hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1271 from markshannon/python-fix-fp-http-prefix

Browse Source 
Python: Fix false positive in 'Incomplete URL substring sanitization' query
This commit is contained in:
Taus
2019-04-26 15:23:04 +02:00
committed by GitHub
parent bdb678a318 28799441af
commit 7d2c17f27c
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
View File

@@ -35,16 +35,18 @@ predicate incomplete_sanitization(Expr sanitizer, StrConst url) {
(
sanitizer.(Compare).compares(url, any(In i), _)
or
call_to_startswith(sanitizer, url)
unsafe_call_to_startswith(sanitizer, url)
or
unsafe_call_to_endswith(sanitizer, url)
)
}
predicate call_to_startswith(Call sanitizer, StrConst url) {
predicate unsafe_call_to_startswith(Call sanitizer, StrConst url) {
sanitizer.getFunc().(Attribute).getName() = "startswith"
and
sanitizer.getArg(0) = url
and
not url.getText().regexpMatch("(?i)https?://[\\.a-z0-9-]+/.*")
}
predicate unsafe_call_to_endswith(Call sanitizer, StrConst url) {