Python: Add HttpRedirectSinks test for django

2026-04-29 02:35:15 +02:00 · 2020-02-17 16:49:05 +01:00
parent a3c6472b9b
commit 362e7aebbb
4 changed files with 16 additions and 4 deletions
--- a/python/ql/src/semmle/python/web/django/Redirect.qll
+++ b/python/ql/src/semmle/python/web/django/Redirect.qll
@@ -17,9 +17,6 @@ class DjangoRedirect extends HttpRedirectTaintSink {
    override string toString() { result = "django.redirect" }

    DjangoRedirect() {
-        exists(CallNode call |
-            redirect().getACall() = call and
-            this = call.getAnArg()
-        )
+        this = redirect().getACall().getAnArg()
    }
 }
--- a/python/ql/test/library-tests/web/django/HttpRedirectSinks.expected
+++ b/python/ql/test/library-tests/web/django/HttpRedirectSinks.expected
@@ -0,0 +1 @@
+| test_1x.py:13:21:13:24 | django.redirect | externally controlled string |
--- a/python/ql/test/library-tests/web/django/HttpRedirectSinks.ql
+++ b/python/ql/test/library-tests/web/django/HttpRedirectSinks.ql
@@ -0,0 +1,7 @@
+import python
+import semmle.python.web.HttpRedirect
+import semmle.python.security.strings.Untrusted
+
+from HttpRedirectTaintSink sink, TaintKind kind
+where sink.sinks(kind)
+select sink, kind
--- a/python/ql/test/query-tests/Security/lib/django/shortcuts.py
+++ b/python/ql/test/query-tests/Security/lib/django/shortcuts.py
@@ -0,0 +1,7 @@
+# see https://docs.djangoproject.com/en/1.11/_modules/django/shortcuts/#redirect
+
+def render(request, template_name, context=None, content_type=None, status=None, using=None):
+    pass
+
+def redirect(to, *args, **kwargs):
+    pass
				`@@ -0,0 +1 @@`
				`\| test_1x.py:13:21:13:24 \| django.redirect \| externally controlled string \|`