Python: Fix taint-propagation to methods

Before we would add a step from _any_ request instance to _any_ method (CP).
2025-12-20 10:46:30 +01:00 · 2021-03-03 21:55:33 +01:00
parent 721ba5e2c5
commit 3dc0c2081e
1 changed files with 2 additions and 1 deletions
--- a/python/ql/src/semmle/python/frameworks/Flask.qll
+++ b/python/ql/src/semmle/python/frameworks/Flask.qll
@@ -351,7 +351,8 @@ module Flask {
      exists(string method_name | method_name in ["get_data", "get_json"] |
        // Method access
        nodeFrom = request().getAUse() and
-        nodeTo = request().getMember(method_name).getAnImmediateUse()
+        nodeTo.(DataFlow::AttrRead).getObject() = nodeFrom and
+        nodeTo.(DataFlow::AttrRead).getAttributeName() = method_name
        or
        // Method call
        nodeFrom = request().getMember(method_name).getAUse() and