequest at code_injection.py:4 | code_injection.py:7:14:7:44 | Taint externally controlled string at code_injection.py:7 | $@ flows to here and is interpreted as code. | code_injection.py:4:20:4:26 | Django request source | User-provided value |
|
||||
| code_injection.py:7:14:7:44 | exec or eval | code_injection.py:4:20:4:26 | django.request.HttpRequest | code_injection.py:7:14:7:44 | externally controlled string | $@ flows to here and is interpreted as code. | code_injection.py:4:20:4:26 | Django request source | User-provided value |
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
edges
|
||||
| test.py:33:15:33:36 | Taint exception.info at test.py:33 | test.py:34:29:34:31 | Taint exception.info at test.py:34 |
|
||||
| test.py:34:29:34:31 | Taint exception.info at test.py:34 | test.py:36:18:36:20 | Taint exception.info at test.py:36 |
|
||||
| test.py:36:18:36:20 | Taint exception.info at test.py:36 | test.py:37:25:37:27 | Taint exception.info at test.py:37 |
|
||||
| test.py:37:12:37:27 | Taint exception.info at test.py:37 | test.py:34:16:34:32 | Taint exception.info at test.py:34 |
|
||||
| test.py:37:25:37:27 | Taint exception.info at test.py:37 | test.py:37:12:37:27 | Taint exception.info at test.py:37 |
|
||||
| test.py:33:15:33:36 | exception info | test.py:34:29:34:31 | exception info |
|
||||
| test.py:34:29:34:31 | exception info | test.py:36:18:36:20 | exception info |
|
||||
| test.py:36:18:36:20 | exception info | test.py:37:25:37:27 | exception info |
|
||||
| test.py:37:12:37:27 | exception info | test.py:34:16:34:32 | exception info |
|
||||
| test.py:37:25:37:27 | exception info | test.py:37:12:37:27 | exception info |
|
||||
parents
|
||||
| test.py:36:18:36:20 | Taint exception.info at test.py:36 | test.py:34:29:34:31 | Taint exception.info at test.py:34 |
|
||||
| test.py:36:18:36:20 | exception info | test.py:34:29:34:31 | exception info |
|
||||
#select
|
||||
| test.py:16:16:16:37 | flask.routed.response | test.py:16:16:16:37 | Taint exception.info at test.py:16 | test.py:16:16:16:37 | Taint exception.info at test.py:16 | $@ may be exposed to an external user | test.py:16:16:16:37 | exception.info.source | Error information |
|
||||
| test.py:34:16:34:32 | flask.routed.response | test.py:33:15:33:36 | Taint exception.info at test.py:33 | test.py:34:16:34:32 | Taint exception.info at test.py:34 | $@ may be exposed to an external user | test.py:33:15:33:36 | exception.info.source | Error information |
|
||||
| test.py:16:16:16:37 | flask.routed.response | test.py:16:16:16:37 | exception info | test.py:16:16:16:37 | exception info | $@ may be exposed to an external user | test.py:16:16:16:37 | exception.info.source | Error information |
|
||||
| test.py:34:16:34:32 | flask.routed.response | test.py:33:15:33:36 | exception info | test.py:34:16:34:32 | exception info | $@ may be exposed to an external user | test.py:33:15:33:36 | exception.info.source | Error information |
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
edges
|
||||
| test.py:11:15:11:26 | Taint {externally controlled string} at test.py:11 | test.py:11:15:11:41 | Taint externally controlled string at test.py:11 |
|
||||
| test.py:11:15:11:41 | Taint externally controlled string at test.py:11 | test.py:12:18:12:24 | Taint externally controlled string at test.py:12 |
|
||||
| test.py:11:15:11:41 | Taint externally controlled string at test.py:11 | test.py:13:15:13:21 | Taint externally controlled string at test.py:13 |
|
||||
| test.py:11:15:11:41 | Taint externally controlled string at test.py:11 | test.py:14:19:14:25 | Taint externally controlled string at test.py:14 |
|
||||
| test.py:13:15:13:21 | Taint externally controlled string at test.py:13 | ../lib/yaml.py:1:10:1:10 | Taint externally controlled string at ../lib/yaml.py:1 |
|
||||
| test.py:11:15:11:26 | dict of externally controlled string | test.py:11:15:11:41 | externally controlled string |
|
||||
| test.py:11:15:11:41 | externally controlled string | test.py:12:18:12:24 | externally controlled string |
|
||||
| test.py:11:15:11:41 | externally controlled string | test.py:13:15:13:21 | externally controlled string |
|
||||
| test.py:11:15:11:41 | externally controlled string | test.py:14:19:14:25 | externally controlled string |
|
||||
| test.py:13:15:13:21 | externally controlled string | ../lib/yaml.py:1:10:1:10 | externally controlled string |
|
||||
parents
|
||||
| ../lib/yaml.py:1:10:1:10 | Taint externally controlled string at ../lib/yaml.py:1 | test.py:13:15:13:21 | Taint externally controlled string at test.py:13 |
|
||||
| ../lib/yaml.py:1:10:1:10 | externally controlled string | test.py:13:15:13:21 | externally controlled string |
|
||||
#select
|
||||
| test.py:12:18:12:24 | unpickling untrusted data | test.py:11:15:11:26 | Taint {externally controlled string} at test.py:11 | test.py:12:18:12:24 | Taint externally controlled string at test.py:12 | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
|
||||
| test.py:13:15:13:21 | yaml.load vulnerability | test.py:11:15:11:26 | Taint {externally controlled string} at test.py:11 | test.py:13:15:13:21 | Taint externally controlled string at test.py:13 | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
|
||||
| test.py:14:19:14:25 | unmarshaling vulnerability | test.py:11:15:11:26 | Taint {externally controlled string} at test.py:11 | test.py:14:19:14:25 | Taint externally controlled string at test.py:14 | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
|
||||
| test.py:12:18:12:24 | unpickling untrusted data | test.py:11:15:11:26 | dict of externally controlled string | test.py:12:18:12:24 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
|
||||
| test.py:13:15:13:21 | yaml.load vulnerability | test.py:11:15:11:26 | dict of externally controlled string | test.py:13:15:13:21 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
|
||||
| test.py:14:19:14:25 | unmarshaling vulnerability | test.py:11:15:11:26 | dict of externally controlled string | test.py:14:19:14:25 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
edges
|
||||
| test.py:7:22:7:33 | Taint {externally controlled string} at test.py:7 | test.py:7:22:7:51 | Taint externally controlled string at test.py:7 |
|
||||
| test.py:7:22:7:51 | Taint externally controlled string at test.py:7 | test.py:8:21:8:26 | Taint externally controlled string at test.py:8 |
|
||||
| test.py:8:21:8:26 | Taint externally controlled string at test.py:8 | ../lib/flask/__init__.py:11:14:11:21 | Taint externally controlled string at ../lib/flask/__init__.py:11 |
|
||||
| test.py:15:17:15:28 | Taint {externally controlled string} at test.py:15 | test.py:15:17:15:42 | Taint externally controlled string at test.py:15 |
|
||||
| test.py:15:17:15:42 | Taint externally controlled string at test.py:15 | test.py:17:13:17:21 | Taint externally controlled string at test.py:17 |
|
||||
| test.py:7:22:7:33 | dict of externally controlled string | test.py:7:22:7:51 | externally controlled string |
|
||||
| test.py:7:22:7:51 | externally controlled string | test.py:8:21:8:26 | externally controlled string |
|
||||
| test.py:8:21:8:26 | externally controlled string | ../lib/flask/__init__.py:11:14:11:21 | externally controlled string |
|
||||
| test.py:15:17:15:28 | dict of externally controlled string | test.py:15:17:15:42 | externally controlled string |
|
||||
| test.py:15:17:15:42 | externally controlled string | test.py:17:13:17:21 | externally controlled string |
|
||||
parents
|
||||
| ../lib/flask/__init__.py:11:14:11:21 | Taint externally controlled string at ../lib/flask/__init__.py:11 | test.py:8:21:8:26 | Taint externally controlled string at test.py:8 |
|
||||
| ../lib/flask/__init__.py:11:14:11:21 | externally controlled string | test.py:8:21:8:26 | externally controlled string |
|
||||
#select
|
||||
| test.py:8:21:8:26 | flask.redirect | test.py:7:22:7:33 | Taint {externally controlled string} at test.py:7 | test.py:8:21:8:26 | Taint externally controlled string at test.py:8 | Untrusted URL redirection due to $@. | test.py:7:22:7:33 | flask.request.args | a user-provided value |
|
||||
| test.py:8:21:8:26 | flask.redirect | test.py:7:22:7:33 | dict of externally controlled string | test.py:8:21:8:26 | externally controlled string | Untrusted URL redirection due to $@. | test.py:7:22:7:33 | flask.request.args | a user-provided value |
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче