A data-flow node that decodes data from a binary or textual format. This is intended to include deserialization, unmarshalling, decoding, unpickling, decompressing, decrypting, parsing etc.
A decoding (automatically) preserves taint from input to output. However, it can also be a problem in itself, for example if it allows code execution or could result in denial-of-service.
Extend this class to model new APIs. If you want to refine existing API models,
extend Decoding
instead.
Import path
import semmle.python.Concepts
Direct supertypes
Indirect supertypes
Known direct subtypes
Predicates
getAnInput | Gets an input that is decoded by this function. |
getFormat | Gets an identifier for the format this function decodes from, such as “JSON”. |
getOutput | Gets the output that contains the decoded data produced by this function. |
mayExecuteInput | Holds if this call may execute code embedded in its input. |
Inherited predicates
asCfgNode | Gets the control-flow node corresponding to this node, if any. | from Node |
asExpr | Gets the expression corresponding to this node, if any. | from Node |
getALocalSource | Gets a local source node from which data may flow to this node in zero or more local data-flow steps. | from Node |
getEnclosingCallable | Gets the enclosing callable of this node. | from Node |
getLocation | Gets the location of this node | from Node |
getScope | Gets the scope of this node. | from Node |
hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
toString | Gets a textual representation of this element. | from Node |