Model Flask SessionInterface request parameter

2025-12-20 18:56:32 +01:00 · 2024-05-20 09:46:54 +01:00
parent b1329fd806
commit 7727e465f4
2 changed files with 18 additions and 0 deletions
--- a/python/ql/lib/semmle/python/frameworks/Flask.qll
+++ b/python/ql/lib/semmle/python/frameworks/Flask.qll
@@ -101,6 +101,19 @@ module Flask {
  /** Gets a reference to the `flask.request` object. */
  API::Node request() {
    result = API::moduleImport(["flask", "flask_restful"]).getMember("request")
+    or
+    result = sessionInterfaceRequestParam()
+  }
+
+  /** Gets a `request` parameter of an implementation of `open_session` in a subclass of `flask.sessions.SessionInterface` */
+  private API::Node sessionInterfaceRequestParam() {
+    result =
+      API::moduleImport("flask")
+          .getMember("sessions")
+          .getMember("SessionInterface")
+          .getASubclass+()
+          .getMember("open_session")
+          .getParameter(1)
  }

  /**
--- a/python/ql/test/library-tests/frameworks/flask/session_interface.py
+++ b/python/ql/test/library-tests/frameworks/flask/session_interface.py
@@ -0,0 +1,5 @@
+import flask 
+
+class MySessionInterface(flask.sessions.SessionInterface):
+    def open_session(self, app, request):
+        ensure_tainted(request) # $tainted