@@ -1142,118 +1142,118 @@ private module Stdlib {
11421142 )
11431143 }
11441144 }
1145- }
11461145
1147- // ---------------------------------------------------------------------------
1148- // hashlib
1149- // ---------------------------------------------------------------------------
1150- /** Gets a call to `hashlib.new` with `algorithmName` as the first argument. */
1151- private DataFlow:: CallCfgNode hashlibNewCall ( string algorithmName ) {
1152- exists ( DataFlow:: Node nameArg |
1153- result = API:: moduleImport ( "hashlib" ) .getMember ( "new" ) .getACall ( ) and
1154- nameArg in [ result .getArg ( 0 ) , result .getArgByName ( "name" ) ] and
1155- exists ( StrConst str |
1156- nameArg .getALocalSource ( ) = DataFlow:: exprNode ( str ) and
1157- algorithmName = str .getText ( )
1146+ // ---------------------------------------------------------------------------
1147+ // hashlib
1148+ // ---------------------------------------------------------------------------
1149+ /** Gets a call to `hashlib.new` with `algorithmName` as the first argument. */
1150+ private DataFlow:: CallCfgNode hashlibNewCall ( string algorithmName ) {
1151+ exists ( DataFlow:: Node nameArg |
1152+ result = API:: moduleImport ( "hashlib" ) .getMember ( "new" ) .getACall ( ) and
1153+ nameArg in [ result .getArg ( 0 ) , result .getArgByName ( "name" ) ] and
1154+ exists ( StrConst str |
1155+ nameArg .getALocalSource ( ) = DataFlow:: exprNode ( str ) and
1156+ algorithmName = str .getText ( )
1157+ )
11581158 )
1159- )
1160- }
1161-
1162- /** Gets a reference to the result of calling `hashlib.new` with `algorithmName` as the first argument. */
1163- private DataFlow:: LocalSourceNode hashlibNewResult ( DataFlow:: TypeTracker t , string algorithmName ) {
1164- t .start ( ) and
1165- result = hashlibNewCall ( algorithmName )
1166- or
1167- exists ( DataFlow:: TypeTracker t2 | result = hashlibNewResult ( t2 , algorithmName ) .track ( t2 , t ) )
1168- }
1169-
1170- /** Gets a reference to the result of calling `hashlib.new` with `algorithmName` as the first argument. */
1171- DataFlow:: Node hashlibNewResult ( string algorithmName ) {
1172- hashlibNewResult ( DataFlow:: TypeTracker:: end ( ) , algorithmName ) .flowsTo ( result )
1173- }
1159+ }
11741160
1175- /**
1176- * A hashing operation by supplying initial data when calling the `hashlib.new` function.
1177- */
1178- class HashlibNewCall extends Cryptography:: CryptographicOperation:: Range , DataFlow:: CallCfgNode {
1179- string hashName ;
1161+ /** Gets a reference to the result of calling `hashlib.new` with `algorithmName` as the first argument. */
1162+ private DataFlow:: LocalSourceNode hashlibNewResult ( DataFlow:: TypeTracker t , string algorithmName ) {
1163+ t .start ( ) and
1164+ result = hashlibNewCall ( algorithmName )
1165+ or
1166+ exists ( DataFlow:: TypeTracker t2 | result = hashlibNewResult ( t2 , algorithmName ) .track ( t2 , t ) )
1167+ }
11801168
1181- HashlibNewCall ( ) {
1182- this = hashlibNewCall ( hashName ) and
1183- exists ( [ this . getArg ( 1 ) , this . getArgByName ( "data" ) ] )
1169+ /** Gets a reference to the result of calling `hashlib.new` with `algorithmName` as the first argument. */
1170+ DataFlow :: Node hashlibNewResult ( string algorithmName ) {
1171+ hashlibNewResult ( DataFlow :: TypeTracker :: end ( ) , algorithmName ) . flowsTo ( result )
11841172 }
11851173
1186- override Cryptography:: CryptographicAlgorithm getAlgorithm ( ) { result .matchesName ( hashName ) }
1174+ /**
1175+ * A hashing operation by supplying initial data when calling the `hashlib.new` function.
1176+ */
1177+ class HashlibNewCall extends Cryptography:: CryptographicOperation:: Range , DataFlow:: CallCfgNode {
1178+ string hashName ;
11871179
1188- override DataFlow:: Node getAnInput ( ) { result in [ this .getArg ( 1 ) , this .getArgByName ( "data" ) ] }
1189- }
1180+ HashlibNewCall ( ) {
1181+ this = hashlibNewCall ( hashName ) and
1182+ exists ( [ this .getArg ( 1 ) , this .getArgByName ( "data" ) ] )
1183+ }
11901184
1191- /**
1192- * A hashing operation by using the `update` method on the result of calling the `hashlib.new` function.
1193- */
1194- class HashlibNewUpdateCall extends Cryptography:: CryptographicOperation:: Range ,
1195- DataFlow:: CallCfgNode {
1196- string hashName ;
1197-
1198- HashlibNewUpdateCall ( ) {
1199- exists ( DataFlow:: AttrRead attr |
1200- attr .getObject ( ) = hashlibNewResult ( hashName ) and
1201- this .getFunction ( ) = attr and
1202- attr .getAttributeName ( ) = "update"
1203- )
1185+ override Cryptography:: CryptographicAlgorithm getAlgorithm ( ) { result .matchesName ( hashName ) }
1186+
1187+ override DataFlow:: Node getAnInput ( ) { result in [ this .getArg ( 1 ) , this .getArgByName ( "data" ) ] }
12041188 }
12051189
1206- override Cryptography:: CryptographicAlgorithm getAlgorithm ( ) { result .matchesName ( hashName ) }
1190+ /**
1191+ * A hashing operation by using the `update` method on the result of calling the `hashlib.new` function.
1192+ */
1193+ class HashlibNewUpdateCall extends Cryptography:: CryptographicOperation:: Range ,
1194+ DataFlow:: CallCfgNode {
1195+ string hashName ;
1196+
1197+ HashlibNewUpdateCall ( ) {
1198+ exists ( DataFlow:: AttrRead attr |
1199+ attr .getObject ( ) = hashlibNewResult ( hashName ) and
1200+ this .getFunction ( ) = attr and
1201+ attr .getAttributeName ( ) = "update"
1202+ )
1203+ }
12071204
1208- override DataFlow:: Node getAnInput ( ) { result = this .getArg ( 0 ) }
1209- }
1205+ override Cryptography:: CryptographicAlgorithm getAlgorithm ( ) { result .matchesName ( hashName ) }
12101206
1211- /**
1212- * A hashing operation from the `hashlib` package using one of the predefined classes
1213- * (such as `hashlib.md5`). `hashlib.new` is not included, since it is handled by
1214- * `HashlibNewCall` and `HashlibNewUpdateCall`.
1215- */
1216- abstract class HashlibGenericHashOperation extends Cryptography:: CryptographicOperation:: Range ,
1217- DataFlow:: CallCfgNode {
1218- string hashName ;
1219- API:: Node hashClass ;
1220-
1221- bindingset [ this ]
1222- HashlibGenericHashOperation ( ) {
1223- not hashName = "new" and
1224- hashClass = API:: moduleImport ( "hashlib" ) .getMember ( hashName )
1207+ override DataFlow:: Node getAnInput ( ) { result = this .getArg ( 0 ) }
12251208 }
12261209
1227- override Cryptography:: CryptographicAlgorithm getAlgorithm ( ) { result .matchesName ( hashName ) }
1228- }
1210+ /**
1211+ * A hashing operation from the `hashlib` package using one of the predefined classes
1212+ * (such as `hashlib.md5`). `hashlib.new` is not included, since it is handled by
1213+ * `HashlibNewCall` and `HashlibNewUpdateCall`.
1214+ */
1215+ abstract class HashlibGenericHashOperation extends Cryptography:: CryptographicOperation:: Range ,
1216+ DataFlow:: CallCfgNode {
1217+ string hashName ;
1218+ API:: Node hashClass ;
1219+
1220+ bindingset [ this ]
1221+ HashlibGenericHashOperation ( ) {
1222+ not hashName = "new" and
1223+ hashClass = API:: moduleImport ( "hashlib" ) .getMember ( hashName )
1224+ }
12291225
1230- /**
1231- * A hashing operation from the `hashlib` package using one of the predefined classes
1232- * (such as `hashlib.md5`), by calling its' `update` mehtod.
1233- */
1234- class HashlibHashClassUpdateCall extends HashlibGenericHashOperation {
1235- HashlibHashClassUpdateCall ( ) { this = hashClass .getReturn ( ) .getMember ( "update" ) .getACall ( ) }
1226+ override Cryptography:: CryptographicAlgorithm getAlgorithm ( ) { result .matchesName ( hashName ) }
1227+ }
12361228
1237- override DataFlow:: Node getAnInput ( ) { result = this .getArg ( 0 ) }
1238- }
1229+ /**
1230+ * A hashing operation from the `hashlib` package using one of the predefined classes
1231+ * (such as `hashlib.md5`), by calling its' `update` mehtod.
1232+ */
1233+ class HashlibHashClassUpdateCall extends HashlibGenericHashOperation {
1234+ HashlibHashClassUpdateCall ( ) { this = hashClass .getReturn ( ) .getMember ( "update" ) .getACall ( ) }
12391235
1240- /**
1241- * A hashing operation from the `hashlib` package using one of the predefined classes
1242- * (such as `hashlib.md5`), by passing data to when instantiating the class.
1243- */
1244- class HashlibDataPassedToHashClass extends HashlibGenericHashOperation {
1245- HashlibDataPassedToHashClass ( ) {
1246- // we only want to model calls to classes such as `hashlib.md5()` if initial data
1247- // is passed as an argument
1248- this = hashClass .getACall ( ) and
1249- exists ( [ this .getArg ( 0 ) , this .getArgByName ( "string" ) ] )
1236+ override DataFlow:: Node getAnInput ( ) { result = this .getArg ( 0 ) }
12501237 }
12511238
1252- override DataFlow:: Node getAnInput ( ) {
1253- result = this .getArg ( 0 )
1254- or
1255- // in Python 3.9, you are allowed to use `hashlib.md5(string=<bytes-like>)`.
1256- result = this .getArgByName ( "string" )
1239+ /**
1240+ * A hashing operation from the `hashlib` package using one of the predefined classes
1241+ * (such as `hashlib.md5`), by passing data to when instantiating the class.
1242+ */
1243+ class HashlibDataPassedToHashClass extends HashlibGenericHashOperation {
1244+ HashlibDataPassedToHashClass ( ) {
1245+ // we only want to model calls to classes such as `hashlib.md5()` if initial data
1246+ // is passed as an argument
1247+ this = hashClass .getACall ( ) and
1248+ exists ( [ this .getArg ( 0 ) , this .getArgByName ( "string" ) ] )
1249+ }
1250+
1251+ override DataFlow:: Node getAnInput ( ) {
1252+ result = this .getArg ( 0 )
1253+ or
1254+ // in Python 3.9, you are allowed to use `hashlib.md5(string=<bytes-like>)`.
1255+ result = this .getArgByName ( "string" )
1256+ }
12571257 }
12581258}
12591259
0 commit comments