hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add RemoteFlowSource for django handler without route

Browse Source 
A bit scary that we don't have any tests to indicate that I forgot to add this :O
This commit is contained in:
Rasmus Wriedt Larsen
2020-12-21 17:41:46 +01:00
parent d4d6f0ca0c
commit 05ab6cd54a
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/src/semmle/python/frameworks/Django.qll
View File

@@ -1909,6 +1909,8 @@ private module Django {
RemoteFlowSource::Range, DataFlow::ParameterNode { RemoteFlowSource::Range, DataFlow::ParameterNode {
DjangoRouteHandlerRequestParam() { DjangoRouteHandlerRequestParam() {
this.getParameter() = any(DjangoRouteSetup setup).getARequestHandler().getRequestParam() this.getParameter() = any(DjangoRouteSetup setup).getARequestHandler().getRequestParam()
or
this.getParameter() = any(DjangoViewClassHandlerWithoutKnownRoute setup).getRequestParam()
} }
override string getSourceType() { result = "django.http.request.HttpRequest" } override string getSourceType() { result = "django.http.request.HttpRequest" }