Python: New query to test for requests without validation.

2026-05-02 20:25:13 +02:00 · 2018-11-22 17:31:45 +00:00
parent f0206a2ff4
commit 45e864a395
4 changed files with 36 additions and 0 deletions
--- a/python/ql/test/query-tests/Security/CWE-295/RequestWithoutValidation.expected
+++ b/python/ql/test/query-tests/Security/CWE-295/RequestWithoutValidation.expected
@@ -0,0 +1,4 @@
+| make_request.py:5:1:5:48 | ControlFlowNode for Attribute() | Call to $@ with verify=$@ | ../lib/requests.py:2:1:2:36 | Function get | requests.get | make_request.py:5:43:5:47 | ControlFlowNode for False | False |
+| make_request.py:7:1:7:49 | ControlFlowNode for Attribute() | Call to $@ with verify=$@ | ../lib/requests.py:11:1:11:46 | Function post | requests.post | make_request.py:7:44:7:48 | ControlFlowNode for False | False |
+| make_request.py:12:1:12:39 | ControlFlowNode for put() | Call to $@ with verify=$@ | ../lib/requests.py:14:1:14:34 | Function put | requests.put | make_request.py:12:34:12:38 | ControlFlowNode for False | False |
+| make_request.py:28:5:28:46 | ControlFlowNode for patch() | Call to $@ with verify=$@ | ../lib/requests.py:17:1:17:36 | Function patch | requests.patch | make_request.py:30:6:30:10 | ControlFlowNode for False | False |
--- a/python/ql/test/query-tests/Security/CWE-295/RequestWithoutValidation.qlref
+++ b/python/ql/test/query-tests/Security/CWE-295/RequestWithoutValidation.qlref
@@ -0,0 +1 @@
+Security/CWE-295/RequestWithoutValidation.ql
--- a/python/ql/test/query-tests/Security/CWE-295/options
+++ b/python/ql/test/query-tests/Security/CWE-295/options
@@ -0,0 +1 @@
+semmle-extractor-options: -p ../lib/ --max-import-depth=3
				`@@ -0,0 +1 @@`
				`Security/CWE-295/RequestWithoutValidation.ql`
				`@@ -0,0 +1 @@`
				`semmle-extractor-options: -p ../lib/ --max-import-depth=3`