hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Remove status code modeling

Browse Source 
I'm not even trying to model it properly right now, and don't have a specific
use-case for it RIGHT NOW. I think we could want this in the future, but I think
it's probably better to model it when we know what we want to use it for.
This commit is contained in:
Rasmus Wriedt Larsen
2020-10-22 13:36:24 +02:00
parent 19dc04de3c
commit 35334cf630
4 changed files with 18 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
python/ql/src/experimental/semmle/python/Concepts.qll
View File

@@ -239,9 +239,6 @@ module HTTP {
/** Gets the content-type of this HTTP response, if it can be statically determined. */
string getContentType() { result = range.getContentType() }
/** Gets the status code of this HTTP response, if it can be statically determined. */
int getStatusCode() { result = range.getStatusCode() }
}
/** Provides a class for modeling new HTTP response APIs. */
@@ -275,23 +272,6 @@ module HTTP {
not exists(this.getContentTypeArg()) and
result = this.getContentTypeDefault()
}
/** Gets the data-flow node that specifies the status code of this HTTP response, if any. */
abstract DataFlow::Node getStatusCodeArg();
/** Gets the default status code that should be used if `getStatusCodeArg` has no results. */
abstract int getStatusCodeDefault();
/** Gets the status code of this HTTP response, if it can be statically determined. */
int getStatusCode() {
exists(IntegerLiteral i |
DataFlow::localFlow(DataFlow::exprNode(i), this.getStatusCodeArg()) and
result = i.getValue()
)
or
not exists(this.getStatusCodeArg()) and
result = this.getStatusCodeDefault()
}
}
}
}

4
python/ql/src/experimental/semmle/python/frameworks/Flask.qll
View File

@@ -394,9 +394,5 @@ private module FlaskModel {
override string getContentTypeDefault() { result = "text/html" }
override DataFlow::Node getContentTypeArg() { none() }
override int getStatusCodeDefault() { result = 200 }
override DataFlow::Node getStatusCodeArg() { result.asCfgNode() = node.getArg(1) }
}
}