hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2664 from RasmusWL/python-fix-redirect-example

Browse Source 
Python: Remove unused variable in example for py/url-redirection
This commit is contained in:
Taus
2020-01-23 13:42:00 +01:00
committed by GitHub
parent d06e86f54d 422658bbdb
commit 618a35bb7c
4 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/src/Security/CWE-601/examples/redirect_bad.py
View File

@@ -4,5 +4,5 @@ app = Flask(__name__)
@app.route('/') @app.route('/')
def hello(): def hello():
target = files = request.args.get('target', '') target = request.args.get('target', '')
return redirect(target, code=302) return redirect(target, code=302)

2
python/ql/src/Security/CWE-601/examples/redirect_good.py
View File

@@ -6,7 +6,7 @@ app = Flask(__name__)
@app.route('/') @app.route('/')
def hello(): def hello():
target = files = request.args.get('target', '') target = request.args.get('target', '')
if target == VALID_REDIRECT: if target == VALID_REDIRECT:
return redirect(target, code=302) return redirect(target, code=302)
else: else:

10
python/ql/test/query-tests/Security/CWE-601/UrlRedirect.expected
View File

@@ -1,7 +1,7 @@
edges edges
| test.py:7:22:7:33 | dict of externally controlled string | test.py:7:22:7:51 | externally controlled string | | test.py:7:14:7:25 | dict of externally controlled string | test.py:7:14:7:43 | externally controlled string |
| test.py:7:22:7:33 | dict of externally controlled string | test.py:7:22:7:51 | externally controlled string | | test.py:7:14:7:25 | dict of externally controlled string | test.py:7:14:7:43 | externally controlled string |
| test.py:7:22:7:51 | externally controlled string | test.py:8:21:8:26 | externally controlled string | | test.py:7:14:7:43 | externally controlled string | test.py:8:21:8:26 | externally controlled string |
| test.py:7:22:7:51 | externally controlled string | test.py:8:21:8:26 | externally controlled string | | test.py:7:14:7:43 | externally controlled string | test.py:8:21:8:26 | externally controlled string |
#select #select
| test.py:8:21:8:26 | target | test.py:7:22:7:33 | dict of externally controlled string | test.py:8:21:8:26 | externally controlled string | Untrusted URL redirection due to $@. | test.py:7:22:7:33 | Attribute | a user-provided value | | test.py:8:21:8:26 | target | test.py:7:14:7:25 | dict of externally controlled string | test.py:8:21:8:26 | externally controlled string | Untrusted URL redirection due to $@. | test.py:7:14:7:25 | Attribute | a user-provided value |

2
python/ql/test/query-tests/Security/CWE-601/test.py
View File

@@ -4,7 +4,7 @@ app = Flask(__name__)
@app.route('/') @app.route('/')
def hello(): def hello():
target = files = request.args.get('target', '') target = request.args.get('target', '')
return redirect(target, code=302) return redirect(target, code=302)