Class Decoding
A data-flow node that decodes data from a binary or textual format. This is intended to include deserialization, unmarshalling, decoding, unpickling, decompressing, decrypting, parsing etc.
A decoding (automatically) preserves taint from input to output. However, it can also be a problem in itself, for example if it allows code execution or could result in denial-of-service.
Extend this class to refine existing API models. If you want to model new APIs,
extend Decoding::Range instead.
Import path
import semmle.python.ConceptsDirect supertypes
Indirect supertypes
Known direct subtypes
Predicates
| getAnInput | Gets an input that is decoded by this function. |
| getFormat | Gets an identifier for the format this function decodes from, such as “JSON”. |
| getOutput | Gets the output that contains the decoded data produced by this function. |
| mayExecuteInput | Holds if this call may execute code embedded in its input. |
Inherited predicates
| asCfgNode | Gets the control-flow node corresponding to this node, if any. | from Node |
| asExpr | Gets the expression corresponding to this node, if any. | from Node |
| asVar | Gets the ESSA variable corresponding to this node, if any. | from Node |
| getALocalSource | Gets a local source node from which data may flow to this node in zero or more local data-flow steps. | from Node |
| getEnclosingCallable | Gets the enclosing callable of this node. | from Node |
| getLocation | Gets the location of this node | from Node |
| getScope | Gets the scope of this node. | from Node |
| hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
| toString | Gets a textual representation of this element. | from Node |