hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1671 from markshannon/python-flask-escape

Browse Source 
Python: Add missing function to flask test stub.
This commit is contained in:
Rebecca Valentine
2019-08-01 11:47:09 -07:00
committed by GitHub
parent 691df0508e fab2cb5a32
commit 40d7f5a332
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
View File

@@ -1,6 +1,7 @@
edges
| ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | ../lib/flask/__init__.py:15:19:15:20 | externally controlled string |
| ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | ../lib/flask/__init__.py:16:25:16:26 | externally controlled string |
| ../lib/flask/__init__.py:22:12:22:14 | externally controlled string | ../lib/flask/__init__.py:23:26:23:28 | externally controlled string |
| jinja2_escaping.py:14:12:14:23 | dict of externally controlled string | jinja2_escaping.py:14:12:14:39 | externally controlled string |
| jinja2_escaping.py:14:12:14:39 | externally controlled string | jinja2_escaping.py:16:47:16:50 | externally controlled string |
| reflected_xss.py:7:18:7:29 | dict of externally controlled string | reflected_xss.py:7:18:7:45 | externally controlled string |
@@ -9,9 +10,12 @@ edges
| reflected_xss.py:8:44:8:53 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
| reflected_xss.py:12:18:12:29 | dict of externally controlled string | reflected_xss.py:12:18:12:45 | externally controlled string |
| reflected_xss.py:12:18:12:45 | externally controlled string | reflected_xss.py:13:51:13:60 | externally controlled string |
| reflected_xss.py:13:51:13:60 | externally controlled string | ../lib/flask/__init__.py:22:12:22:14 | externally controlled string |
parents
| ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
| ../lib/flask/__init__.py:15:19:15:20 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
| ../lib/flask/__init__.py:16:25:16:26 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
| ../lib/flask/__init__.py:22:12:22:14 | externally controlled string | reflected_xss.py:13:51:13:60 | externally controlled string |
| ../lib/flask/__init__.py:23:26:23:28 | externally controlled string | reflected_xss.py:13:51:13:60 | externally controlled string |
#select
| ../lib/flask/__init__.py:16:25:16:26 | flask.response.argument | reflected_xss.py:7:18:7:29 | dict of externally controlled string | ../lib/flask/__init__.py:16:25:16:26 | externally controlled string | Cross-site scripting vulnerability due to $@. | reflected_xss.py:7:18:7:29 | flask.request.args | user-provided value |

3
python/ql/test/query-tests/Security/lib/flask/__init__.py
View File

@@ -18,3 +18,6 @@ def make_response(rv):
return rv
else:
pass
def escape(txt):
return Markup.escape(txt)