Python: Refactor Werkzeugmodeling

Having the additional taint step just next to the other definitions, so everything is together.
2026-04-30 11:15:13 +02:00 · 2021-07-20 11:01:35 +02:00
parent 4f4dec50f2
commit 5f5c0b11c7
1 changed files with 34 additions and 34 deletions
--- a/python/ql/src/semmle/python/frameworks/Werkzeug.qll
+++ b/python/ql/src/semmle/python/frameworks/Werkzeug.qll
@@ -49,6 +49,21 @@ module Werkzeug {
        DataFlow::Node getlist() {
          result = any(InstanceSourceApiNode a).getMember("getlist").getAUse()
        }
+
+        private class MultiDictAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
+          override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
+            // obj -> obj.getlist
+            exists(DataFlow::AttrRead read |
+              read.getObject() = nodeFrom and
+              nodeTo = read and
+              nodeTo = werkzeug::datastructures::MultiDict::getlist()
+            )
+            or
+            // getlist -> getlist()
+            nodeFrom = werkzeug::datastructures::MultiDict::getlist() and
+            nodeTo.(DataFlow::CallCfgNode).getFunction() = nodeFrom
+          }
+        }
      }

      /**
@@ -73,41 +88,26 @@ module Werkzeug {

        /** Gets a reference to an instance of `werkzeug.datastructures.FileStorage`. */
        DataFlow::Node instance() { result = any(InstanceSourceApiNode a).getAUse() }
+
+        private class FileStorageAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
+          override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
+            nodeFrom = werkzeug::datastructures::FileStorage::instance() and
+            exists(DataFlow::AttrRead read | nodeTo = read |
+              read.getAttributeName() in [
+                  // str
+                  "filename", "name", "content_type", "mimetype",
+                  // file-like
+                  "stream",
+                  // TODO: werkzeug.datastructures.Headers
+                  "headers",
+                  // dict[str, str]
+                  "mimetype_params"
+                ] and
+              read.getObject() = nodeFrom
+            )
+          }
+        }
      }
    }
  }
-
-  private class MultiDictAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
-    override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-      // obj -> obj.getlist
-      exists(DataFlow::AttrRead read |
-        read.getObject() = nodeFrom and
-        nodeTo = read and
-        nodeTo = werkzeug::datastructures::MultiDict::getlist()
-      )
-      or
-      // getlist -> getlist()
-      nodeFrom = werkzeug::datastructures::MultiDict::getlist() and
-      nodeTo.(DataFlow::CallCfgNode).getFunction() = nodeFrom
-    }
-  }
-
-  private class FileStorageAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
-    override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-      nodeFrom = werkzeug::datastructures::FileStorage::instance() and
-      exists(DataFlow::AttrRead read | nodeTo = read |
-        read.getAttributeName() in [
-            // str
-            "filename", "name", "content_type", "mimetype",
-            // file-like
-            "stream",
-            // TODO: werkzeug.datastructures.Headers
-            "headers",
-            // dict[str, str]
-            "mimetype_params"
-          ] and
-        read.getObject() = nodeFrom
-      )
-    }
-  }
 }