🌐 AI搜索 & 代理 主页
Skip to content

Python: MaD barriers #21004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
yoff wants to merge 17 commits into
base: main
Choose a base branch
from
Draft

Python: MaD barriers #21004

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
d8325c2
Java: Basic support for pass-through barrier models.
aschackmull Dec 8, 2025
6d4a86e
Java: Add support for boolean MaD barrier guards.
aschackmull Dec 9, 2025
4d74d18
Java: Add empty extensible data.
aschackmull Dec 9, 2025
6eae43a
Convert trust boundary violation barrier and barrier guard to MaD
owen-mc Dec 9, 2025
1586f00
Convert path injection barrier to MaD
owen-mc Dec 9, 2025
063ce9b
Add dummy instantiations for other languages.
aschackmull Dec 9, 2025
cec0f73
Convert request forgery barrier guard to MaD
owen-mc Dec 9, 2025
befccac
Convert XSS barrier to MaD
owen-mc Dec 9, 2025
8da742a
Convert regex injection barrier to MaD
owen-mc Dec 9, 2025
872f3b0
python: remove barrier that can be expressed in MaD
yoff Dec 10, 2025
578b835
python: add machinery for MaD barriers
yoff Dec 10, 2025
546c22f
python: add qldoc
yoff Dec 11, 2025
8fb23fc
all: sync API graph files
yoff Dec 11, 2025
a5213a7
js/ruby: add empty models
yoff Dec 11, 2025
0a6a7ec
python: centralize external barrier guard definition
yoff Dec 11, 2025
c016b66
python: add qldoc
yoff Dec 11, 2025
bb141ab
python: MaD expectations
yoff Dec 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Convert regex injection barrier to MaD
  • Loading branch information
@owen-mc @aschackmull
owen-mc authored and aschackmull committed Dec 11, 2025
commit 8da742a3da2f91d4db68bf45bae93aa01f7d41d9
5 changes: 5 additions & 0 deletions java/ql/lib/ext/java.util.regex.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@ extensions:
- ["java.util.regex", "Pattern", False, "split", "(CharSequence)", "", "Argument[this]", "regex-use[0]", "manual"]
- ["java.util.regex", "Pattern", False, "split", "(CharSequence,int)", "", "Argument[this]", "regex-use[0]", "manual"]
- ["java.util.regex", "Pattern", False, "splitAsStream", "(CharSequence)", "", "Argument[this]", "regex-use[0]", "manual"]
- addsTo:
pack: codeql/java-all
extensible: barrierModel
data:
- ["java.util.regex", "Pattern", False, "quote", "(String)", "", "ReturnValue", "regex-use", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
Expand Down
13 changes: 2 additions & 11 deletions java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,8 @@ private class DefaultRegexInjectionSink extends RegexInjectionSink {
}
}

/**
* A call to the `Pattern.quote` method, which gives metacharacters or escape sequences
* no special meaning.
*/
private class PatternQuoteCall extends RegexInjectionSanitizer {
PatternQuoteCall() {
exists(MethodCall ma, Method m | m = ma.getMethod() |
ma.getArgument(0) = this.asExpr() and
m instanceof PatternQuoteMethod
)
}
private class DefaultRegexInjectionSanitizer extends RegexInjectionSanitizer {
DefaultRegexInjectionSanitizer() { barrierNode(this, "regex-use") }
}

/**
Expand Down
Loading