Skip to content

Commit 6235dc5

Browse files
committed
Python: Handle find_library assignment to temp variable
1 parent 785dc1a commit 6235dc5

File tree

3 files changed

+9
-6
lines changed

3 files changed

+9
-6
lines changed

python/ql/src/experimental/Security/CWE-285/PamAuthorization.ql

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,11 @@ import experimental.semmle.python.Concepts
1414
import semmle.python.dataflow.new.TaintTracking
1515

1616
API::Node libPam() {
17-
exists(API::CallNode findLibCall, API::CallNode cdllCall, StrConst str |
17+
exists(API::CallNode findLibCall, API::CallNode cdllCall |
1818
findLibCall = API::moduleImport("ctypes.util").getMember("find_library").getACall() and
19+
findLibCall.getParameter(0).getAValueReachingRhs().asExpr().(StrConst).getText() = "pam" and
1920
cdllCall = API::moduleImport("ctypes").getMember("CDLL").getACall() and
20-
DataFlow::localFlow(DataFlow::exprNode(str), findLibCall.getArg(0)) and
21-
str.getText() = "pam" and
22-
cdllCall.getArg(0) = findLibCall
21+
cdllCall.getParameter(0).getAValueReachingRhs() = findLibCall
2322
|
2423
result = cdllCall.getReturn()
2524
)
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
| pam_test.py:44:18:44:44 | ControlFlowNode for pam_authenticate() | This PAM authentication call may be lead to an authorization bypass. |
1+
| pam_test.py:48:18:48:44 | ControlFlowNode for pam_authenticate() | This PAM authentication call may be lead to an authorization bypass. |

python/ql/test/experimental/query-tests/Security/CWE-285/pam_test.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,13 @@ class PamResponse(Structure):
1818
class PamConv(Structure):
1919
pass
2020

21-
21+
# this is normal way to do things
2222
libpam = CDLL(find_library("pam"))
2323

24+
# but we also handle assignment to temp variable
25+
temp = find_library("pam")
26+
libpam = CDLL(temp)
27+
2428
pam_start = libpam.pam_start
2529
pam_start.restype = c_int
2630
pam_start.argtypes = [c_char_p, c_char_p, POINTER(PamConv), POINTER(PamHandle)]

0 commit comments

Comments
 (0)