Class Decoding
A data-flow node that decodes data from a binary or textual format. This is intended to include deserialization, unmarshalling, decoding, unpickling, decompressing, decrypting, parsing etc.
A decoding (automatically) preserves taint from input to output. However, it can also be a problem in itself, for example if it allows code execution or could result in denial-of-service.
Extend this class to refine existing API models. If you want to model new APIs,
extend Decoding::Range instead.
Import path
import semmle.python.Concepts
Direct supertypes
Indirect supertypes
Known direct subtypes
Predicates
| getAnInput |
Gets an input that is decoded by this function. |
| getFormat |
Gets an identifier for the format this function decodes from, such as “JSON”. |
| getOutput |
Gets the output that contains the decoded data produced by this function. |
| mayExecuteInput |
Holds if this call may execute code embedded in its input. |
Inherited predicates
| asCfgNode |
Gets the control-flow node corresponding to this node, if any. |
from Node |
| asExpr |
Gets the expression corresponding to this node, if any. |
from Node |
| asVar |
Gets the ESSA variable corresponding to this node, if any. |
from Node |
| getALocalSource |
Gets a local source node from which data may flow to this node in zero or more local data-flow steps. |
from Node |
| getEnclosingCallable |
Gets the enclosing callable of this node. |
from Node |
| getLocation |
Gets the location of this node |
from Node |
| getScope |
Gets the scope of this node. |
from Node |
| hasLocationInfo |
Holds if this element is at the specified location. The location spans column |
from Node |
| toString |
Gets a textual representation of this element. |
from Node |