hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: django.http.response.JsonResponse

Browse Source 
It s possible this class is not relevant to XSS
This commit is contained in:
Rasmus Lerchedahl Petersen
2020-10-30 01:05:36 +01:00
parent 0f9b8595d1
commit 52be896666
2 changed files with 68 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/test/experimental/library-tests/frameworks/django-v1/response_test.py
View File

@@ -4,7 +4,7 @@ from django.http.response import HttpResponse, HttpResponseRedirect, JsonRespons
# FP reported in https://github.com/github/codeql-python-team/issues/38
def safe__json_response(request):
# implicitly sets Content-Type to "application/json"
return JsonResponse({"foo": request.GET.get("foo")}) # $f-:HttpResponse $f-:mimetype=application/json $f-:responseBody={"foo": request.GET.get("foo")}
return JsonResponse({"foo": request.GET.get("foo")}) # $HttpResponse $mimetype=application/json $responseBody=Dict
# Not an XSS sink, since the Content-Type is not "text/html"
def safe__manual_json_response(request):