Python: Two new queries for URL and hostname sanitization (CWE-020).

2026-05-04 05:05:12 +02:00 · 2019-01-24 12:57:14 +00:00
parent ffa8b12d48
commit 88d8cb514c
13 changed files with 385 additions and 0 deletions
--- a/python/ql/test/query-tests/Security/CWE-020/IncompleteUrlSubstringSanitization.expected
+++ b/python/ql/test/query-tests/Security/CWE-020/IncompleteUrlSubstringSanitization.expected
@@ -0,0 +1,2 @@
+| urltest.py:9:8:9:30 | Compare | '$@' may be at an arbitrary position in the sanitized URL. | urltest.py:9:8:9:20 | Str | example.com |
+| urltest.py:15:8:15:37 | Attribute() | '$@' may be at an arbitrary position in the sanitized URL. | urltest.py:15:24:15:36 | Str | example.com |