mirror of
https://github.com/github/codeql.git
synced 2026-05-02 12:15:17 +02:00
Python: Improve taint steps in for & iterable unpacking
These were written way before the ones in DataFlowPrivate, but apparently didn't cover quite as much :|
This commit is contained in:
Rasmus Wriedt Larsen
@@ -55,7 +55,7 @@ async def test_taint(request: web.Request): # $ requestHandler
|
||||
await request.content.readline(), # $ tainted
|
||||
await request.content.readchunk(), # $ tainted
|
||||
(await request.content.readchunk())[0], # $ tainted
|
||||
[line async for line in request.content], # $ MISSING: tainted
|
||||
[line async for line in request.content], # $ tainted
|
||||
[data async for data in request.content.iter_chunked(1024)], # $ MISSING: tainted
|
||||
[data async for data in request.content.iter_any()], # $ MISSING: tainted
|
||||
[data async for data, _ in request.content.iter_chunks()], # $ MISSING: tainted
|
||||
|
||||
@@ -108,7 +108,7 @@ def test_taint(request: HttpRequest, foo, bar, baz=None): # $requestHandler rou
|
||||
request.readline(), # $ tainted
|
||||
request.readlines(), # $ tainted
|
||||
request.readlines()[0], # $ tainted
|
||||
[line for line in request], # $ MISSING: tainted
|
||||
[line for line in request], # $ tainted
|
||||
)
|
||||
|
||||
# django.urls.ResolverMatch also supports iterable unpacking
|
||||
|
||||
@@ -63,7 +63,7 @@ class TaintTest(tornado.web.RequestHandler):
|
||||
request.headers["header-name"], # $ tainted
|
||||
request.headers.get_list("header-name"), # $ tainted
|
||||
request.headers.get_all(), # $ tainted
|
||||
[(k, v) for (k, v) in request.headers.get_all()], # $ MISSING: tainted
|
||||
[(k, v) for (k, v) in request.headers.get_all()], # $ tainted
|
||||
|
||||
# Dict[str, http.cookies.Morsel]
|
||||
request.cookies, # $ tainted
|
||||
|
||||
Reference in New Issue
Block a user