mirror of
https://github.com/github/codeql.git
synced 2026-05-02 12:15:17 +02:00
Merge pull request #5139 from RasmusWL/django-improvements
Approved by yoff
This commit is contained in:
CodeQL CI
@@ -1,82 +1,88 @@
|
||||
| taint_test.py:7 | ok | test_taint | bar |
|
||||
| taint_test.py:7 | ok | test_taint | foo |
|
||||
| taint_test.py:8 | ok | test_taint | baz |
|
||||
| taint_test.py:14 | ok | test_taint | request |
|
||||
| taint_test.py:16 | ok | test_taint | request.body |
|
||||
| taint_test.py:17 | ok | test_taint | request.path |
|
||||
| taint_test.py:18 | ok | test_taint | request.path_info |
|
||||
| taint_test.py:22 | ok | test_taint | request.method |
|
||||
| taint_test.py:24 | ok | test_taint | request.encoding |
|
||||
| taint_test.py:25 | ok | test_taint | request.content_type |
|
||||
| taint_test.py:28 | ok | test_taint | request.content_params |
|
||||
| taint_test.py:29 | ok | test_taint | request.content_params["key"] |
|
||||
| taint_test.py:30 | ok | test_taint | request.content_params.get(..) |
|
||||
| taint_test.py:34 | ok | test_taint | request.GET |
|
||||
| taint_test.py:35 | ok | test_taint | request.GET["key"] |
|
||||
| taint_test.py:36 | ok | test_taint | request.GET.get(..) |
|
||||
| taint_test.py:37 | fail | test_taint | request.GET.getlist(..) |
|
||||
| taint_test.py:38 | fail | test_taint | request.GET.getlist(..)[0] |
|
||||
| taint_test.py:39 | ok | test_taint | request.GET.pop(..) |
|
||||
| taint_test.py:40 | ok | test_taint | request.GET.pop(..)[0] |
|
||||
| taint_test.py:41 | ok | test_taint | request.GET.popitem()[0] |
|
||||
| taint_test.py:42 | ok | test_taint | request.GET.popitem()[1] |
|
||||
| taint_test.py:43 | ok | test_taint | request.GET.popitem()[1][0] |
|
||||
| taint_test.py:44 | fail | test_taint | request.GET.dict() |
|
||||
| taint_test.py:45 | fail | test_taint | request.GET.dict()["key"] |
|
||||
| taint_test.py:46 | fail | test_taint | request.GET.urlencode() |
|
||||
| taint_test.py:49 | ok | test_taint | request.POST |
|
||||
| taint_test.py:52 | ok | test_taint | request.COOKIES |
|
||||
| taint_test.py:53 | ok | test_taint | request.COOKIES["key"] |
|
||||
| taint_test.py:54 | ok | test_taint | request.COOKIES.get(..) |
|
||||
| taint_test.py:57 | ok | test_taint | request.FILES |
|
||||
| taint_test.py:58 | ok | test_taint | request.FILES["key"] |
|
||||
| taint_test.py:59 | fail | test_taint | request.FILES["key"].content_type |
|
||||
| taint_test.py:60 | fail | test_taint | request.FILES["key"].content_type_extra |
|
||||
| taint_test.py:61 | fail | test_taint | request.FILES["key"].content_type_extra["key"] |
|
||||
| taint_test.py:62 | fail | test_taint | request.FILES["key"].charset |
|
||||
| taint_test.py:63 | fail | test_taint | request.FILES["key"].name |
|
||||
| taint_test.py:64 | fail | test_taint | request.FILES["key"].file |
|
||||
| taint_test.py:65 | fail | test_taint | request.FILES["key"].file.read() |
|
||||
| taint_test.py:67 | ok | test_taint | request.FILES.get(..) |
|
||||
| taint_test.py:68 | fail | test_taint | request.FILES.get(..).name |
|
||||
| taint_test.py:69 | fail | test_taint | request.FILES.getlist(..) |
|
||||
| taint_test.py:70 | fail | test_taint | request.FILES.getlist(..)[0] |
|
||||
| taint_test.py:71 | fail | test_taint | request.FILES.getlist(..)[0].name |
|
||||
| taint_test.py:72 | fail | test_taint | request.FILES.dict() |
|
||||
| taint_test.py:73 | fail | test_taint | request.FILES.dict()["key"] |
|
||||
| taint_test.py:74 | fail | test_taint | request.FILES.dict()["key"].name |
|
||||
| taint_test.py:77 | ok | test_taint | request.META |
|
||||
| taint_test.py:78 | ok | test_taint | request.META["HTTP_USER_AGENT"] |
|
||||
| taint_test.py:79 | ok | test_taint | request.META.get(..) |
|
||||
| taint_test.py:82 | ok | test_taint | request.headers |
|
||||
| taint_test.py:83 | ok | test_taint | request.headers["user-agent"] |
|
||||
| taint_test.py:84 | ok | test_taint | request.headers["USER_AGENT"] |
|
||||
| taint_test.py:87 | ok | test_taint | request.resolver_match |
|
||||
| taint_test.py:88 | fail | test_taint | request.resolver_match.args |
|
||||
| taint_test.py:89 | fail | test_taint | request.resolver_match.args[0] |
|
||||
| taint_test.py:90 | fail | test_taint | request.resolver_match.kwargs |
|
||||
| taint_test.py:91 | fail | test_taint | request.resolver_match.kwargs["key"] |
|
||||
| taint_test.py:93 | fail | test_taint | request.get_full_path() |
|
||||
| taint_test.py:94 | fail | test_taint | request.get_full_path_info() |
|
||||
| taint_test.py:98 | fail | test_taint | request.read() |
|
||||
| taint_test.py:99 | fail | test_taint | request.readline() |
|
||||
| taint_test.py:100 | fail | test_taint | request.readlines() |
|
||||
| taint_test.py:101 | fail | test_taint | request.readlines()[0] |
|
||||
| taint_test.py:102 | fail | test_taint | ListComp |
|
||||
| taint_test.py:108 | ok | test_taint | args |
|
||||
| taint_test.py:109 | ok | test_taint | args[0] |
|
||||
| taint_test.py:110 | ok | test_taint | kwargs |
|
||||
| taint_test.py:111 | ok | test_taint | kwargs["key"] |
|
||||
| taint_test.py:115 | ok | test_taint | request.current_app |
|
||||
| taint_test.py:120 | ok | test_taint | request.get_host() |
|
||||
| taint_test.py:121 | ok | test_taint | request.get_port() |
|
||||
| taint_test.py:128 | fail | test_taint | request.build_absolute_uri() |
|
||||
| taint_test.py:129 | fail | test_taint | request.build_absolute_uri(..) |
|
||||
| taint_test.py:8 | ok | test_taint | bar |
|
||||
| taint_test.py:8 | ok | test_taint | foo |
|
||||
| taint_test.py:9 | ok | test_taint | baz |
|
||||
| taint_test.py:15 | ok | test_taint | request |
|
||||
| taint_test.py:17 | ok | test_taint | request.body |
|
||||
| taint_test.py:18 | ok | test_taint | request.path |
|
||||
| taint_test.py:19 | ok | test_taint | request.path_info |
|
||||
| taint_test.py:23 | ok | test_taint | request.method |
|
||||
| taint_test.py:25 | ok | test_taint | request.encoding |
|
||||
| taint_test.py:26 | ok | test_taint | request.content_type |
|
||||
| taint_test.py:29 | ok | test_taint | request.content_params |
|
||||
| taint_test.py:30 | ok | test_taint | request.content_params["key"] |
|
||||
| taint_test.py:31 | ok | test_taint | request.content_params.get(..) |
|
||||
| taint_test.py:35 | ok | test_taint | request.GET |
|
||||
| taint_test.py:36 | ok | test_taint | request.GET["key"] |
|
||||
| taint_test.py:37 | ok | test_taint | request.GET.get(..) |
|
||||
| taint_test.py:38 | fail | test_taint | request.GET.getlist(..) |
|
||||
| taint_test.py:39 | fail | test_taint | request.GET.getlist(..)[0] |
|
||||
| taint_test.py:40 | ok | test_taint | request.GET.pop(..) |
|
||||
| taint_test.py:41 | ok | test_taint | request.GET.pop(..)[0] |
|
||||
| taint_test.py:42 | ok | test_taint | request.GET.popitem()[0] |
|
||||
| taint_test.py:43 | ok | test_taint | request.GET.popitem()[1] |
|
||||
| taint_test.py:44 | ok | test_taint | request.GET.popitem()[1][0] |
|
||||
| taint_test.py:45 | fail | test_taint | request.GET.dict() |
|
||||
| taint_test.py:46 | fail | test_taint | request.GET.dict()["key"] |
|
||||
| taint_test.py:47 | fail | test_taint | request.GET.urlencode() |
|
||||
| taint_test.py:50 | ok | test_taint | request.POST |
|
||||
| taint_test.py:53 | ok | test_taint | request.COOKIES |
|
||||
| taint_test.py:54 | ok | test_taint | request.COOKIES["key"] |
|
||||
| taint_test.py:55 | ok | test_taint | request.COOKIES.get(..) |
|
||||
| taint_test.py:58 | ok | test_taint | request.FILES |
|
||||
| taint_test.py:59 | ok | test_taint | request.FILES["key"] |
|
||||
| taint_test.py:60 | fail | test_taint | request.FILES["key"].content_type |
|
||||
| taint_test.py:61 | fail | test_taint | request.FILES["key"].content_type_extra |
|
||||
| taint_test.py:62 | fail | test_taint | request.FILES["key"].content_type_extra["key"] |
|
||||
| taint_test.py:63 | fail | test_taint | request.FILES["key"].charset |
|
||||
| taint_test.py:64 | fail | test_taint | request.FILES["key"].name |
|
||||
| taint_test.py:65 | fail | test_taint | request.FILES["key"].file |
|
||||
| taint_test.py:66 | fail | test_taint | request.FILES["key"].file.read() |
|
||||
| taint_test.py:68 | ok | test_taint | request.FILES.get(..) |
|
||||
| taint_test.py:69 | fail | test_taint | request.FILES.get(..).name |
|
||||
| taint_test.py:70 | fail | test_taint | request.FILES.getlist(..) |
|
||||
| taint_test.py:71 | fail | test_taint | request.FILES.getlist(..)[0] |
|
||||
| taint_test.py:72 | fail | test_taint | request.FILES.getlist(..)[0].name |
|
||||
| taint_test.py:73 | fail | test_taint | request.FILES.dict() |
|
||||
| taint_test.py:74 | fail | test_taint | request.FILES.dict()["key"] |
|
||||
| taint_test.py:75 | fail | test_taint | request.FILES.dict()["key"].name |
|
||||
| taint_test.py:78 | ok | test_taint | request.META |
|
||||
| taint_test.py:79 | ok | test_taint | request.META["HTTP_USER_AGENT"] |
|
||||
| taint_test.py:80 | ok | test_taint | request.META.get(..) |
|
||||
| taint_test.py:83 | ok | test_taint | request.headers |
|
||||
| taint_test.py:84 | ok | test_taint | request.headers["user-agent"] |
|
||||
| taint_test.py:85 | ok | test_taint | request.headers["USER_AGENT"] |
|
||||
| taint_test.py:88 | ok | test_taint | request.resolver_match |
|
||||
| taint_test.py:89 | fail | test_taint | request.resolver_match.args |
|
||||
| taint_test.py:90 | fail | test_taint | request.resolver_match.args[0] |
|
||||
| taint_test.py:91 | fail | test_taint | request.resolver_match.kwargs |
|
||||
| taint_test.py:92 | fail | test_taint | request.resolver_match.kwargs["key"] |
|
||||
| taint_test.py:94 | fail | test_taint | request.get_full_path() |
|
||||
| taint_test.py:95 | fail | test_taint | request.get_full_path_info() |
|
||||
| taint_test.py:99 | fail | test_taint | request.read() |
|
||||
| taint_test.py:100 | fail | test_taint | request.readline() |
|
||||
| taint_test.py:101 | fail | test_taint | request.readlines() |
|
||||
| taint_test.py:102 | fail | test_taint | request.readlines()[0] |
|
||||
| taint_test.py:103 | fail | test_taint | ListComp |
|
||||
| taint_test.py:109 | ok | test_taint | args |
|
||||
| taint_test.py:110 | ok | test_taint | args[0] |
|
||||
| taint_test.py:111 | ok | test_taint | kwargs |
|
||||
| taint_test.py:112 | ok | test_taint | kwargs["key"] |
|
||||
| taint_test.py:116 | ok | test_taint | request.current_app |
|
||||
| taint_test.py:121 | ok | test_taint | request.get_host() |
|
||||
| taint_test.py:122 | ok | test_taint | request.get_port() |
|
||||
| taint_test.py:129 | fail | test_taint | request.build_absolute_uri() |
|
||||
| taint_test.py:130 | fail | test_taint | request.build_absolute_uri(..) |
|
||||
| taint_test.py:133 | ok | test_taint | request.build_absolute_uri(..) |
|
||||
| taint_test.py:131 | fail | test_taint | request.build_absolute_uri(..) |
|
||||
| taint_test.py:134 | ok | test_taint | request.build_absolute_uri(..) |
|
||||
| taint_test.py:142 | ok | test_taint | request.get_signed_cookie(..) |
|
||||
| taint_test.py:135 | ok | test_taint | request.build_absolute_uri(..) |
|
||||
| taint_test.py:143 | ok | test_taint | request.get_signed_cookie(..) |
|
||||
| taint_test.py:144 | ok | test_taint | request.get_signed_cookie(..) |
|
||||
| taint_test.py:148 | fail | test_taint | request.get_signed_cookie(..) |
|
||||
| taint_test.py:145 | ok | test_taint | request.get_signed_cookie(..) |
|
||||
| taint_test.py:149 | fail | test_taint | request.get_signed_cookie(..) |
|
||||
| taint_test.py:150 | fail | test_taint | request.get_signed_cookie(..) |
|
||||
| taint_test.py:157 | ok | some_method | self.request |
|
||||
| taint_test.py:158 | ok | some_method | self.request.GET["key"] |
|
||||
| taint_test.py:160 | ok | some_method | self.args |
|
||||
| taint_test.py:161 | ok | some_method | self.args[0] |
|
||||
| taint_test.py:163 | ok | some_method | self.kwargs |
|
||||
| taint_test.py:164 | ok | some_method | self.kwargs["key"] |
|
||||
|
||||
@@ -3,6 +3,7 @@ from django.urls import path, re_path
|
||||
from django.http import HttpResponse, HttpResponseRedirect, JsonResponse, HttpResponseNotFound
|
||||
from django.views import View
|
||||
import django.views.generic.base
|
||||
from django.views.decorators.http import require_GET
|
||||
|
||||
|
||||
def url_match_xss(request, foo, bar, no_taint=None): # $requestHandler routedParameter=foo routedParameter=bar
|
||||
@@ -105,6 +106,10 @@ urlpatterns = [
|
||||
path("not_valid/<not_valid!>", not_valid_identifier), # $routeSetup="not_valid/<not_valid!>"
|
||||
]
|
||||
|
||||
################################################################################
|
||||
# Deprecated django.conf.urls.url
|
||||
################################################################################
|
||||
|
||||
# This version 1.x way of defining urls is deprecated in Django 3.1, but still works
|
||||
from django.conf.urls import url
|
||||
|
||||
@@ -116,9 +121,32 @@ urlpatterns = [
|
||||
]
|
||||
|
||||
|
||||
################################################################################
|
||||
# Special stuff
|
||||
################################################################################
|
||||
|
||||
class PossiblyNotRouted(View):
|
||||
# Even if our analysis can't find a route-setup for this class, we should still
|
||||
# consider it to be a handle incoming HTTP requests
|
||||
|
||||
def get(self, request, possibly_not_routed=42): # $ requestHandler routedParameter=possibly_not_routed
|
||||
return HttpResponse('PossiblyNotRouted get: {}'.format(possibly_not_routed)) # $HttpResponse
|
||||
|
||||
|
||||
@require_GET
|
||||
def with_decorator(request, foo): # $ requestHandler routedParameter=foo
|
||||
pass
|
||||
|
||||
urlpatterns = [
|
||||
path("with_decorator/<foo>", with_decorator), # $ routeSetup="with_decorator/<foo>"
|
||||
]
|
||||
|
||||
class UnknownViewSubclass(UnknownViewSuperclass):
|
||||
# Although we don't know for certain that this class is a django view class, the fact that it's
|
||||
# used with `as_view()` in the routing setup should be enough that we treat it as such.
|
||||
def get(self, request): # $ requestHandler
|
||||
pass
|
||||
|
||||
urlpatterns = [
|
||||
path("UnknownViewSubclass/", UnknownViewSubclass.as_view()), # $ routeSetup="UnknownViewSubclass/"
|
||||
]
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
"""testing views for Django 2.x and 3.x"""
|
||||
from django.urls import path
|
||||
from django.http import HttpRequest
|
||||
from django.views import View
|
||||
|
||||
|
||||
def test_taint(request: HttpRequest, foo, bar, baz=None): # $requestHandler routedParameter=foo routedParameter=bar
|
||||
@@ -150,7 +151,22 @@ def test_taint(request: HttpRequest, foo, bar, baz=None): # $requestHandler rou
|
||||
)
|
||||
|
||||
|
||||
class ClassView(View):
|
||||
def some_method(self):
|
||||
ensure_tainted(
|
||||
self.request,
|
||||
self.request.GET["key"],
|
||||
|
||||
self.args,
|
||||
self.args[0],
|
||||
|
||||
self.kwargs,
|
||||
self.kwargs["key"],
|
||||
)
|
||||
|
||||
|
||||
# fake setup, you can't actually run this
|
||||
urlpatterns = [
|
||||
path("test-taint/<foo>/<bar>", test_taint), # $routeSetup="test-taint/<foo>/<bar>"
|
||||
path("test-taint/<foo>/<bar>", test_taint), # $ routeSetup="test-taint/<foo>/<bar>"
|
||||
path("ClassView/", ClassView.as_view()), # $ routeSetup="ClassView/"
|
||||
]
|
||||
|
||||
@@ -30,4 +30,5 @@ class MyCustomViewBaseClass(View):
|
||||
|
||||
class MyViewHandlerWithCustomInheritance(MyCustomViewBaseClass):
|
||||
def get(self, request: HttpRequest): # $ requestHandler
|
||||
print(self.request.GET)
|
||||
return HttpResponse("MyViewHandlerWithCustomInheritance: GET") # $ HttpResponse
|
||||
|
||||
Reference in New Issue
Block a user