hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: subclas of known subclasses

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2020-10-30 17:37:54 +01:00
parent a3cc9b6982
commit 37ad59a92a
2 changed files with 37 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
python/ql/src/experimental/semmle/python/frameworks/Django.qll
View File

@@ -781,6 +781,9 @@ private module Django {
t.start() and
result = http_attr("HttpResponseRedirect")
or
// subclass
result.asExpr().(ClassExpr).getABase() = classRef(t.continue()).asExpr()
or
exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))
}
@@ -842,6 +845,9 @@ private module Django {
t.start() and
result = http_attr("HttpResponsePermanentRedirect")
or
// subclass
result.asExpr().(ClassExpr).getABase() = classRef(t.continue()).asExpr()
or
exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))
}
@@ -903,6 +909,9 @@ private module Django {
t.start() and
result = http_attr("HttpResponseNotModified")
or
// subclass
result.asExpr().(ClassExpr).getABase() = classRef(t.continue()).asExpr()
or
exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))
}
@@ -962,6 +971,9 @@ private module Django {
t.start() and
result = http_attr("HttpResponseBadRequest")
or
// subclass
result.asExpr().(ClassExpr).getABase() = classRef(t.continue()).asExpr()
or
exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))
}
@@ -1023,6 +1035,9 @@ private module Django {
t.start() and
result = http_attr("HttpResponseNotFound")
or
// subclass
result.asExpr().(ClassExpr).getABase() = classRef(t.continue()).asExpr()
or
exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))
}
@@ -1084,6 +1099,9 @@ private module Django {
t.start() and
result = http_attr("HttpResponseForbidden")
or
// subclass
result.asExpr().(ClassExpr).getABase() = classRef(t.continue()).asExpr()
or
exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))
}
@@ -1145,6 +1163,9 @@ private module Django {
t.start() and
result = http_attr("HttpResponseNotAllowed")
or
// subclass
result.asExpr().(ClassExpr).getABase() = classRef(t.continue()).asExpr()
or
exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))
}
@@ -1207,6 +1228,9 @@ private module Django {
t.start() and
result = http_attr("HttpResponseGone")
or
// subclass
result.asExpr().(ClassExpr).getABase() = classRef(t.continue()).asExpr()
or
exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))
}
@@ -1268,6 +1292,9 @@ private module Django {
t.start() and
result = http_attr("HttpResponseServerError")
or
// subclass
result.asExpr().(ClassExpr).getABase() = classRef(t.continue()).asExpr()
or
exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))
}
@@ -1329,6 +1356,9 @@ private module Django {
t.start() and
result = http_attr("JsonResponse")
or
// subclass
result.asExpr().(ClassExpr).getABase() = classRef(t.continue()).asExpr()
or
exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))
}
@@ -1393,6 +1423,9 @@ private module Django {
t.start() and
result = http_attr("StreamingHttpResponse")
or
// subclass
result.asExpr().(ClassExpr).getABase() = classRef(t.continue()).asExpr()
or
exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))
}
@@ -1454,6 +1487,9 @@ private module Django {
t.start() and
result = http_attr("FileResponse")
or
// subclass
result.asExpr().(ClassExpr).getABase() = classRef(t.continue()).asExpr()
or
exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))
}