hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Polish FlaskHeaderCall

Browse Source
This commit is contained in:
jorgectf
2021-04-01 15:56:03 +02:00
parent 46c5cb1136
commit 3be916e82b
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql
View File

@@ -31,8 +31,10 @@ class WerkzeugHeaderCall extends DataFlow::CallCfgNode {
DataFlow::Node getHeaderInputNode() { result = this.getArg(1) }
}
class FlaskHeader extends DataFlow::Node {
FlaskHeader() {
class FlaskHeaderCall extends DataFlow::CallCfgNode {
DataFlow::Node headerInputNode;
FlaskHeaderCall() {
exists(
DataFlow::CallCfgNode headerInstance, DataFlow::AttrRead responseMethod,
AssignStmt sinkDeclaration
@@ -41,9 +43,12 @@ class FlaskHeader extends DataFlow::Node {
responseMethod.getAttributeName() = "headers" and
responseMethod.getObject().getALocalSource() = headerInstance and
sinkDeclaration.getATarget() = responseMethod.asExpr().getParentNode() and
this.asExpr() = sinkDeclaration.getValue()
headerInputNode.asExpr() = sinkDeclaration.getValue() and
this.getFunction() = responseMethod
)
}
DataFlow::Node getHeaderInputNode() { result = headerInputNode }
}
class FlaskMakeResponse extends DataFlow::Node {
@@ -69,8 +74,8 @@ class FlaskMakeResponse extends DataFlow::Node {
class HeaderInjectionSink extends DataFlow::Node {
HeaderInjectionSink() {
this instanceof WerkzeugHeader or
this instanceof FlaskHeader or
this instanceof WerkzeugHeaderCall or
this instanceof FlaskHeaderCall or
this instanceof FlaskMakeResponse
}
}