hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Refactor flask file sending tests

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-10-28 12:37:07 +02:00
parent e8895686f8
commit 436152a46d
2 changed files with 8 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python/ql/test/library-tests/frameworks/flask/file_sending.py Normal file
View File

@@ -0,0 +1,7 @@
from flask import send_from_directory, send_file
send_from_directory("filepath", "file") # $ getAPathArgument="filepath" getAPathArgument="file"
send_from_directory(directory="filepath", filename="file") # $ getAPathArgument="filepath" getAPathArgument="file"
send_file("file") # $ getAPathArgument="file"
send_file(filename_or_fp="file") # $ getAPathArgument="file"

13
python/ql/test/library-tests/frameworks/flask/save_uploaded_file.py
View File

@@ -1,17 +1,6 @@
from flask import Flask, request, send_from_directory, send_file
from flask import Flask, request
app = Flask(__name__)
@app.route("/save-uploaded-file") # $routeSetup="/save-uploaded-file"
def test_taint(): # $requestHandler
request.files['key'].save("path") # $ getAPathArgument="path"
@app.route("/path-injection") # $routeSetup="/path-injection"
def test_path(): # $requestHandler
send_from_directory("filepath","file") # $ getAPathArgument="filepath" getAPathArgument="file"
send_file("file") # $ getAPathArgument="file"
send_from_directory(directory="filepath","file") # $ getAPathArgument="filepath" getAPathArgument="file"
send_from_directory(filename="filepath","file") # $ getAPathArgument="filepath" getAPathArgument="file"
send_file(filename_or_fp="file") # $ getAPathArgument="file"