hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Model flask.Response

Browse Source 
I think I'll rework how we model content-type, since what we _actually_ want to
know is the mimetype
This commit is contained in:
Rasmus Wriedt Larsen
2020-10-22 14:16:10 +02:00
parent 1f99bbf744
commit 81a42b73a8
2 changed files with 10 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/test/experimental/library-tests/frameworks/flask/ConceptsTest.expected
View File

@@ -0,0 +1,3 @@
| response_test.py:92:12:92:79 | ControlFlowNode for Response() | Unexpected result: contentType=text/plain; charset=utf-8 |
| response_test.py:99:12:99:101 | ControlFlowNode for Response() | Unexpected result: contentType=text/plain; charset=utf-8 |
| response_test.py:114:12:114:118 | ControlFlowNode for Response() | Unexpected result: contentType=text/plain; charset=utf-8 |

20
python/ql/test/experimental/library-tests/frameworks/flask/response_test.py
View File

@@ -31,7 +31,7 @@ def html3(): # $routeHandler
@app.route("/html4") # $routeSetup="/html4"
def html4(): # $routeHandler
resp = Response("<h1>hello</h1>") # $f-:HttpResponse $f-:contentType=text/html $f-:responseBody="<h1>hello</h1>"
resp = Response("<h1>hello</h1>") # $HttpResponse $contentType=text/html $responseBody="<h1>hello</h1>"
return resp
@@ -83,29 +83,27 @@ def response_modification2(): # $routeHandler
@app.route("/content-type/Response1") # $routeSetup="/content-type/Response1"
def Response1(): # $routeHandler
resp = Response("<h1>hello</h1>", mimetype="text/plain") # $f-:HttpResponse $f-:contentType=text/plain $f-:responseBody="<h1>hello</h1>"
resp = Response("<h1>hello</h1>", mimetype="text/plain") # $HttpResponse $contentType=text/plain $responseBody="<h1>hello</h1>"
return resp
@app.route("/content-type/Response2") # $routeSetup="/content-type/Response2"
def Response2(): # $routeHandler
resp = Response("<h1>hello</h1>", content_type="text/plain; charset=utf-8") # $f-:HttpResponse $f-:contentType=text/plain $f-:responseBody="<h1>hello</h1>"
resp = Response("<h1>hello</h1>", content_type="text/plain; charset=utf-8") # $HttpResponse $f-:contentType=text/plain $responseBody="<h1>hello</h1>"
return resp
@app.route("/content-type/Response3") # $routeSetup="/content-type/Response3"
def Response3(): # $routeHandler
# content_type argument takes priority (and result is text/plain)
resp = Response(
"<h1>hello</h1>", content_type="text/plain; charset=utf-8", mimetype="text/html"
) # $f-:HttpResponse $f-:contentType=text/plain $f-:responseBody="<h1>hello</h1>"
resp = Response("<h1>hello</h1>", content_type="text/plain; charset=utf-8", mimetype="text/html") # $HttpResponse $f-:contentType=text/plain $responseBody="<h1>hello</h1>"
return resp
@app.route("/content-type/Response4") # $routeSetup="/content-type/Response4"
def Response4(): # $routeHandler
# note: capitalization of Content-Type does not matter
resp = Response("<h1>hello</h1>", headers={"Content-TYPE": "text/plain"}) # $f-:HttpResponse $f-:contentType=text/plain $f-:responseBody="<h1>hello</h1>"
resp = Response("<h1>hello</h1>", headers={"Content-TYPE": "text/plain"}) # $HttpResponse $f+:contentType=text/html $f-:contentType=text/plain $responseBody="<h1>hello</h1>"
return resp
@@ -113,9 +111,7 @@ def Response4(): # $routeHandler
def Response5(): # $routeHandler
# content_type argument takes priority (and result is text/plain)
# note: capitalization of Content-Type does not matter
resp = Response(
"<h1>hello</h1>", headers={"Content-TYPE": "text/html"}, content_type="text/plain; charset=utf-8"
) # $f-:HttpResponse $f-:contentType=text/plain $f-:responseBody="<h1>hello</h1>"
resp = Response("<h1>hello</h1>", headers={"Content-TYPE": "text/html"}, content_type="text/plain; charset=utf-8") # $HttpResponse $f-:contentType=text/plain $responseBody="<h1>hello</h1>"
return resp
@@ -123,9 +119,7 @@ def Response5(): # $routeHandler
def Response6(): # $routeHandler
# mimetype argument takes priority over header (and result is text/plain)
# note: capitalization of Content-Type does not matter
resp = Response(
"<h1>hello</h1>", headers={"Content-TYPE": "text/html"}, mimetype="text/plain"
) # $f-:HttpResponse $f-:contentType=text/plain $f-:responseBody="<h1>hello</h1>"
resp = Response("<h1>hello</h1>", headers={"Content-TYPE": "text/html"}, mimetype="text/plain") # $HttpResponse $contentType=text/plain $responseBody="<h1>hello</h1>"
return resp