hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add FileLikeObject modeling

Browse Source 
Such that the result of `request.FILES["key"].file.read()` is tainted
This commit is contained in:
Rasmus Wriedt Larsen
2021-07-20 10:45:47 +02:00
parent 18c0d13efd
commit 7dc6518350
3 changed files with 73 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/test/library-tests/frameworks/django-v2-v3/taint_test.py
View File

@@ -67,7 +67,7 @@ def test_taint(request: HttpRequest, foo, bar, baz=None): # $requestHandler rou
request.FILES["key"].charset, # $ tainted
request.FILES["key"].name, # $ tainted
request.FILES["key"].file, # $ tainted
request.FILES["key"].file.read(), # $ MISSING: tainted
request.FILES["key"].file.read(), # $ tainted
request.FILES.get("key"), # $ tainted
request.FILES.get("key").name, # $ tainted