hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Convert stack-trace-exposure query to path-problem.

Browse Source
This commit is contained in:
Mark Shannon
2018-11-16 14:39:48 +00:00
committed by Mark Shannon
parent 2a24723cc3
commit 88d82017b3
2 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
View File

@@ -1 +1,11 @@
| test.py:16:16:16:37 | flask.routed.response | $@ may be exposed to an external user | test.py:16:16:16:37 | exception.info.source | Error information | edges
| test.py:33:15:33:36 | Taint exception.info at test.py:33 | test.py:34:29:34:31 | Taint exception.info at test.py:34 |
| test.py:34:29:34:31 | Taint exception.info at test.py:34 | test.py:36:18:36:20 | Taint exception.info at test.py:36 |
| test.py:36:18:36:20 | Taint exception.info at test.py:36 | test.py:37:25:37:27 | Taint exception.info at test.py:37 |
| test.py:37:12:37:27 | Taint exception.info at test.py:37 | test.py:34:16:34:32 | Taint exception.info at test.py:34 |
| test.py:37:25:37:27 | Taint exception.info at test.py:37 | test.py:37:12:37:27 | Taint exception.info at test.py:37 |
parents
| test.py:36:18:36:20 | Taint exception.info at test.py:36 | test.py:34:29:34:31 | Taint exception.info at test.py:34 |
#select
| test.py:16:16:16:37 | flask.routed.response | test.py:16:16:16:37 | Taint exception.info at test.py:16 | test.py:16:16:16:37 | Taint exception.info at test.py:16 | $@ may be exposed to an external user | test.py:16:16:16:37 | exception.info.source | Error information |
| test.py:34:16:34:32 | flask.routed.response | test.py:33:15:33:36 | Taint exception.info at test.py:33 | test.py:34:16:34:32 | Taint exception.info at test.py:34 | $@ may be exposed to an external user | test.py:33:15:33:36 | exception.info.source | Error information |

12
python/ql/test/query-tests/Security/CWE-209/test.py
View File

@@ -23,3 +23,15 @@ def server_good():
except Exception as e: except Exception as e:
log(traceback.format_exc()) log(traceback.format_exc())
return "An internal error has occurred!" return "An internal error has occurred!"
#BAD
@app.route('/bad/with-flow')
def server_bad_flow():
try:
do_computation()
except Exception as e:
err = traceback.format_exc()
return format_error(err)
def format_error(msg):
return "[ERROR] " + msg