Merge pull request #17370 from Kwstubbs/Bottle/Tornado-HeaderSupport

Python: Bottle Framework Support
2026-04-30 19:26:02 +02:00 · 2024-11-19 15:34:26 +01:00
parent 7a065746d6 ac411f1254
commit 22287be5d1
10 changed files with 233 additions and 0 deletions
--- a/python/ql/test/library-tests/frameworks/bottle/ConceptsTest.expected
+++ b/python/ql/test/library-tests/frameworks/bottle/ConceptsTest.expected
@@ -0,0 +1,2 @@
+testFailures
+failures
--- a/python/ql/test/library-tests/frameworks/bottle/ConceptsTest.ql
+++ b/python/ql/test/library-tests/frameworks/bottle/ConceptsTest.ql
@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest
--- a/python/ql/test/library-tests/frameworks/bottle/InlineTaintTest.expected
+++ b/python/ql/test/library-tests/frameworks/bottle/InlineTaintTest.expected
@@ -0,0 +1,4 @@
+argumentToEnsureNotTaintedNotMarkedAsSpurious
+untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+testFailures
+failures
--- a/python/ql/test/library-tests/frameworks/bottle/InlineTaintTest.ql
+++ b/python/ql/test/library-tests/frameworks/bottle/InlineTaintTest.ql
@@ -0,0 +1,2 @@
+import experimental.meta.InlineTaintTest
+import MakeInlineTaintTest<TestTaintTrackingConfig>
--- a/python/ql/test/library-tests/frameworks/bottle/basic_test.py
+++ b/python/ql/test/library-tests/frameworks/bottle/basic_test.py
@@ -0,0 +1,11 @@
+# Source: https://bottlepy.org/docs/dev/tutorial.html#the-application-object
+from bottle import Bottle, run
+
+app = Bottle()
+
+@app.route('/hello') # $ routeSetup="/hello"
+def hello(): # $ requestHandler
+    return "Hello World!" # $ HttpResponse responseBody="Hello World!" mimetype=text/html
+
+if __name__ == '__main__':
+    app.run(host='localhost', port=8080)
--- a/python/ql/test/library-tests/frameworks/bottle/header_test.py
+++ b/python/ql/test/library-tests/frameworks/bottle/header_test.py
@@ -0,0 +1,11 @@
+import bottle
+from bottle import Bottle, response, request
+
+app = Bottle()
+@app.route('/test', method=['OPTIONS', 'GET']) # $ routeSetup="/test"
+def test1():  # $ requestHandler
+    response.headers['Content-type'] = 'application/json' # $ headerWriteName='Content-type' headerWriteValue='application/json'
+    response.set_header('Content-type', 'application/json') # $ headerWriteName='Content-type' headerWriteValue='application/json'
+    return '[1]' # $ HttpResponse responseBody='[1]' mimetype=text/html
+
+app.run()
--- a/python/ql/test/library-tests/frameworks/bottle/taint_test.py
+++ b/python/ql/test/library-tests/frameworks/bottle/taint_test.py
@@ -0,0 +1,21 @@
+import bottle
+from bottle import response, request
+
+
+app = bottle.app()
+@app.route('/test', method=['OPTIONS', 'GET']) # $ routeSetup="/test"
+def test1():   # $ requestHandler
+
+    ensure_tainted(
+        request.headers,  # $ tainted
+        request.headers,  # $ tainted
+        request.forms,  # $ tainted
+        request.params, # $ tainted
+        request.url,  # $ tainted
+        request.body, # $ tainted
+        request.fullpath, # $ tainted
+        request.query_string # $ tainted
+    )
+    return '[1]' # $ HttpResponse mimetype=text/html responseBody='[1]'
+
+app.run()