CodeQL library for Python
codeql/python-all 0.12.1 (changelog, source)
Search

Module PathInjectionConfig

This configuration uses two flow states, NotNormalized and NormalizedUnchecked, to track the requirement that a file path must be first normalized and then checked before it is safe to use.

At sources, paths are assumed not normalized. At normalization points, they change state to NormalizedUnchecked after which they can be made safe by an appropriate check of the prefix.

Such checks are ineffective in the NotNormalized state.

Import path

import semmle.python.security.dataflow.PathInjectionQuery

Predicates

isAdditionalFlowStep

Holds if data may flow from node1 to node2 in addition to the normal data-flow steps. This step is only applicable in state1 and updates the flow state to state2.

isBarrier

Holds if data flow through node is prohibited. This completely removes node from the data flow graph.

isBarrier

Holds if data flow through node is prohibited when the flow state is state.

isSink

Holds if sink is a relevant data flow sink accepting state.

isSource

Holds if source is a relevant data flow source with the given initial state.