hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Format Flask.qll

Browse Source
This commit is contained in:
jorgectf
2021-06-23 18:37:11 +02:00
parent eac5eba9d2
commit 355bb5c734
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
python/ql/src/experimental/semmle/python/frameworks/Flask.qll
View File

@@ -10,16 +10,15 @@ private import semmle.python.ApiGraphs
private module Flask {
/** https://pythonhosted.org/Flask-Mail/#module-flask_mail */
private API::Node flaskMail() { result = API::moduleImport(["flask_mail", "flask_sendmail", "flask.ext.sendmail"]) }
private API::Node flaskMail() {
result = API::moduleImport(["flask_mail", "flask_sendmail", "flask.ext.sendmail"])
}
private API::Node flaskMailInstance() { result = flaskMail().getMember("Mail").getReturn() }
private DataFlow::CallCfgNode flaskMessageInstance() {
result = flaskMail().getMember("Message")
}
private DataFlow::CallCfgNode flaskMessageCall() {
result = flaskMessageInstance().getACall()
}
private API::Node flaskMessageInstance() { result = flaskMail().getMember("Message") }
private DataFlow::CallCfgNode flaskMessageCall() { result = flaskMessageInstance().getACall() }
private class FlaskMail extends DataFlow::CallCfgNode, EmailSender {
FlaskMail() {
@@ -56,8 +55,9 @@ private module Flask {
bodyWrite.getObject().getALocalSource() = flaskMessageCall() and
bodyWrite.getAttributeName() = "recipients" and
result = bodyWrite.getValue()
) or
/** https://pythonhosted.org/Flask-Mail/#flask_mail.Message.add_recipient */
)
or
// https://pythonhosted.org/Flask-Mail/#flask_mail.Message.add_recipient
result = flaskMessageInstance().getMember("add_recipient").getACall().getArg(0)
}