hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge tests and update .expected

Browse Source
This commit is contained in:
jorgectf
2021-06-28 20:13:53 +02:00
parent a5009efb4b
commit 0ca4f240d9
19 changed files with 288 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files

272
python/ql/test/experimental/query-tests/Security/CWE-943/NoSQLInjection.expected
View File

@@ -1,18 +1,18 @@
edges
| flask_mongoengine_db_document_subclass_bad.py:18:21:18:27 | ControlFlowNode for request | flask_mongoengine_db_document_subclass_bad.py:18:21:18:32 | ControlFlowNode for Attribute |
| flask_mongoengine_db_document_subclass_bad.py:18:21:18:32 | ControlFlowNode for Attribute | flask_mongoengine_db_document_subclass_bad.py:18:21:18:42 | ControlFlowNode for Subscript |
| flask_mongoengine_db_document_subclass_bad.py:18:21:18:42 | ControlFlowNode for Subscript | flask_mongoengine_db_document_subclass_bad.py:19:19:19:43 | ControlFlowNode for Attribute() |
| flask_mongoengine_db_document_subclass_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | flask_mongoengine_db_document_subclass_bad.py:21:34:21:44 | ControlFlowNode for json_search |
| flask_mongoengine_db_document_subclass_good.py:19:21:19:27 | ControlFlowNode for request | flask_mongoengine_db_document_subclass_good.py:19:21:19:32 | ControlFlowNode for Attribute |
| flask_mongoengine_db_document_subclass_good.py:19:21:19:32 | ControlFlowNode for Attribute | flask_mongoengine_db_document_subclass_good.py:19:21:19:42 | ControlFlowNode for Subscript |
| flask_mongoengine_db_document_subclass_good.py:19:21:19:42 | ControlFlowNode for Subscript | flask_mongoengine_db_document_subclass_good.py:20:19:20:43 | ControlFlowNode for Attribute() |
| flask_mongoengine_get_db_bad.py:19:21:19:27 | ControlFlowNode for request | flask_mongoengine_get_db_bad.py:19:21:19:32 | ControlFlowNode for Attribute |
| flask_mongoengine_get_db_bad.py:19:21:19:32 | ControlFlowNode for Attribute | flask_mongoengine_get_db_bad.py:19:21:19:42 | ControlFlowNode for Subscript |
| flask_mongoengine_get_db_bad.py:19:21:19:42 | ControlFlowNode for Subscript | flask_mongoengine_get_db_bad.py:20:19:20:43 | ControlFlowNode for Attribute() |
| flask_mongoengine_get_db_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | flask_mongoengine_get_db_bad.py:23:39:23:59 | ControlFlowNode for Dict |
| flask_mongoengine_get_db_good.py:20:21:20:27 | ControlFlowNode for request | flask_mongoengine_get_db_good.py:20:21:20:32 | ControlFlowNode for Attribute |
| flask_mongoengine_get_db_good.py:20:21:20:32 | ControlFlowNode for Attribute | flask_mongoengine_get_db_good.py:20:21:20:42 | ControlFlowNode for Subscript |
| flask_mongoengine_get_db_good.py:20:21:20:42 | ControlFlowNode for Subscript | flask_mongoengine_get_db_good.py:21:19:21:43 | ControlFlowNode for Attribute() |
| flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | flask_mongoengine_bad.py:19:21:19:32 | ControlFlowNode for Attribute |
| flask_mongoengine_bad.py:19:21:19:32 | ControlFlowNode for Attribute | flask_mongoengine_bad.py:19:21:19:42 | ControlFlowNode for Subscript |
| flask_mongoengine_bad.py:19:21:19:42 | ControlFlowNode for Subscript | flask_mongoengine_bad.py:20:19:20:43 | ControlFlowNode for Attribute() |
| flask_mongoengine_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search |
| flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | flask_mongoengine_bad.py:26:21:26:32 | ControlFlowNode for Attribute |
| flask_mongoengine_bad.py:26:21:26:32 | ControlFlowNode for Attribute | flask_mongoengine_bad.py:26:21:26:42 | ControlFlowNode for Subscript |
| flask_mongoengine_bad.py:26:21:26:42 | ControlFlowNode for Subscript | flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() |
| flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict |
| flask_mongoengine_good.py:20:21:20:27 | ControlFlowNode for request | flask_mongoengine_good.py:20:21:20:32 | ControlFlowNode for Attribute |
| flask_mongoengine_good.py:20:21:20:32 | ControlFlowNode for Attribute | flask_mongoengine_good.py:20:21:20:42 | ControlFlowNode for Subscript |
| flask_mongoengine_good.py:20:21:20:42 | ControlFlowNode for Subscript | flask_mongoengine_good.py:21:19:21:43 | ControlFlowNode for Attribute() |
| flask_mongoengine_good.py:28:21:28:27 | ControlFlowNode for request | flask_mongoengine_good.py:28:21:28:32 | ControlFlowNode for Attribute |
| flask_mongoengine_good.py:28:21:28:32 | ControlFlowNode for Attribute | flask_mongoengine_good.py:28:21:28:42 | ControlFlowNode for Subscript |
| flask_mongoengine_good.py:28:21:28:42 | ControlFlowNode for Subscript | flask_mongoengine_good.py:29:19:29:43 | ControlFlowNode for Attribute() |
| flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | flask_pymongo_bad.py:11:21:11:32 | ControlFlowNode for Attribute |
| flask_pymongo_bad.py:11:21:11:32 | ControlFlowNode for Attribute | flask_pymongo_bad.py:11:21:11:42 | ControlFlowNode for Subscript |
| flask_pymongo_bad.py:11:21:11:42 | ControlFlowNode for Subscript | flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() |
@@ -20,48 +20,48 @@ edges
| flask_pymongo_good.py:12:21:12:27 | ControlFlowNode for request | flask_pymongo_good.py:12:21:12:32 | ControlFlowNode for Attribute |
| flask_pymongo_good.py:12:21:12:32 | ControlFlowNode for Attribute | flask_pymongo_good.py:12:21:12:42 | ControlFlowNode for Subscript |
| flask_pymongo_good.py:12:21:12:42 | ControlFlowNode for Subscript | flask_pymongo_good.py:13:19:13:43 | ControlFlowNode for Attribute() |
| mongoengine_connect_bad.py:17:21:17:27 | ControlFlowNode for request | mongoengine_connect_bad.py:17:21:17:32 | ControlFlowNode for Attribute |
| mongoengine_connect_bad.py:17:21:17:32 | ControlFlowNode for Attribute | mongoengine_connect_bad.py:17:21:17:42 | ControlFlowNode for Subscript |
| mongoengine_connect_bad.py:17:21:17:42 | ControlFlowNode for Subscript | mongoengine_connect_bad.py:18:19:18:43 | ControlFlowNode for Attribute() |
| mongoengine_connect_bad.py:18:19:18:43 | ControlFlowNode for Attribute() | mongoengine_connect_bad.py:21:26:21:46 | ControlFlowNode for Dict |
| mongoengine_connect_good.py:18:21:18:27 | ControlFlowNode for request | mongoengine_connect_good.py:18:21:18:32 | ControlFlowNode for Attribute |
| mongoengine_connect_good.py:18:21:18:32 | ControlFlowNode for Attribute | mongoengine_connect_good.py:18:21:18:42 | ControlFlowNode for Subscript |
| mongoengine_connect_good.py:18:21:18:42 | ControlFlowNode for Subscript | mongoengine_connect_good.py:19:19:19:43 | ControlFlowNode for Attribute() |
| mongoengine_connect_via_connection_bad.py:18:21:18:27 | ControlFlowNode for request | mongoengine_connect_via_connection_bad.py:18:21:18:32 | ControlFlowNode for Attribute |
| mongoengine_connect_via_connection_bad.py:18:21:18:32 | ControlFlowNode for Attribute | mongoengine_connect_via_connection_bad.py:18:21:18:42 | ControlFlowNode for Subscript |
| mongoengine_connect_via_connection_bad.py:18:21:18:42 | ControlFlowNode for Subscript | mongoengine_connect_via_connection_bad.py:19:19:19:43 | ControlFlowNode for Attribute() |
| mongoengine_connect_via_connection_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | mongoengine_connect_via_connection_bad.py:22:26:22:46 | ControlFlowNode for Dict |
| mongoengine_connect_via_connection_good.py:19:21:19:27 | ControlFlowNode for request | mongoengine_connect_via_connection_good.py:19:21:19:32 | ControlFlowNode for Attribute |
| mongoengine_connect_via_connection_good.py:19:21:19:32 | ControlFlowNode for Attribute | mongoengine_connect_via_connection_good.py:19:21:19:42 | ControlFlowNode for Subscript |
| mongoengine_connect_via_connection_good.py:19:21:19:42 | ControlFlowNode for Subscript | mongoengine_connect_via_connection_good.py:20:19:20:43 | ControlFlowNode for Attribute() |
| mongoengine_document_subclass_bad.py:17:21:17:27 | ControlFlowNode for request | mongoengine_document_subclass_bad.py:17:21:17:32 | ControlFlowNode for Attribute |
| mongoengine_document_subclass_bad.py:17:21:17:32 | ControlFlowNode for Attribute | mongoengine_document_subclass_bad.py:17:21:17:42 | ControlFlowNode for Subscript |
| mongoengine_document_subclass_bad.py:17:21:17:42 | ControlFlowNode for Subscript | mongoengine_document_subclass_bad.py:18:19:18:43 | ControlFlowNode for Attribute() |
| mongoengine_document_subclass_bad.py:18:19:18:43 | ControlFlowNode for Attribute() | mongoengine_document_subclass_bad.py:20:34:20:44 | ControlFlowNode for json_search |
| mongoengine_document_subclass_good.py:18:21:18:27 | ControlFlowNode for request | mongoengine_document_subclass_good.py:18:21:18:32 | ControlFlowNode for Attribute |
| mongoengine_document_subclass_good.py:18:21:18:32 | ControlFlowNode for Attribute | mongoengine_document_subclass_good.py:18:21:18:42 | ControlFlowNode for Subscript |
| mongoengine_document_subclass_good.py:18:21:18:42 | ControlFlowNode for Subscript | mongoengine_document_subclass_good.py:19:19:19:43 | ControlFlowNode for Attribute() |
| mongoengine_get_db_bad.py:17:21:17:27 | ControlFlowNode for request | mongoengine_get_db_bad.py:17:21:17:32 | ControlFlowNode for Attribute |
| mongoengine_get_db_bad.py:17:21:17:32 | ControlFlowNode for Attribute | mongoengine_get_db_bad.py:17:21:17:42 | ControlFlowNode for Subscript |
| mongoengine_get_db_bad.py:17:21:17:42 | ControlFlowNode for Subscript | mongoengine_get_db_bad.py:18:19:18:43 | ControlFlowNode for Attribute() |
| mongoengine_get_db_bad.py:18:19:18:43 | ControlFlowNode for Attribute() | mongoengine_get_db_bad.py:21:26:21:46 | ControlFlowNode for Dict |
| mongoengine_get_db_good.py:18:21:18:27 | ControlFlowNode for request | mongoengine_get_db_good.py:18:21:18:32 | ControlFlowNode for Attribute |
| mongoengine_get_db_good.py:18:21:18:32 | ControlFlowNode for Attribute | mongoengine_get_db_good.py:18:21:18:42 | ControlFlowNode for Subscript |
| mongoengine_get_db_good.py:18:21:18:42 | ControlFlowNode for Subscript | mongoengine_get_db_good.py:19:19:19:43 | ControlFlowNode for Attribute() |
| mongoengine_get_db_via_connection_bad.py:18:21:18:27 | ControlFlowNode for request | mongoengine_get_db_via_connection_bad.py:18:21:18:32 | ControlFlowNode for Attribute |
| mongoengine_get_db_via_connection_bad.py:18:21:18:32 | ControlFlowNode for Attribute | mongoengine_get_db_via_connection_bad.py:18:21:18:42 | ControlFlowNode for Subscript |
| mongoengine_get_db_via_connection_bad.py:18:21:18:42 | ControlFlowNode for Subscript | mongoengine_get_db_via_connection_bad.py:19:19:19:43 | ControlFlowNode for Attribute() |
| mongoengine_get_db_via_connection_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | mongoengine_get_db_via_connection_bad.py:22:26:22:46 | ControlFlowNode for Dict |
| mongoengine_get_db_via_connection_good.py:19:21:19:27 | ControlFlowNode for request | mongoengine_get_db_via_connection_good.py:19:21:19:32 | ControlFlowNode for Attribute |
| mongoengine_get_db_via_connection_good.py:19:21:19:32 | ControlFlowNode for Attribute | mongoengine_get_db_via_connection_good.py:19:21:19:42 | ControlFlowNode for Subscript |
| mongoengine_get_db_via_connection_good.py:19:21:19:42 | ControlFlowNode for Subscript | mongoengine_get_db_via_connection_good.py:20:19:20:43 | ControlFlowNode for Attribute() |
| mongoengine_subscript_bad.py:17:21:17:27 | ControlFlowNode for request | mongoengine_subscript_bad.py:17:21:17:32 | ControlFlowNode for Attribute |
| mongoengine_subscript_bad.py:17:21:17:32 | ControlFlowNode for Attribute | mongoengine_subscript_bad.py:17:21:17:42 | ControlFlowNode for Subscript |
| mongoengine_subscript_bad.py:17:21:17:42 | ControlFlowNode for Subscript | mongoengine_subscript_bad.py:18:19:18:43 | ControlFlowNode for Attribute() |
| mongoengine_subscript_bad.py:18:19:18:43 | ControlFlowNode for Attribute() | mongoengine_subscript_bad.py:21:29:21:49 | ControlFlowNode for Dict |
| mongoengine_subscript_good.py:18:21:18:27 | ControlFlowNode for request | mongoengine_subscript_good.py:18:21:18:32 | ControlFlowNode for Attribute |
| mongoengine_subscript_good.py:18:21:18:32 | ControlFlowNode for Attribute | mongoengine_subscript_good.py:18:21:18:42 | ControlFlowNode for Subscript |
| mongoengine_subscript_good.py:18:21:18:42 | ControlFlowNode for Subscript | mongoengine_subscript_good.py:19:19:19:43 | ControlFlowNode for Attribute() |
| mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | mongoengine_bad.py:18:21:18:32 | ControlFlowNode for Attribute |
| mongoengine_bad.py:18:21:18:32 | ControlFlowNode for Attribute | mongoengine_bad.py:18:21:18:42 | ControlFlowNode for Subscript |
| mongoengine_bad.py:18:21:18:42 | ControlFlowNode for Subscript | mongoengine_bad.py:19:19:19:43 | ControlFlowNode for Attribute() |
| mongoengine_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict |
| mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | mongoengine_bad.py:26:21:26:32 | ControlFlowNode for Attribute |
| mongoengine_bad.py:26:21:26:32 | ControlFlowNode for Attribute | mongoengine_bad.py:26:21:26:42 | ControlFlowNode for Subscript |
| mongoengine_bad.py:26:21:26:42 | ControlFlowNode for Subscript | mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() |
| mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict |
| mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request | mongoengine_bad.py:34:21:34:32 | ControlFlowNode for Attribute |
| mongoengine_bad.py:34:21:34:32 | ControlFlowNode for Attribute | mongoengine_bad.py:34:21:34:42 | ControlFlowNode for Subscript |
| mongoengine_bad.py:34:21:34:42 | ControlFlowNode for Subscript | mongoengine_bad.py:35:19:35:43 | ControlFlowNode for Attribute() |
| mongoengine_bad.py:35:19:35:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict |
| mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request | mongoengine_bad.py:42:21:42:32 | ControlFlowNode for Attribute |
| mongoengine_bad.py:42:21:42:32 | ControlFlowNode for Attribute | mongoengine_bad.py:42:21:42:42 | ControlFlowNode for Subscript |
| mongoengine_bad.py:42:21:42:42 | ControlFlowNode for Subscript | mongoengine_bad.py:43:19:43:43 | ControlFlowNode for Attribute() |
| mongoengine_bad.py:43:19:43:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict |
| mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | mongoengine_bad.py:50:21:50:32 | ControlFlowNode for Attribute |
| mongoengine_bad.py:50:21:50:32 | ControlFlowNode for Attribute | mongoengine_bad.py:50:21:50:42 | ControlFlowNode for Subscript |
| mongoengine_bad.py:50:21:50:42 | ControlFlowNode for Subscript | mongoengine_bad.py:51:19:51:43 | ControlFlowNode for Attribute() |
| mongoengine_bad.py:51:19:51:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search |
| mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | mongoengine_bad.py:57:21:57:32 | ControlFlowNode for Attribute |
| mongoengine_bad.py:57:21:57:32 | ControlFlowNode for Attribute | mongoengine_bad.py:57:21:57:42 | ControlFlowNode for Subscript |
| mongoengine_bad.py:57:21:57:42 | ControlFlowNode for Subscript | mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() |
| mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict |
| mongoengine_good.py:19:21:19:27 | ControlFlowNode for request | mongoengine_good.py:19:21:19:32 | ControlFlowNode for Attribute |
| mongoengine_good.py:19:21:19:32 | ControlFlowNode for Attribute | mongoengine_good.py:19:21:19:42 | ControlFlowNode for Subscript |
| mongoengine_good.py:19:21:19:42 | ControlFlowNode for Subscript | mongoengine_good.py:20:19:20:43 | ControlFlowNode for Attribute() |
| mongoengine_good.py:28:21:28:27 | ControlFlowNode for request | mongoengine_good.py:28:21:28:32 | ControlFlowNode for Attribute |
| mongoengine_good.py:28:21:28:32 | ControlFlowNode for Attribute | mongoengine_good.py:28:21:28:42 | ControlFlowNode for Subscript |
| mongoengine_good.py:28:21:28:42 | ControlFlowNode for Subscript | mongoengine_good.py:29:19:29:43 | ControlFlowNode for Attribute() |
| mongoengine_good.py:37:21:37:27 | ControlFlowNode for request | mongoengine_good.py:37:21:37:32 | ControlFlowNode for Attribute |
| mongoengine_good.py:37:21:37:32 | ControlFlowNode for Attribute | mongoengine_good.py:37:21:37:42 | ControlFlowNode for Subscript |
| mongoengine_good.py:37:21:37:42 | ControlFlowNode for Subscript | mongoengine_good.py:38:19:38:43 | ControlFlowNode for Attribute() |
| mongoengine_good.py:45:21:45:27 | ControlFlowNode for request | mongoengine_good.py:45:21:45:32 | ControlFlowNode for Attribute |
| mongoengine_good.py:45:21:45:32 | ControlFlowNode for Attribute | mongoengine_good.py:45:21:45:42 | ControlFlowNode for Subscript |
| mongoengine_good.py:45:21:45:42 | ControlFlowNode for Subscript | mongoengine_good.py:46:19:46:43 | ControlFlowNode for Attribute() |
| mongoengine_good.py:54:21:54:27 | ControlFlowNode for request | mongoengine_good.py:54:21:54:32 | ControlFlowNode for Attribute |
| mongoengine_good.py:54:21:54:32 | ControlFlowNode for Attribute | mongoengine_good.py:54:21:54:42 | ControlFlowNode for Subscript |
| mongoengine_good.py:54:21:54:42 | ControlFlowNode for Subscript | mongoengine_good.py:55:19:55:43 | ControlFlowNode for Attribute() |
| mongoengine_good.py:63:21:63:27 | ControlFlowNode for request | mongoengine_good.py:63:21:63:32 | ControlFlowNode for Attribute |
| mongoengine_good.py:63:21:63:32 | ControlFlowNode for Attribute | mongoengine_good.py:63:21:63:42 | ControlFlowNode for Subscript |
| mongoengine_good.py:63:21:63:42 | ControlFlowNode for Subscript | mongoengine_good.py:64:19:64:43 | ControlFlowNode for Attribute() |
| pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | pymongo_bad.py:11:21:11:32 | ControlFlowNode for Attribute |
| pymongo_bad.py:11:21:11:32 | ControlFlowNode for Attribute | pymongo_bad.py:11:21:11:42 | ControlFlowNode for Subscript |
| pymongo_bad.py:11:21:11:42 | ControlFlowNode for Subscript | pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() |
@@ -70,24 +70,24 @@ edges
| pymongo_good.py:12:21:12:32 | ControlFlowNode for Attribute | pymongo_good.py:12:21:12:42 | ControlFlowNode for Subscript |
| pymongo_good.py:12:21:12:42 | ControlFlowNode for Subscript | pymongo_good.py:13:19:13:43 | ControlFlowNode for Attribute() |
nodes
| flask_mongoengine_db_document_subclass_bad.py:18:21:18:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| flask_mongoengine_db_document_subclass_bad.py:18:21:18:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| flask_mongoengine_db_document_subclass_bad.py:18:21:18:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| flask_mongoengine_db_document_subclass_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| flask_mongoengine_db_document_subclass_bad.py:21:34:21:44 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search |
| flask_mongoengine_db_document_subclass_good.py:19:21:19:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| flask_mongoengine_db_document_subclass_good.py:19:21:19:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| flask_mongoengine_db_document_subclass_good.py:19:21:19:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| flask_mongoengine_db_document_subclass_good.py:20:19:20:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| flask_mongoengine_get_db_bad.py:19:21:19:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| flask_mongoengine_get_db_bad.py:19:21:19:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| flask_mongoengine_get_db_bad.py:19:21:19:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| flask_mongoengine_get_db_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| flask_mongoengine_get_db_bad.py:23:39:23:59 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
| flask_mongoengine_get_db_good.py:20:21:20:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| flask_mongoengine_get_db_good.py:20:21:20:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| flask_mongoengine_get_db_good.py:20:21:20:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| flask_mongoengine_get_db_good.py:21:19:21:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| flask_mongoengine_bad.py:19:21:19:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| flask_mongoengine_bad.py:19:21:19:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| flask_mongoengine_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search |
| flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| flask_mongoengine_bad.py:26:21:26:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| flask_mongoengine_bad.py:26:21:26:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
| flask_mongoengine_good.py:20:21:20:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| flask_mongoengine_good.py:20:21:20:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| flask_mongoengine_good.py:20:21:20:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| flask_mongoengine_good.py:21:19:21:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| flask_mongoengine_good.py:28:21:28:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| flask_mongoengine_good.py:28:21:28:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| flask_mongoengine_good.py:28:21:28:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| flask_mongoengine_good.py:29:19:29:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| flask_pymongo_bad.py:11:21:11:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| flask_pymongo_bad.py:11:21:11:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
@@ -97,60 +97,60 @@ nodes
| flask_pymongo_good.py:12:21:12:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| flask_pymongo_good.py:12:21:12:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| flask_pymongo_good.py:13:19:13:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_connect_bad.py:17:21:17:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_connect_bad.py:17:21:17:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_connect_bad.py:17:21:17:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_connect_bad.py:18:19:18:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_connect_bad.py:21:26:21:46 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
| mongoengine_connect_good.py:18:21:18:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_connect_good.py:18:21:18:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_connect_good.py:18:21:18:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_connect_good.py:19:19:19:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_connect_via_connection_bad.py:18:21:18:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_connect_via_connection_bad.py:18:21:18:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_connect_via_connection_bad.py:18:21:18:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_connect_via_connection_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_connect_via_connection_bad.py:22:26:22:46 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
| mongoengine_connect_via_connection_good.py:19:21:19:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_connect_via_connection_good.py:19:21:19:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_connect_via_connection_good.py:19:21:19:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_connect_via_connection_good.py:20:19:20:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_document_subclass_bad.py:17:21:17:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_document_subclass_bad.py:17:21:17:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_document_subclass_bad.py:17:21:17:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_document_subclass_bad.py:18:19:18:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_document_subclass_bad.py:20:34:20:44 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search |
| mongoengine_document_subclass_good.py:18:21:18:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_document_subclass_good.py:18:21:18:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_document_subclass_good.py:18:21:18:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_document_subclass_good.py:19:19:19:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_get_db_bad.py:17:21:17:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_get_db_bad.py:17:21:17:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_get_db_bad.py:17:21:17:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_get_db_bad.py:18:19:18:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_get_db_bad.py:21:26:21:46 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
| mongoengine_get_db_good.py:18:21:18:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_get_db_good.py:18:21:18:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_get_db_good.py:18:21:18:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_get_db_good.py:19:19:19:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_get_db_via_connection_bad.py:18:21:18:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_get_db_via_connection_bad.py:18:21:18:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_get_db_via_connection_bad.py:18:21:18:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_get_db_via_connection_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_get_db_via_connection_bad.py:22:26:22:46 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
| mongoengine_get_db_via_connection_good.py:19:21:19:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_get_db_via_connection_good.py:19:21:19:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_get_db_via_connection_good.py:19:21:19:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_get_db_via_connection_good.py:20:19:20:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_subscript_bad.py:17:21:17:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_subscript_bad.py:17:21:17:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_subscript_bad.py:17:21:17:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_subscript_bad.py:18:19:18:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_subscript_bad.py:21:29:21:49 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
| mongoengine_subscript_good.py:18:21:18:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_subscript_good.py:18:21:18:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_subscript_good.py:18:21:18:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_subscript_good.py:19:19:19:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_bad.py:18:21:18:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_bad.py:18:21:18:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
| mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_bad.py:26:21:26:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_bad.py:26:21:26:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
| mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_bad.py:34:21:34:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_bad.py:34:21:34:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_bad.py:35:19:35:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
| mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_bad.py:42:21:42:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_bad.py:42:21:42:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_bad.py:43:19:43:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
| mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_bad.py:50:21:50:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_bad.py:50:21:50:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_bad.py:51:19:51:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search |
| mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_bad.py:57:21:57:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_bad.py:57:21:57:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
| mongoengine_good.py:19:21:19:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_good.py:19:21:19:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_good.py:19:21:19:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_good.py:20:19:20:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_good.py:28:21:28:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_good.py:28:21:28:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_good.py:28:21:28:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_good.py:29:19:29:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_good.py:37:21:37:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_good.py:37:21:37:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_good.py:37:21:37:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_good.py:38:19:38:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_good.py:45:21:45:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_good.py:45:21:45:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_good.py:45:21:45:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_good.py:46:19:46:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_good.py:54:21:54:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_good.py:54:21:54:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_good.py:54:21:54:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_good.py:55:19:55:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| mongoengine_good.py:63:21:63:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| mongoengine_good.py:63:21:63:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| mongoengine_good.py:63:21:63:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| mongoengine_good.py:64:19:64:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| pymongo_bad.py:11:21:11:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| pymongo_bad.py:11:21:11:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
@@ -161,13 +161,13 @@ nodes
| pymongo_good.py:12:21:12:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| pymongo_good.py:13:19:13:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
#select
| flask_mongoengine_db_document_subclass_bad.py:21:34:21:44 | ControlFlowNode for json_search | flask_mongoengine_db_document_subclass_bad.py:18:21:18:27 | ControlFlowNode for request | flask_mongoengine_db_document_subclass_bad.py:21:34:21:44 | ControlFlowNode for json_search | $@ NoSQL query contains an unsanitized $@ | flask_mongoengine_db_document_subclass_bad.py:21:34:21:44 | ControlFlowNode for json_search | This | flask_mongoengine_db_document_subclass_bad.py:18:21:18:27 | ControlFlowNode for request | user-provided value |
| flask_mongoengine_get_db_bad.py:23:39:23:59 | ControlFlowNode for Dict | flask_mongoengine_get_db_bad.py:19:21:19:27 | ControlFlowNode for request | flask_mongoengine_get_db_bad.py:23:39:23:59 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | flask_mongoengine_get_db_bad.py:23:39:23:59 | ControlFlowNode for Dict | This | flask_mongoengine_get_db_bad.py:19:21:19:27 | ControlFlowNode for request | user-provided value |
| flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | $@ NoSQL query contains an unsanitized $@ | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | This | flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | user-provided value |
| flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | This | flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | user-provided value |
| flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | This | flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | user-provided value |
| mongoengine_connect_bad.py:21:26:21:46 | ControlFlowNode for Dict | mongoengine_connect_bad.py:17:21:17:27 | ControlFlowNode for request | mongoengine_connect_bad.py:21:26:21:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_connect_bad.py:21:26:21:46 | ControlFlowNode for Dict | This | mongoengine_connect_bad.py:17:21:17:27 | ControlFlowNode for request | user-provided value |
| mongoengine_connect_via_connection_bad.py:22:26:22:46 | ControlFlowNode for Dict | mongoengine_connect_via_connection_bad.py:18:21:18:27 | ControlFlowNode for request | mongoengine_connect_via_connection_bad.py:22:26:22:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_connect_via_connection_bad.py:22:26:22:46 | ControlFlowNode for Dict | This | mongoengine_connect_via_connection_bad.py:18:21:18:27 | ControlFlowNode for request | user-provided value |
| mongoengine_document_subclass_bad.py:20:34:20:44 | ControlFlowNode for json_search | mongoengine_document_subclass_bad.py:17:21:17:27 | ControlFlowNode for request | mongoengine_document_subclass_bad.py:20:34:20:44 | ControlFlowNode for json_search | $@ NoSQL query contains an unsanitized $@ | mongoengine_document_subclass_bad.py:20:34:20:44 | ControlFlowNode for json_search | This | mongoengine_document_subclass_bad.py:17:21:17:27 | ControlFlowNode for request | user-provided value |
| mongoengine_get_db_bad.py:21:26:21:46 | ControlFlowNode for Dict | mongoengine_get_db_bad.py:17:21:17:27 | ControlFlowNode for request | mongoengine_get_db_bad.py:21:26:21:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_get_db_bad.py:21:26:21:46 | ControlFlowNode for Dict | This | mongoengine_get_db_bad.py:17:21:17:27 | ControlFlowNode for request | user-provided value |
| mongoengine_get_db_via_connection_bad.py:22:26:22:46 | ControlFlowNode for Dict | mongoengine_get_db_via_connection_bad.py:18:21:18:27 | ControlFlowNode for request | mongoengine_get_db_via_connection_bad.py:22:26:22:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_get_db_via_connection_bad.py:22:26:22:46 | ControlFlowNode for Dict | This | mongoengine_get_db_via_connection_bad.py:18:21:18:27 | ControlFlowNode for request | user-provided value |
| mongoengine_subscript_bad.py:21:29:21:49 | ControlFlowNode for Dict | mongoengine_subscript_bad.py:17:21:17:27 | ControlFlowNode for request | mongoengine_subscript_bad.py:21:29:21:49 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_subscript_bad.py:21:29:21:49 | ControlFlowNode for Dict | This | mongoengine_subscript_bad.py:17:21:17:27 | ControlFlowNode for request | user-provided value |
| mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | This | mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | user-provided value |
| mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | This | mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | user-provided value |
| mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | This | mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request | user-provided value |
| mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | This | mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request | user-provided value |
| mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | This | mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | user-provided value |
| mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | This | mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | user-provided value |
| pymongo_bad.py:14:42:14:62 | ControlFlowNode for Dict | pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | pymongo_bad.py:14:42:14:62 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | pymongo_bad.py:14:42:14:62 | ControlFlowNode for Dict | This | pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | user-provided value |

13
python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_get_db_bad.py → python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_bad.py
View File

@@ -14,13 +14,20 @@ class Movie(db.Document):
Movie(title='test').save()
@app.route("/")
def home_page():
@app.route("/subclass_objects")
def subclass_objects():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
return Movie.objects(__raw__=json_search)
@app.route("/get_db_find")
def get_db_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
retrieved_db = db.get_db()
data = retrieved_db["Movie"].find({'name': json_search})
return retrieved_db["Movie"].find({'name': json_search})
# if __name__ == "__main__":
# app.run(debug=True)

24
python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_db_document_subclass_bad.py
View File

@@ -1,24 +0,0 @@
from flask import Flask, request
from flask_mongoengine import MongoEngine
import json
app = Flask(__name__)
app.config.from_pyfile('the-config.cfg')
db = MongoEngine(app)
class Movie(db.Document):
title = db.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
data = Movie.objects(__raw__=json_search)
# if __name__ == "__main__":
# app.run(debug=True)

26
python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_db_document_subclass_good.py
View File

@@ -1,26 +0,0 @@
from flask import Flask, request
from flask_mongoengine import MongoEngine
from mongosanitizer.sanitizer import sanitize
import json
app = Flask(__name__)
app.config.from_pyfile('the-config.cfg')
db = MongoEngine(app)
class Movie(db.Document):
title = db.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
data = Movie.objects(__raw__=safe_search)
# if __name__ == "__main__":
# app.run(debug=True)

12
python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_get_db_good.py → python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_good.py
View File

@@ -15,8 +15,16 @@ class Movie(db.Document):
Movie(title='test').save()
@app.route("/")
def home_page():
@app.route("/subclass_objects")
def subclass_objects():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
return Movie.objects(__raw__=safe_search)
@app.route("/get_db_find")
def get_db_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)

64
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_bad.py Normal file
View File

@@ -0,0 +1,64 @@
from flask import Flask, request
import mongoengine as me
from mongoengine.connection import get_db, connect
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/connect_find")
def connect_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
db = me.connect('mydb')
return db.movie.find({'name': json_search})
@app.route("/connection_connect_find")
def connection_connect_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
db = connect('mydb')
return db.movie.find({'name': json_search})
@app.route("/get_db_find")
def get_db_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
db = me.get_db()
return db.movie.find({'name': json_search})
@app.route("/connection_get_db_find")
def connection_get_db_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
db = get_db()
return db.movie.find({'name': json_search})
@app.route("/subclass_objects")
def subclass_objects():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
return Movie.objects(__raw__=json_search)
@app.route("/subscript_find")
def subscript_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
db = me.connect('mydb')
return db['movie'].find({'name': json_search})
# if __name__ == "__main__":
# app.run(debug=True)

24
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_connect_bad.py
View File

@@ -1,24 +0,0 @@
from flask import Flask, request
import mongoengine as me
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
db = me.connect('mydb')
data = db.movie.find({'name': json_search})
# if __name__ == "__main__":
# app.run(debug=True)

26
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_connect_good.py
View File

@@ -1,26 +0,0 @@
from flask import Flask, request
import mongoengine as me
from mongosanitizer.sanitizer import sanitize
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
db = me.connect('mydb')
data = db.movie.find({'name': json_search})
# if __name__ == "__main__":
# app.run(debug=True)

25
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_connect_via_connection_bad.py
View File

@@ -1,25 +0,0 @@
from flask import Flask, request
import mongoengine as me
from mongoengine.connection import get_db, connect
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
db = connect('mydb')
data = db.movie.find({'name': json_search})
# if __name__ == "__main__":
# app.run(debug=True)

27
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_connect_via_connection_good.py
View File

@@ -1,27 +0,0 @@
from flask import Flask, request
import mongoengine as me
from mongoengine.connection import get_db, connect
from mongosanitizer.sanitizer import sanitize
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
db = connect('mydb')
data = db.movie.find({'name': json_search})
# if __name__ == "__main__":
# app.run(debug=True)

23
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_document_subclass_bad.py
View File

@@ -1,23 +0,0 @@
from flask import Flask, request
import mongoengine as me
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
data = Movie.objects(__raw__=json_search)
# if __name__ == "__main__":
# app.run(debug=True)

25
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_document_subclass_good.py
View File

@@ -1,25 +0,0 @@
from flask import Flask, request
import mongoengine as me
from mongosanitizer.sanitizer import sanitize
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
data = Movie.objects(__raw__=safe_search)
# if __name__ == "__main__":
# app.run(debug=True)

24
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_get_db_bad.py
View File

@@ -1,24 +0,0 @@
from flask import Flask, request
import mongoengine as me
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
db = me.get_db()
data = db.movie.find({'name': json_search})
# if __name__ == "__main__":
# app.run(debug=True)

26
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_get_db_good.py
View File

@@ -1,26 +0,0 @@
from flask import Flask, request
import mongoengine as me
from mongosanitizer.sanitizer import sanitize
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
db = me.get_db()
data = db.movie.find({'name': safe_search})
# if __name__ == "__main__":
# app.run(debug=True)

25
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_get_db_via_connection_bad.py
View File

@@ -1,25 +0,0 @@
from flask import Flask, request
import mongoengine as me
from mongoengine.connection import get_db, connect
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
db = get_db()
data = db.movie.find({'name': json_search})
# if __name__ == "__main__":
# app.run(debug=True)

27
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_get_db_via_connection_good.py
View File

@@ -1,27 +0,0 @@
from flask import Flask, request
import mongoengine as me
from mongoengine.connection import get_db, connect
from mongosanitizer.sanitizer import sanitize
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
db = get_db()
data = db.movie.find({'name': safe_search})
# if __name__ == "__main__":
# app.run(debug=True)

68
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_good.py Normal file
View File

@@ -0,0 +1,68 @@
from flask import Flask, request
import mongoengine as me
from mongoengine.connection import get_db, connect
from mongosanitizer.sanitizer import sanitize
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/connect_find")
def connect_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
db = me.connect('mydb')
return db.movie.find({'name': json_search})
@app.route("/connection_connect_find")
def connection_connect_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
db = connect('mydb')
return db.movie.find({'name': json_search})
@app.route("/subclass_objects")
def subclass_objects():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
return Movie.objects(__raw__=safe_search)
@app.route("/get_db_find")
def get_db_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
db = me.get_db()
return db.movie.find({'name': safe_search})
@app.route("/connection_get_db_find")
def connection_get_db_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
db = get_db()
return db.movie.find({'name': safe_search})
@app.route("/subscript_find")
def subscript_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
db = me.connect('mydb')
return db['movie'].find({'name': safe_search})

24
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_subscript_bad.py
View File

@@ -1,24 +0,0 @@
from flask import Flask, request
import mongoengine as me
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
db = me.connect('mydb')
data = db['movie'].find({'name': json_search})
# if __name__ == "__main__":
# app.run(debug=True)

26
python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_subscript_good.py
View File

@@ -1,26 +0,0 @@
from flask import Flask, request
import mongoengine as me
from mongosanitizer.sanitizer import sanitize
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
db = me.connect('mydb')
data = db['movie'].find({'name': safe_search})
# if __name__ == "__main__":
# app.run(debug=True)