Python: Model flask.jsonify

python/ql/lib/change-notes/2022-09-22-flask-jsonify.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added modeling of creating Flask responses with `flask.jsonify`.

python/ql/lib/semmle/python/frameworks/Flask.qll

@@ -171,6 +171,24 @@ module Flask {
       override DataFlow::Node getMimetypeOrContentTypeArg() { none() }
     }
 
+    /**
+     * A call to `flask.jsonify` function. This creates a JSON response.
+     *
+     * See
+     * - https://flask.palletsprojects.com/en/2.2.x/api/#flask.json.jsonify
+     */
+    private class FlaskJsonifyCall extends InstanceSource, DataFlow::CallCfgNode {
+      FlaskJsonifyCall() {
+        this = API::moduleImport("flask").getMember("jsonify").getACall()
+      }
+
+      override DataFlow::Node getBody() { result = this.getArg(0) }
+
+      override string getMimetypeDefault() { result = "application/json" }
+
+      override DataFlow::Node getMimetypeOrContentTypeArg() { none() }
+    }
+
     /** Gets a reference to an instance of `flask.Response`. */
     private DataFlow::TypeTrackingNode instance(DataFlow::TypeTracker t) {
       t.start() and