Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(python): handle reflexive methods #1622

Merged
merged 3 commits into from
Jun 5, 2024
Merged

fix(python): handle reflexive methods #1622

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a7eb2ed
fix(python): handle reflexive methods
elsapet May 22, 2024
898a571
fix: handle identifier case (import)
elsapet Jun 5, 2024
dc3e07d
fix: update snapshots following analyzer changes
elsapet Jun 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions pkg/languages/python/.snapshots/TestFlow--flow.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,4 +55,32 @@ high:
parent_line_number: 7
fingerprint: 22039dd750c8bd604904ee9f5bc626f0_1
old_fingerprint: 22039dd750c8bd604904ee9f5bc626f0_1
- rule:
cwe_ids:
- "42"
id: flow_test
title: Test dataflow and variables
description: Test dataflow and variables
documentation_url: ""
line_number: 13
full_filename: flow.py
filename: flow.py
source:
location:
start: 13
end: 13
column:
start: 5
end: 19
sink:
location:
start: 13
end: 13
column:
start: 5
end: 19
content: ""
parent_line_number: 13
fingerprint: 22039dd750c8bd604904ee9f5bc626f0_2
old_fingerprint: 22039dd750c8bd604904ee9f5bc626f0_2

25 changes: 21 additions & 4 deletions pkg/languages/python/analyzer/analyzer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,13 @@ import (
"github.com/bearer/bearer/pkg/scanner/language"
)

var reflexiveMethods = []string{
"decode",
"encode",
"format",
"replace",
}

type analyzer struct {
builder *tree.Builder
scope *language.Scope
Expand All @@ -23,7 +30,7 @@ func New(builder *tree.Builder) language.Analyzer {

func (analyzer *analyzer) Analyze(node *sitter.Node, visitChildren func() error) error {
switch node.Type() {
case "class_definition", "block", "function_definition":
case "class_definition", "function_definition":
return analyzer.withScope(language.NewScope(analyzer.scope), func() error {
return visitChildren()
})
Expand Down Expand Up @@ -100,10 +107,20 @@ func (analyzer *analyzer) analyzeAssignment(node *sitter.Node, visitChildren fun

// foo.bar(a, b)
func (analyzer *analyzer) analyzeCall(node *sitter.Node, visitChildren func() error) error {
if receiver := node.ChildByFieldName("function"); receiver != nil {
analyzer.lookupVariable(receiver)
if function := node.ChildByFieldName("function"); function != nil {
object := function.ChildByFieldName("object")
analyzer.lookupVariable(object)

analyzer.builder.Dataflow(node, receiver)
if function.Type() == "identifier" {
analyzer.builder.Dataflow(node, object)
}

if function.Type() == "attribute" {
attribute := function.ChildByFieldName("attribute")
if attribute.Type() == "identifier" && slices.Contains(reflexiveMethods, analyzer.builder.ContentFor(attribute)) {
analyzer.builder.Dataflow(node, object)
}
}
}

if argumentsNode := node.ChildByFieldName("arguments"); argumentsNode != nil {
Expand Down
13 changes: 10 additions & 3 deletions pkg/languages/python/detectors/.snapshots/TestPythonObjects-object_class
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ children:
- type: block
id: 5
range: 2:5 - 8:33
dataflow_sources:
- 6
- 40
elsapet marked this conversation as resolved.
Show resolved Hide resolved
children:
- type: function_definition
id: 6
Expand Down Expand Up @@ -95,6 +98,9 @@ children:
- type: block
id: 23
range: 3:9 - 4:27
dataflow_sources:
- 24
- 32
children:
- type: expression_statement
id: 24
Expand Down Expand Up @@ -211,6 +217,9 @@ children:
- type: block
id: 48
range: 7:9 - 8:33
dataflow_sources:
- 49
- 62
children:
- type: expression_statement
id: 49
Expand All @@ -222,7 +231,6 @@ children:
id: 50
range: 7:9 - 7:33
dataflow_sources:
- 51
- 55
children:
- type: attribute
Expand Down Expand Up @@ -289,7 +297,7 @@ children:
id: 63
range: 8:9 - 8:33
dataflow_sources:
- 64
- 0
- 65
children:
- type: identifier
Expand All @@ -311,7 +319,6 @@ children:
id: 67
range: 8:15 - 8:32
dataflow_sources:
- 68
- 75
children:
- type: attribute
Expand Down
1 change: 0 additions & 1 deletion pkg/languages/python/detectors/.snapshots/TestPythonObjects-object_no_class
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ children:
id: 2
range: 1:1 - 1:12
dataflow_sources:
- 3
- 7
children:
- type: attribute
Expand Down
10 changes: 10 additions & 0 deletions pkg/languages/python/detectors/.snapshots/TestPythonString-string
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ children:
- type: block
id: 5
range: 2:5 - 12:31
dataflow_sources:
- 6
- 13
children:
- type: expression_statement
id: 6
Expand Down Expand Up @@ -89,6 +92,13 @@ children:
- type: block
id: 21
range: 5:9 - 12:31
dataflow_sources:
- 22
- 35
- 42
- 49
- 58
- 65
children:
- type: expression_statement
id: 22
Expand Down
14 changes: 13 additions & 1 deletion pkg/languages/python/testdata/flow/flow.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,22 @@
def with_statement():
with source() as value, other:
cursor_sink(value)

def for_statement():
for value in source():
result_sink(value)
cursor_sink(value) # no match

def reflexive_methods():
s = source()
x = s.format("hello")
result_sink(x)
cursor_sink(x) # no match

def non_reflexive_methods():
s = source()
x = s.my_method("hello")
result_sink(x) # no match
cursor_sink(x) # no match

cursor_sink(value) # no match
Loading