Skip to content

Docs: fix taint tracking query #20620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Docs: fix taint tracking query #20620

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6b28575
Fix taint tracking query
sylwia-budzynska Oct 9, 2025
039d9cb
Fix typo
owen-mc Oct 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,11 @@ This query shows a data flow configuration that uses all network input as data s

.. code-block:: ql

/**
* @kind path-problem
* @problem.severity warning
* @id filesystemaccess
*/
import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
Expand All @@ -319,11 +324,13 @@ This query shows a data flow configuration that uses all network input as data s
}
}

import RemoteToFileFlow::PathGraph

module RemoteToFileFlow = TaintTracking::Global<RemoteToFileConfiguration>;
Comment on lines +327 to 329
Copy link
Contributor

@owen-mc owen-mc Oct 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I normally put these two lines the other way round, so you define the module above where you import its submodule.

Suggested change
import RemoteToFileFlow::PathGraph
module RemoteToFileFlow = TaintTracking::Global<RemoteToFileConfiguration>;
module RemoteToFileFlow = TaintTracking::Global<RemoteToFileConfiguration>;
import RemoteToFileFlow::PathGraph

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did a quick search for Go and python and the import comes after the module in all the cases I looked at (where they're both in the same file).


from DataFlow::Node input, DataFlow::Node fileAccess
where RemoteToFileFlow::flow(input, fileAccess)
select fileAccess, "This file access uses data from $@.",
from RemoteToFileFlow::PathNode input, RemoteToFileFlow::PathNode fileAccess
where RemoteToFileFlow::flowPath(input, fileAccess)
select fileAccess.getNode(), input, fileAccess, "This file access uses data from $@.",
input, "user-controllable input."

This data flow configuration tracks data flow from environment variables to opening files:
Expand Down