hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: add comment with ref

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2021-03-08 08:17:23 +01:00
parent 7142ddcb25
commit 4a9023b989
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/src/semmle/python/security/dataflow/StackTraceExposure.qll
View File

@@ -22,6 +22,8 @@ class StackTraceExposureConfiguration extends TaintTracking::Configuration {
sink = any(HTTP::Server::HttpResponse response).getBody()
}
// A stack trace is accessible as the `__traceback__` attribute of a caught exception.
// seehttps://docs.python.org/3/reference/datamodel.html#traceback-objects
override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
exists(AttrRead attr | attr.getAttributeName() = "__traceback__" |
nodeFrom = attr.getObject() and