hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: More Flask modeling kinda works

Browse Source 
It "kinda" works now, but it really is not a pretty solution. Adding all these
"tracked" objects is SUPER annoying... it _would_ be possible to skip them, but
that seems like it will give the wrong edges for dataflow/taintflow queries :|

A good chunk of it should be able to be removed with access-paths like C# does
for library modeling. Some of it could be solved by better type-tracking API
like API Graphs... but it seems like we generally are just lacking the
nice-to-have features like `.getAMemberCall` and the like. See
https://github.com/github/codeql/pull/4082/files#diff-9aa94c4d713ef9d8da73918ff53db774L33
This commit is contained in:
Rasmus Wriedt Larsen
2020-09-21 20:55:53 +02:00
parent 3c08590ee4
commit 00ea0cebc3
4 changed files with 212 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/ql/test/experimental/library-tests/frameworks/flask/TestTaint.expected
View File

@@ -35,11 +35,11 @@
| test.py:65 | ok | test_taint | request.data |
| test.py:68 | ok | test_taint | request.files |
| test.py:69 | ok | test_taint | request.files['key'] |
| test.py:70 | fail | test_taint | request.files['key'].filename |
| test.py:71 | fail | test_taint | request.files['key'].stream |
| test.py:72 | fail | test_taint | request.files.getlist(..) |
| test.py:73 | fail | test_taint | request.files.getlist(..)[0].filename |
| test.py:74 | fail | test_taint | request.files.getlist(..)[0].stream |
| test.py:70 | ok | test_taint | request.files['key'].filename |
| test.py:71 | ok | test_taint | request.files['key'].stream |
| test.py:72 | ok | test_taint | request.files.getlist(..) |
| test.py:73 | ok | test_taint | request.files.getlist(..)[0].filename |
| test.py:74 | ok | test_taint | request.files.getlist(..)[0].stream |
| test.py:77 | ok | test_taint | request.form |
| test.py:78 | ok | test_taint | request.form['key'] |
| test.py:79 | ok | test_taint | request.form.getlist(..) |
@@ -93,4 +93,4 @@
| test.py:177 | ok | test_taint | request.args.getlist(..) |
| test.py:178 | ok | test_taint | a.getlist(..) |
| test.py:179 | ok | test_taint | b.getlist(..) |
| test.py:180 | fail | test_taint | gl(..) |
| test.py:180 | ok | test_taint | gl(..) |