Skip to content

Commit

Permalink
Python: Pycurl SSL Disabled
Browse files Browse the repository at this point in the history
  • Loading branch information
porcupineyhairs committed Jun 21, 2024
1 parent db76896 commit 01c58d2
Showing 1 changed file with 16 additions and 3 deletions.
19 changes: 16 additions & 3 deletions python/ql/lib/semmle/python/frameworks/Pycurl.qll
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,14 @@ module Pycurl {
/** Gets a reference to an instance of `pycurl.Curl`. */
private API::Node instance() { result = classRef().getReturn() }

/** Gets a reference to an instance of `pycurl.Curl.setopt`. */
private API::Node setopt() { result = instance().getMember("setopt") }

/** Gets a reference to an instance of `pycurl.Curl.SSL_VERIFYPEER`. */
private API::Node sslverifypeer() {
result = API::moduleImport("pycurl").getMember("SSL_VERIFYPEER")
}

/**
* When the first parameter value of the `setopt` function is set to `pycurl.URL`,
* the second parameter value is the request resource link.
Expand All @@ -45,7 +53,7 @@ module Pycurl {
*/
private class OutgoingRequestCall extends Http::Client::Request::Range, DataFlow::CallCfgNode {
OutgoingRequestCall() {
this = instance().getMember("setopt").getACall() and
this = setopt().getACall() and
this.getArg(0).asCfgNode().(AttrNode).getName() = "URL"
}

Expand All @@ -58,8 +66,13 @@ module Pycurl {
override predicate disablesCertificateValidation(
DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
) {
// TODO: Look into disabling certificate validation
none()
exists(API::CallNode c |
c = setopt().getACall() and
sslverifypeer().getAValueReachableFromSource() = c.getArg(0) and
exists(IntegerLiteral i | i.getN() = "0" and c.getArg(1).asExpr() = i)
|
disablingNode = c and argumentOrigin = c.getArg(1)
)
}
}
}
Expand Down

0 comments on commit 01c58d2

Please sign in to comment.