hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Don't consider has_body tainted

Browse Source 
Although it technically is, I think it belong in the section of things
that are unlikely to be exploitable
This commit is contained in:
Rasmus Wriedt Larsen
2021-05-26 15:57:02 +02:00
parent d953ea47d4
commit 597a9dfc80
2 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/src/semmle/python/frameworks/Aiohttp.qll
View File

@@ -224,9 +224,8 @@ module AiohttpWebModel {
nodeTo.(DataFlow::AttrRead).getObject() = nodeFrom and
nodeTo.(DataFlow::AttrRead).getAttributeName() in [
"url", "rel_url", "forwarded", "host", "remote", "path", "path_qs", "raw_path", "query",
"headers", "transport", "cookies", "content", "_payload", "body_exists", "has_body",
"content_type", "charset", "http_range", "if_modified_since", "if_unmodified_since",
"if_range"
"headers", "transport", "cookies", "content", "_payload", "content_type", "charset",
"http_range", "if_modified_since", "if_unmodified_since", "if_range"
]
}
}