hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Specify vulnerable args instead of safe ones

Browse Source
This commit is contained in:
Owen Mansel-Chan
2026-01-30 14:10:03 +00:00
parent a3885cd8b2
commit 0222159df5
3 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python/ql/lib/semmle/python/frameworks/Flask.qll
View File

@@ -625,10 +625,11 @@ module Flask {
result = this.getArgByName(["directory", "filename"])
}
override DataFlow::Node getASafePathArgument() {
// as described in the docs, the `filename` argument is restrained to be within
override DataFlow::Node getAVulnerablePathArgument() {
result = this.getAPathArgument() and
// as described in the docs, the `filename` argument is restricted to be within
// the provided directory, so is not exposed to path-injection.
result in [this.getArg(1), this.getArgByName("filename")]
not result in [this.getArg(1), this.getArgByName("filename")]
}
}