CodeQL library for Python
codeql/python-all 3.0.1-dev (changelog, source)
Search

Class Decoding

A data-flow node that decodes data from a binary or textual format. This is intended to include deserialization, unmarshalling, decoding, unpickling, decompressing, decrypting, parsing etc.

A decoding (automatically) preserves taint from input to output. However, it can also be a problem in itself, for example if it allows code execution or could result in denial-of-service.

Extend this class to refine existing API models. If you want to model new APIs, extend Decoding::Range instead.

Import path

import semmle.python.Concepts

Direct supertypes

Indirect supertypes

Known direct subtypes

Predicates

getAnInput

Gets an input that is decoded by this function.

getFormat

Gets an identifier for the format this function decodes from, such as “JSON”.

getOutput

Gets the output that contains the decoded data produced by this function.

mayExecuteInput

Holds if this call may execute code embedded in its input.

Inherited predicates

asCfgNode

Gets the control-flow node corresponding to this node, if any.

from Node
asExpr

Gets the expression corresponding to this node, if any.

from Node
getALocalSource

Gets a local source node from which data may flow to this node in zero or more local data-flow steps.

from Node
getEnclosingCallable

Gets the enclosing callable of this node.

from Node
getLocation

Gets the location of this node

from Node
getScope

Gets the scope of this node.

from Node
hasLocationInfo

Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

from Node
toString

Gets a textual representation of this element.

from Node