hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: add test for __traceback__

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2021-03-07 17:50:28 +01:00
parent 9f8a028dfc
commit 296297915c
2 changed files with 25 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
View File

@@ -1,11 +1,11 @@
edges
| test.py:33:15:33:36 | ControlFlowNode for Attribute() | test.py:34:29:34:31 | ControlFlowNode for err |
| test.py:34:29:34:31 | ControlFlowNode for err | test.py:34:16:34:32 | ControlFlowNode for format_error() |
| test.py:49:15:49:36 | ControlFlowNode for Attribute() | test.py:50:29:50:31 | ControlFlowNode for err |
| test.py:50:29:50:31 | ControlFlowNode for err | test.py:50:16:50:32 | ControlFlowNode for format_error() |
nodes
| test.py:16:16:16:37 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:33:15:33:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:34:16:34:32 | ControlFlowNode for format_error() | semmle.label | ControlFlowNode for format_error() |
| test.py:34:29:34:31 | ControlFlowNode for err | semmle.label | ControlFlowNode for err |
| test.py:49:15:49:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:50:16:50:32 | ControlFlowNode for format_error() | semmle.label | ControlFlowNode for format_error() |
| test.py:50:29:50:31 | ControlFlowNode for err | semmle.label | ControlFlowNode for err |
#select
| test.py:16:16:16:37 | ControlFlowNode for Attribute() | test.py:16:16:16:37 | ControlFlowNode for Attribute() | test.py:16:16:16:37 | ControlFlowNode for Attribute() | $@ may be exposed to an external user | test.py:16:16:16:37 | ControlFlowNode for Attribute() | Error information |
| test.py:34:16:34:32 | ControlFlowNode for format_error() | test.py:33:15:33:36 | ControlFlowNode for Attribute() | test.py:34:16:34:32 | ControlFlowNode for format_error() | $@ may be exposed to an external user | test.py:33:15:33:36 | ControlFlowNode for Attribute() | Error information |
| test.py:50:16:50:32 | ControlFlowNode for format_error() | test.py:49:15:49:36 | ControlFlowNode for Attribute() | test.py:50:16:50:32 | ControlFlowNode for format_error() | $@ may be exposed to an external user | test.py:49:15:49:36 | ControlFlowNode for Attribute() | Error information |

22
python/ql/test/query-tests/Security/CWE-209/test.py
View File

@@ -12,15 +12,31 @@ def do_computation():
def server_bad():
try:
do_computation()
except Exception as e: #$ exceptionInfo
except Exception:
return traceback.format_exc() #$ exceptionInfo
# BAD
@app.route('/bad/clearly')
def server_bad():
try:
do_computation()
except Exception as e: #$ exceptionInfo
return e
# BAD
@app.route('/bad/also')
def server_bad():
try:
do_computation()
except Exception as e: #$ exceptionInfo
return e.__traceback__
# GOOD
@app.route('/good')
def server_good():
try:
do_computation()
except Exception as e: #$ exceptionInfo
except Exception:
log(traceback.format_exc()) #$ exceptionInfo
return "An internal error has occurred!"
@@ -29,7 +45,7 @@ def server_good():
def server_bad_flow():
try:
do_computation()
except Exception as e: #$ exceptionInfo
except Exception:
err = traceback.format_exc() #$ exceptionInfo
return format_error(err)