|
1 | 1 | { |
2 | 2 | "cells": [ |
| 3 | + { |
| 4 | + "cell_type": "markdown", |
| 5 | + "id": "ad247f35-1a9d-4f3a-9788-ecdbc43b6976", |
| 6 | + "metadata": {}, |
| 7 | + "source": [ |
| 8 | + "## Setup" |
| 9 | + ] |
| 10 | + }, |
3 | 11 | { |
4 | 12 | "cell_type": "code", |
5 | 13 | "execution_count": 1, |
|
30 | 38 | "outputs": [], |
31 | 39 | "source": [ |
32 | 40 | "import python\n", |
33 | | - "import semmle.python.ApiGraphs" |
| 41 | + "import semmle.python.ApiGraphs\n", |
| 42 | + "import semmle.python.dataflow.new.RemoteFlowSources\n", |
| 43 | + "import semmle.python.dataflow.new.DataFlow" |
34 | 44 | ] |
35 | 45 | }, |
36 | 46 | { |
37 | | - "cell_type": "code", |
38 | | - "execution_count": 3, |
39 | | - "id": "c320fbe4-3ab5-4c64-94a1-52710751e9b9", |
| 47 | + "cell_type": "markdown", |
| 48 | + "id": "ee080ea9-375f-432b-8fc8-a93fa0e60910", |
40 | 49 | "metadata": {}, |
41 | | - "outputs": [ |
42 | | - { |
43 | | - "data": { |
44 | | - "text/html": [ |
45 | | - "<table border=\"1\" class=\"dataframe\">\n", |
46 | | - " <thead>\n", |
47 | | - " <tr style=\"text-align: right;\">\n", |
48 | | - " <th></th>\n", |
49 | | - " <th>col0</th>\n", |
50 | | - " <th>URL for col0</th>\n", |
51 | | - " </tr>\n", |
52 | | - " </thead>\n", |
53 | | - " <tbody>\n", |
54 | | - " <tr>\n", |
55 | | - " <th>0</th>\n", |
56 | | - " <td>ControlFlowNode for Attribute()</td>\n", |
57 | | - " <td>file:///Users/pwntester/src/github.com/github/codeql-jupyter-kernel/example/src/main.py:3:1:3:38</td>\n", |
58 | | - " </tr>\n", |
59 | | - " </tbody>\n", |
60 | | - "</table>" |
61 | | - ], |
62 | | - "text/plain": [ |
63 | | - "<IPython.core.display.HTML object>" |
64 | | - ] |
65 | | - }, |
66 | | - "metadata": {}, |
67 | | - "output_type": "display_data" |
68 | | - } |
69 | | - ], |
70 | 50 | "source": [ |
71 | | - "select API::moduleImport(\"subprocess\").getMember(\"call\").getACall()" |
| 51 | + "## Code exploration" |
| 52 | + ] |
| 53 | + }, |
| 54 | + { |
| 55 | + "cell_type": "markdown", |
| 56 | + "id": "3c305ec3-40f7-4a7e-bef6-845ae0ef0c4f", |
| 57 | + "metadata": {}, |
| 58 | + "source": [ |
| 59 | + "### Find all calls to `subprocess.call`" |
72 | 60 | ] |
73 | 61 | }, |
74 | 62 | { |
75 | 63 | "cell_type": "code", |
76 | | - "execution_count": 4, |
| 64 | + "execution_count": 3, |
77 | 65 | "id": "32c13716-39a0-43d9-8e05-25a11fcd557f", |
78 | 66 | "metadata": {}, |
79 | 67 | "outputs": [ |
|
111 | 99 | "}" |
112 | 100 | ] |
113 | 101 | }, |
| 102 | + { |
| 103 | + "cell_type": "markdown", |
| 104 | + "id": "0e37dbb8-32b5-45a0-8aa2-90a8b415c905", |
| 105 | + "metadata": {}, |
| 106 | + "source": [ |
| 107 | + "## Attack surface" |
| 108 | + ] |
| 109 | + }, |
114 | 110 | { |
115 | 111 | "cell_type": "code", |
116 | 112 | "execution_count": null, |
117 | 113 | "id": "9383863b-0f6e-4fc3-afad-b653cae62bdf", |
118 | 114 | "metadata": {}, |
119 | 115 | "outputs": [], |
120 | | - "source": [] |
| 116 | + "source": [ |
| 117 | + "query predicate attackSurface(DataFlow::Node n) { n instanceof RemoteFlowSource }" |
| 118 | + ] |
121 | 119 | } |
122 | 120 | ], |
123 | 121 | "metadata": { |
|
0 commit comments