Description
Hi,
I am analysing python code in terms of vulnerability CWE-502 and am running query UnsafeDeserialization.ql for this purpose. Now I would like to adapt the query to extend to more sources of untrusted data, namely:
- I would like to mark local files as untrusted, marking the following example as vulnerable:
import yaml
def unsafe_load(filename):
with open(filename) as untrusted:
return yaml.load(untrusted)
- I would like to mark function parameters as untrusted, marking the following example as vulnerable:
import yaml
def unsafe_load(untrusted):
return yaml.load(untrusted)
I am new to codeQL and after studying the documentation on how to write codeQL queries in Python and the codeQL repository, I am still not sure how and where I could extend the configuration to add these two sources. Based on analyzing-data-flow-in-python it seems that I can use Concepts::FileSystemAccess and DataFlow::ParameterNode to model the sources and that I need to append them to the isSource predicate in the configuration. However, I am not sure what the current sources are based on semmle.python.security.dataflow.UnsafeDeserializationQuery in UnsafeDeserializationQuery.qll and if there is any additional modification step that I need to take to run the new query.
Any help or clarifications would be greatly appreciated!