hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: FastAPI: Model extra-taint for pydantic models

Browse Source 
It feels a bit strange to add it to `frameworks.rst` since we only
support a little bit of it, but if I don't do it now, we will most
likely forget to do it later on (since it has already been added to
`frameworks.qll`).
This commit is contained in:
Rasmus Wriedt Larsen
2021-10-25 10:47:29 +02:00
parent f5464b79e4
commit 7e7a6464ec
5 changed files with 122 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/ql/test/library-tests/frameworks/fastapi/taint_test.py
View File

@@ -29,14 +29,14 @@ async def test_taint(name : str, number : int, also_input: MyComplexModel): # $
number, # $ tainted
also_input, # $ tainted
also_input.field, # $ MISSING: tainted
also_input.field, # $ tainted
also_input.main_foo, # $ MISSING: tainted
also_input.main_foo.foo, # $ MISSING: tainted
also_input.main_foo, # $ tainted
also_input.main_foo.foo, # $ tainted
also_input.other_foos, # $ MISSING: tainted
also_input.other_foos[0], # $ MISSING: tainted
also_input.other_foos[0].foo, # $ MISSING: tainted
also_input.other_foos, # $ tainted
also_input.other_foos[0], # $ tainted
also_input.other_foos[0].foo, # $ tainted
[f.foo for f in also_input.other_foos], # $ MISSING: tainted
)