hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix experimental tests

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-07-07 19:44:43 +02:00
parent 1d5ef381ae
commit 7306f58e57
6 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
python/ql/src/experimental/CWE-643/xpath.ql
View File

@@ -12,6 +12,7 @@
import python
import semmle.python.security.Paths
import semmle.python.security.strings.Untrusted
/* Sources */
import semmle.python.web.HttpRequest
/* Sinks */

4
python/ql/src/experimental/semmle/python/security/injection/Xpath.qll
View File

@@ -22,14 +22,14 @@ module XpathInjection {
abstract class XpathInjectionSink extends TaintSink { }
/**
* A Sink representing an argument to the `etree.Xpath` call.
* A Sink representing an argument to the `etree.XPath` call.
*
* from lxml import etree
* root = etree.XML("<xmlContent>")
* find_text = etree.XPath("`sink`")
*/
private class EtreeXpathArgument extends XpathInjectionSink {
override string toString() { result = "lxml.etree.Xpath" }
override string toString() { result = "lxml.etree.XPath" }
EtreeXpathArgument() {
exists(CallNode call | call.getFunction().(AttrNode).getObject("XPath").pointsTo(etree()) |