Add tests for jinja

2026-04-26 09:15:12 +02:00 · 2024-11-20 14:50:35 +00:00
parent 71ab82dee0
commit 1cb01a286d
4 changed files with 67 additions and 0 deletions
--- a/python/ql/test/query-tests/Security/CWE-074-TemplateInjection/JinjaSsti.py
+++ b/python/ql/test/query-tests/Security/CWE-074-TemplateInjection/JinjaSsti.py
@@ -0,0 +1,31 @@
+from django.urls import path
+from django.http import HttpResponse
+from jinja2 import Template 
+from jinja2 import Environment, DictLoader, escape
+
+
+def a(request):
+    # Load the template
+    template = request.GET['template']
+    t = Template(template) # BAD: Template constructed from user input
+    name = request.GET['name']
+    # Render the template with the context data
+    html = t.render(name=escape(name))
+    return HttpResponse(html)
+
+def b(request):
+    import jinja2
+    # Load the template
+    template = request.GET['template']
+    env = Environment()
+    t = env.from_string(template) # BAD: Template constructed from user input
+    name = request.GET['name']
+    # Render the template with the context data
+    html = t.render(name=escape(name))
+    return HttpResponse(html)
+
+
+urlpatterns = [
+    path('a', a),
+    path('b', b)
+]
--- a/python/ql/test/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.expected
+++ b/python/ql/test/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.expected
@@ -0,0 +1,16 @@
+edges
+| JinjaSsti.py:7:7:7:13 | ControlFlowNode for request | JinjaSsti.py:9:5:9:12 | ControlFlowNode for template | provenance | AdditionalTaintStep |
+| JinjaSsti.py:9:5:9:12 | ControlFlowNode for template | JinjaSsti.py:10:18:10:25 | ControlFlowNode for template | provenance |  |
+| JinjaSsti.py:16:7:16:13 | ControlFlowNode for request | JinjaSsti.py:19:5:19:12 | ControlFlowNode for template | provenance | AdditionalTaintStep |
+| JinjaSsti.py:19:5:19:12 | ControlFlowNode for template | JinjaSsti.py:21:25:21:32 | ControlFlowNode for template | provenance |  |
+nodes
+| JinjaSsti.py:7:7:7:13 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| JinjaSsti.py:9:5:9:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
+| JinjaSsti.py:10:18:10:25 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
+| JinjaSsti.py:16:7:16:13 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| JinjaSsti.py:19:5:19:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
+| JinjaSsti.py:21:25:21:32 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
+subpaths
+#select
+| JinjaSsti.py:10:18:10:25 | ControlFlowNode for template | JinjaSsti.py:7:7:7:13 | ControlFlowNode for request | JinjaSsti.py:10:18:10:25 | ControlFlowNode for template | This Template construction depends on $@. | JinjaSsti.py:7:7:7:13 | ControlFlowNode for request | user-provided value |
+| JinjaSsti.py:21:25:21:32 | ControlFlowNode for template | JinjaSsti.py:16:7:16:13 | ControlFlowNode for request | JinjaSsti.py:21:25:21:32 | ControlFlowNode for template | This Template construction depends on $@. | JinjaSsti.py:16:7:16:13 | ControlFlowNode for request | user-provided value |
--- a/python/ql/test/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.qlref
+++ b/python/ql/test/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.qlref
@@ -0,0 +1 @@
+Security/CWE-074/TemplateInjection.ql