hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

python: add concept tests

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2022-03-23 12:05:09 +01:00
parent 441e206cfa
commit 6c2449564a
3 changed files with 34 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
python/ql/test/experimental/meta/ConceptsTest.qll
View File

@@ -503,3 +503,35 @@ class HttpClientRequestTest extends InlineExpectationsTest {
) )
} }
} }
class CsrfProtectionSettingTest extends InlineExpectationsTest {
CsrfProtectionSettingTest() { this = "CsrfProtectionSettingTest" }
override string getARelevantTag() { result = "CsrfProtectionSetting" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(location.getFile().getRelativePath()) and
exists(CsrfProtectionSetting setting |
location = setting.getLocation() and
element = setting.toString() and
value = setting.getVerificationSetting().toString() and
tag = "CsrfProtectionSetting"
)
}
}
class CsrfLocalProtectionTest extends InlineExpectationsTest {
CsrfLocalProtectionTest() { this = "CsrfLocalProtectionTest" }
override string getARelevantTag() { result = "CsrfLocalProtection" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(location.getFile().getRelativePath()) and
exists(CsrfLocalProtection p |
location = p.getLocation() and
element = p.toString() and
value = p.getProtected().getName().toString() and
tag = "CsrfLocalProtection"
)
}
}

2
python/ql/test/library-tests/frameworks/django-v2-v3/response_test.py
View File

@@ -118,7 +118,7 @@ class CustomJsonResponse(JsonResponse):
def __init__(self, banner, content, *args, **kwargs): def __init__(self, banner, content, *args, **kwargs):
super().__init__(content, *args, content_type="text/html", **kwargs) super().__init__(content, *args, content_type="text/html", **kwargs)
@csrf_protect @csrf_protect # $CsrfLocalProtection=safe__custom_json_response
def safe__custom_json_response(request): def safe__custom_json_response(request):
return CustomJsonResponse("ACME Responses", {"foo": request.GET.get("foo")}) # $HttpResponse mimetype=application/json MISSING: responseBody=Dict SPURIOUS: responseBody="ACME Responses" return CustomJsonResponse("ACME Responses", {"foo": request.GET.get("foo")}) # $HttpResponse mimetype=application/json MISSING: responseBody=Dict SPURIOUS: responseBody="ACME Responses"

2
python/ql/test/library-tests/frameworks/django-v2-v3/testproj/settings.py
View File

@@ -40,7 +40,7 @@ INSTALLED_APPS = [
'django.contrib.staticfiles', 'django.contrib.staticfiles',
] ]
MIDDLEWARE = [ MIDDLEWARE = [ # $CsrfProtectionSetting=false
'django.middleware.security.SecurityMiddleware', 'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',