mirror of
https://github.com/github/codeql.git
synced 2026-04-29 18:55:14 +02:00
Merge branch 'master' into python-clean-qltest-options
This commit is contained in:
Taus
@@ -0,0 +1,4 @@
|
||||
| test.py:9:12:9:26 | bottle handler function result | externally controlled string |
|
||||
| test.py:13:12:13:24 | bottle handler function result | externally controlled string |
|
||||
| test.py:19:12:19:33 | bottle handler function result | externally controlled string |
|
||||
| test.py:36:21:36:51 | Taint sink | externally controlled string |
|
||||
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpResponseTaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink, kind
|
||||
@@ -0,0 +1,8 @@
|
||||
| ../../../query-tests/Security/lib/bottle.py:64:11:64:24 | LocalRequest() | bottle.request |
|
||||
| test.py:3:35:3:41 | ImportMember | bottle.request |
|
||||
| test.py:8:11:8:14 | name | externally controlled string |
|
||||
| test.py:12:9:12:12 | name | externally controlled string |
|
||||
| test.py:18:12:18:18 | request | bottle.request |
|
||||
| test.py:27:12:27:16 | where | externally controlled string |
|
||||
| test.py:32:14:32:20 | request | bottle.request |
|
||||
| test.py:36:34:36:40 | request | bottle.request |
|
||||
7
python/ql/test/library-tests/web/bottle/HttpSources.ql
Normal file
7
python/ql/test/library-tests/web/bottle/HttpSources.ql
Normal file
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpRequestTaintSource source, TaintKind kind
|
||||
where source.isSourceOf(kind)
|
||||
select source.(ControlFlowNode).getNode(), kind
|
||||
@@ -1,7 +1,5 @@
|
||||
import python
|
||||
|
||||
import semmle.python.web.bottle.General
|
||||
|
||||
from BottleRoute route
|
||||
|
||||
select route.getUrl(), route.getFunction()
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
| test.py:9 | BinaryExpr | externally controlled string |
|
||||
| test.py:13 | BinaryExpr | externally controlled string |
|
||||
| test.py:19 | BinaryExpr | externally controlled string |
|
||||
| test.py:36 | BinaryExpr | externally controlled string |
|
||||
@@ -1,10 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from TaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink.getLocation().toString(), sink.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,8 +0,0 @@
|
||||
| ../../../query-tests/Security/lib/bottle.py:64 | LocalRequest() | bottle.request |
|
||||
| test.py:3 | ImportMember | bottle.request |
|
||||
| test.py:8 | name | externally controlled string |
|
||||
| test.py:12 | name | externally controlled string |
|
||||
| test.py:18 | request | bottle.request |
|
||||
| test.py:27 | where | externally controlled string |
|
||||
| test.py:32 | request | bottle.request |
|
||||
| test.py:36 | request | bottle.request |
|
||||
@@ -1,10 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintSource src, TaintKind kind
|
||||
where src.isSourceOf(kind) and not kind.matches("tornado%")
|
||||
select src.getLocation().toString(), src.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,13 +1,7 @@
|
||||
|
||||
import python
|
||||
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintedNode node
|
||||
|
||||
select node.getLocation().toString(), node.getAstNode().toString(), node.getTaintKind()
|
||||
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
| red.py:8:16:8:20 | cherrypy handler function result | externally controlled string |
|
||||
| test.py:11:16:11:29 | cherrypy handler function result | externally controlled string |
|
||||
| test.py:17:16:17:27 | cherrypy handler function result | externally controlled string |
|
||||
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpResponseTaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink, kind
|
||||
@@ -0,0 +1,3 @@
|
||||
| ../../../query-tests/Security/lib/cherrypy/__init__.py:10:11:10:38 | _ThreadLocalProxy() | cherrypy.request |
|
||||
| test.py:10:17:10:19 | arg | externally controlled string |
|
||||
| test.py:16:17:16:19 | arg | externally controlled string |
|
||||
7
python/ql/test/library-tests/web/cherrypy/HttpSources.ql
Normal file
7
python/ql/test/library-tests/web/cherrypy/HttpSources.ql
Normal file
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpRequestTaintSource source, TaintKind kind
|
||||
where source.isSourceOf(kind)
|
||||
select source.(ControlFlowNode).getNode(), kind
|
||||
@@ -1,3 +0,0 @@
|
||||
| red.py:8 | Str | externally controlled string |
|
||||
| test.py:11 | BinaryExpr | externally controlled string |
|
||||
| test.py:17 | BinaryExpr | externally controlled string |
|
||||
@@ -1,10 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from TaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink.getLocation().toString(), sink.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,3 +0,0 @@
|
||||
| ../../../query-tests/Security/lib/cherrypy/__init__.py:10 | _ThreadLocalProxy() | cherrypy.request |
|
||||
| test.py:10 | arg | externally controlled string |
|
||||
| test.py:16 | arg | externally controlled string |
|
||||
@@ -1,10 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintSource src, TaintKind kind
|
||||
where src.isSourceOf(kind) and not kind.matches("tornado%")
|
||||
select src.getLocation().toString(), src.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -0,0 +1,7 @@
|
||||
| views.py:7:25:7:63 | django.Response(...) | externally controlled string |
|
||||
| views.py:11:25:11:52 | django.Response(...) | externally controlled string |
|
||||
| views.py:15:25:15:53 | django.Response(...) | externally controlled string |
|
||||
| views.py:23:29:23:60 | django.Response(...) | externally controlled string |
|
||||
| views.py:29:29:29:65 | django.Response(...) | externally controlled string |
|
||||
| views.py:34:25:34:63 | django.Response(...) | externally controlled string |
|
||||
| views.py:38:25:38:70 | django.Response(...) | externally controlled string |
|
||||
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpResponseTaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink, kind
|
||||
19
python/ql/test/library-tests/web/django/HttpSources.expected
Normal file
19
python/ql/test/library-tests/web/django/HttpSources.expected
Normal file
@@ -0,0 +1,19 @@
|
||||
| test.py:5:19:5:25 | request | django.request.HttpRequest |
|
||||
| test.py:5:28:5:31 | path | externally controlled string |
|
||||
| test.py:11:19:11:25 | request | django.request.HttpRequest |
|
||||
| test.py:11:28:11:31 | path | externally controlled string |
|
||||
| views.py:6:19:6:25 | request | django.request.HttpRequest |
|
||||
| views.py:6:28:6:30 | foo | externally controlled string |
|
||||
| views.py:6:33:6:35 | bar | externally controlled string |
|
||||
| views.py:10:20:10:26 | request | django.request.HttpRequest |
|
||||
| views.py:14:21:14:27 | request | django.request.HttpRequest |
|
||||
| views.py:22:20:22:26 | request | django.request.HttpRequest |
|
||||
| views.py:28:19:28:25 | request | django.request.HttpRequest |
|
||||
| views.py:32:19:32:25 | request | django.request.HttpRequest |
|
||||
| views.py:32:28:32:38 | page_number | externally controlled string |
|
||||
| views.py:37:24:37:30 | request | django.request.HttpRequest |
|
||||
| views.py:37:33:37:36 | arg0 | externally controlled string |
|
||||
| views.py:37:39:37:42 | arg1 | externally controlled string |
|
||||
| views.py:57:15:57:21 | request | django.request.HttpRequest |
|
||||
| views.py:57:24:57:31 | username | externally controlled string |
|
||||
| views.py:66:30:66:36 | request | django.request.HttpRequest |
|
||||
7
python/ql/test/library-tests/web/django/HttpSources.ql
Normal file
7
python/ql/test/library-tests/web/django/HttpSources.ql
Normal file
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpRequestTaintSource source, TaintKind kind
|
||||
where source.isSourceOf(kind)
|
||||
select source.(ControlFlowNode).getNode(), kind
|
||||
@@ -1,16 +0,0 @@
|
||||
| sql.py:13 | Str | externally controlled string |
|
||||
| sql.py:14 | Str | externally controlled string |
|
||||
| sql.py:17 | BinaryExpr | externally controlled string |
|
||||
| sql.py:20 | BinaryExpr | externally controlled string |
|
||||
| sql.py:21 | BinaryExpr | externally controlled string |
|
||||
| sql.py:22 | BinaryExpr | externally controlled string |
|
||||
| sql.py:36 | Str | externally controlled string |
|
||||
| sql.py:42 | BinaryExpr | externally controlled string |
|
||||
| sql.py:47 | BinaryExpr | externally controlled string |
|
||||
| views.py:7 | Attribute() | externally controlled string |
|
||||
| views.py:11 | Attribute() | externally controlled string |
|
||||
| views.py:15 | Attribute() | externally controlled string |
|
||||
| views.py:23 | Attribute() | externally controlled string |
|
||||
| views.py:29 | Attribute() | externally controlled string |
|
||||
| views.py:34 | Attribute() | externally controlled string |
|
||||
| views.py:38 | Attribute() | externally controlled string |
|
||||
@@ -1,13 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.web.django.Db
|
||||
import semmle.python.web.django.Model
|
||||
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from TaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink.getLocation().toString(), sink.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,19 +0,0 @@
|
||||
| test.py:5 | path | externally controlled string |
|
||||
| test.py:5 | request | django.request.HttpRequest |
|
||||
| test.py:11 | path | externally controlled string |
|
||||
| test.py:11 | request | django.request.HttpRequest |
|
||||
| views.py:6 | bar | externally controlled string |
|
||||
| views.py:6 | foo | externally controlled string |
|
||||
| views.py:6 | request | django.request.HttpRequest |
|
||||
| views.py:10 | request | django.request.HttpRequest |
|
||||
| views.py:14 | request | django.request.HttpRequest |
|
||||
| views.py:22 | request | django.request.HttpRequest |
|
||||
| views.py:28 | request | django.request.HttpRequest |
|
||||
| views.py:32 | page_number | externally controlled string |
|
||||
| views.py:32 | request | django.request.HttpRequest |
|
||||
| views.py:37 | arg0 | externally controlled string |
|
||||
| views.py:37 | arg1 | externally controlled string |
|
||||
| views.py:37 | request | django.request.HttpRequest |
|
||||
| views.py:57 | request | django.request.HttpRequest |
|
||||
| views.py:57 | username | externally controlled string |
|
||||
| views.py:66 | request | django.request.HttpRequest |
|
||||
@@ -1,10 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintSource src, TaintKind kind
|
||||
where src.isSourceOf(kind)
|
||||
select src.getLocation().toString(), src.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -0,0 +1,9 @@
|
||||
| sql.py:13:24:13:64 | db.connection.execute | externally controlled string |
|
||||
| sql.py:14:26:14:66 | django.models.QuerySet.raw(sink,...) | externally controlled string |
|
||||
| sql.py:17:24:17:77 | db.connection.execute | externally controlled string |
|
||||
| sql.py:20:38:20:95 | django.db.models.expressions.RawSQL(sink,...) | externally controlled string |
|
||||
| sql.py:21:26:21:83 | django.models.QuerySet.raw(sink,...) | externally controlled string |
|
||||
| sql.py:22:28:22:85 | django.models.QuerySet.extra(sink,...) | externally controlled string |
|
||||
| sql.py:36:26:36:68 | django.models.QuerySet.raw(sink,...) | externally controlled string |
|
||||
| sql.py:42:11:42:52 | django.models.QuerySet.raw(sink,...) | externally controlled string |
|
||||
| sql.py:47:13:47:54 | django.models.QuerySet.extra(sink,...) | externally controlled string |
|
||||
@@ -0,0 +1,9 @@
|
||||
import python
|
||||
import semmle.python.security.injection.Sql
|
||||
import semmle.python.web.django.Db
|
||||
import semmle.python.web.django.Model
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from SqlInjectionSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink, kind
|
||||
@@ -0,0 +1 @@
|
||||
| FIXME: temporarily disabled since it's not working |
|
||||
@@ -0,0 +1,8 @@
|
||||
import python
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
// from HttpResponseTaintSink sink, TaintKind kind
|
||||
// where sink.sinks(kind)
|
||||
// select sink, kind
|
||||
select "FIXME: temporarily disabled since it's not working"
|
||||
@@ -0,0 +1,3 @@
|
||||
| test.py:9:22:9:24 | req | falcon.request |
|
||||
| test.py:19:23:19:25 | req | falcon.request |
|
||||
| test.py:22:25:22:27 | req | falcon.request |
|
||||
7
python/ql/test/library-tests/web/falcon/HttpSources.ql
Normal file
7
python/ql/test/library-tests/web/falcon/HttpSources.ql
Normal file
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpRequestTaintSource source, TaintKind kind
|
||||
where source.isSourceOf(kind)
|
||||
select source.(ControlFlowNode).getNode(), kind
|
||||
@@ -1,8 +1,5 @@
|
||||
import python
|
||||
|
||||
import semmle.python.web.falcon.General
|
||||
|
||||
from FalconRoute route, string method
|
||||
|
||||
select route.getUrl(), method, route.getHandlerFunction(method)
|
||||
|
||||
|
||||
@@ -1,6 +1,4 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
| test.py:9 | req | falcon.request |
|
||||
| test.py:19 | req | falcon.request |
|
||||
| test.py:22 | req | falcon.request |
|
||||
@@ -1,10 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintSource src, TaintKind kind
|
||||
where src.isSourceOf(kind) and not kind.matches("tornado%")
|
||||
select src.getLocation().toString(), src.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,12 +1,8 @@
|
||||
|
||||
import python
|
||||
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintedNode node
|
||||
where node.getLocation().getFile().getShortName() = "test.py"
|
||||
select node.getLocation().toString(), node.getAstNode().toString(), node.getTaintKind()
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
| test.py:8:12:8:25 | flask.routed.response | externally controlled string |
|
||||
| test.py:29:12:29:38 | flask.routed.response | externally controlled string |
|
||||
| test.py:35:16:35:37 | flask.routed.response | externally controlled string |
|
||||
| test.py:36:12:36:15 | flask.routed.response | externally controlled string |
|
||||
| test.py:41:12:41:54 | flask.routed.response | externally controlled string |
|
||||
| test.py:41:26:41:53 | flask.response.argument | externally controlled string |
|
||||
| test.py:46:12:46:62 | flask.routed.response | externally controlled string |
|
||||
| test.py:46:26:46:61 | flask.response.argument | externally controlled string |
|
||||
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpResponseTaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink, kind
|
||||
@@ -0,0 +1,5 @@
|
||||
| test.py:29:12:29:23 | Attribute | {externally controlled string} |
|
||||
| test.py:33:9:33:20 | Attribute | {externally controlled string} |
|
||||
| test.py:35:16:35:27 | Attribute | {externally controlled string} |
|
||||
| test.py:40:18:40:29 | Attribute | {externally controlled string} |
|
||||
| test.py:45:18:45:29 | Attribute | {externally controlled string} |
|
||||
7
python/ql/test/library-tests/web/flask/HttpSources.ql
Normal file
7
python/ql/test/library-tests/web/flask/HttpSources.ql
Normal file
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpRequestTaintSource source, TaintKind kind
|
||||
where source.isSourceOf(kind)
|
||||
select source.(ControlFlowNode).getNode(), kind
|
||||
@@ -1,9 +1,6 @@
|
||||
import python
|
||||
|
||||
import semmle.python.web.flask.General
|
||||
|
||||
from ControlFlowNode regex, Function func
|
||||
|
||||
where flask_routing(regex, func)
|
||||
|
||||
select regex.getNode().(StrConst).getText(), func.toString()
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
| test.py:8 | Str | externally controlled string |
|
||||
| test.py:29 | Attribute() | externally controlled string |
|
||||
| test.py:35 | Subscript | externally controlled string |
|
||||
| test.py:36 | None | externally controlled string |
|
||||
| test.py:41 | BinaryExpr | externally controlled string |
|
||||
| test.py:41 | make_response() | externally controlled string |
|
||||
| test.py:46 | BinaryExpr | externally controlled string |
|
||||
| test.py:46 | make_response() | externally controlled string |
|
||||
@@ -1,10 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from TaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink.getLocation().toString(), sink.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,6 +0,0 @@
|
||||
| test.py:22 | Attribute() | flask/MyView.as.view |
|
||||
| test.py:29 | Attribute | {externally controlled string} |
|
||||
| test.py:33 | Attribute | {externally controlled string} |
|
||||
| test.py:35 | Attribute | {externally controlled string} |
|
||||
| test.py:40 | Attribute | {externally controlled string} |
|
||||
| test.py:45 | Attribute | {externally controlled string} |
|
||||
@@ -1,11 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintSource src, TaintKind kind
|
||||
where src.isSourceOf(kind)
|
||||
select src.getLocation().toString(), src.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,12 +1,8 @@
|
||||
|
||||
import python
|
||||
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintedNode node
|
||||
where node.getLocation().getFile().getShortName() = "test.py"
|
||||
select node.getLocation().toString(), node.getAstNode().toString(), node.getTaintKind()
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
| test.py:8:12:8:31 | pyramid.routed.response | externally controlled string |
|
||||
| test.py:17:12:17:41 | pyramid.routed.response | externally controlled string |
|
||||
| test.py:25:12:25:43 | pyramid.routed.response | externally controlled string |
|
||||
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpResponseTaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink, kind
|
||||
@@ -0,0 +1,3 @@
|
||||
| test.py:7:10:7:16 | request | pyramid.request |
|
||||
| test.py:15:11:15:17 | request | pyramid.request |
|
||||
| test.py:24:11:24:17 | request | pyramid.request |
|
||||
7
python/ql/test/library-tests/web/pyramid/HttpSources.ql
Normal file
7
python/ql/test/library-tests/web/pyramid/HttpSources.ql
Normal file
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpRequestTaintSource source, TaintKind kind
|
||||
where source.isSourceOf(kind)
|
||||
select source.(ControlFlowNode).getNode(), kind
|
||||
@@ -1,9 +1,6 @@
|
||||
import python
|
||||
|
||||
import semmle.python.web.pyramid.View
|
||||
|
||||
from Function func
|
||||
|
||||
where is_pyramid_view_function(func)
|
||||
|
||||
select func.getLocation().toString(), func.toString()
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
| test.py:8 | Response() | externally controlled string |
|
||||
| test.py:17 | Response() | externally controlled string |
|
||||
| test.py:25 | Dict | externally controlled string |
|
||||
@@ -1,11 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind) and sink.getLocation().getFile().getShortName() = "test.py"
|
||||
select sink.getLocation().toString(), sink.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,3 +0,0 @@
|
||||
| test.py:7 | request | pyramid.request |
|
||||
| test.py:15 | request | pyramid.request |
|
||||
| test.py:24 | request | pyramid.request |
|
||||
@@ -1,11 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintSource src, TaintKind kind
|
||||
where src.isSourceOf(kind)
|
||||
select src.getLocation().toString(), src.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,11 +1,8 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from TaintedNode node
|
||||
where node.getLocation().getFile().getShortName() = "test.py"
|
||||
|
||||
select node.getLocation().toString(), node.getAstNode().toString(), node.getTaintKind()
|
||||
|
||||
@@ -1,9 +1,7 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.TestUtils
|
||||
|
||||
import semmle.python.web.tornado.Tornado
|
||||
|
||||
from ClassValue cls
|
||||
where cls = aTornadoRequestHandlerClass()
|
||||
select remove_library_prefix(cls.getScope().getLocation()), cls.toString()
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
| test.py:20:23:20:25 | tornado.HttpRequestHandler.redirect | externally controlled string |
|
||||
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpRedirect
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpRedirectTaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink, kind
|
||||
@@ -0,0 +1,3 @@
|
||||
| test.py:6:20:6:43 | tornado.HttpRequestHandler.write | externally controlled string |
|
||||
| test.py:12:20:12:23 | tornado.HttpRequestHandler.write | externally controlled string |
|
||||
| test.py:26:20:26:48 | tornado.HttpRequestHandler.write | externally controlled string |
|
||||
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpResponseTaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink, kind
|
||||
@@ -0,0 +1,4 @@
|
||||
| test.py:6:20:6:43 | Attribute() | externally controlled string |
|
||||
| test.py:10:16:10:40 | Attribute() | [externally controlled string] |
|
||||
| test.py:17:15:17:26 | Attribute | tornado.request.HttpRequest |
|
||||
| test.py:26:20:26:48 | Attribute() | externally controlled string |
|
||||
7
python/ql/test/library-tests/web/tornado/HttpSources.ql
Normal file
7
python/ql/test/library-tests/web/tornado/HttpSources.ql
Normal file
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpRequestTaintSource source, TaintKind kind
|
||||
where source.isSourceOf(kind)
|
||||
select source.(ControlFlowNode).getNode(), kind
|
||||
@@ -1,4 +0,0 @@
|
||||
| test.py:6 | Attribute() | externally controlled string |
|
||||
| test.py:12 | name | externally controlled string |
|
||||
| test.py:20 | url | externally controlled string |
|
||||
| test.py:26 | Attribute() | externally controlled string |
|
||||
@@ -1,11 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
import semmle.python.TestUtils
|
||||
|
||||
from TaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select remove_library_prefix(sink.getLocation()), sink.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,4 +0,0 @@
|
||||
| test.py:6 | Attribute() | externally controlled string |
|
||||
| test.py:10 | Attribute() | [externally controlled string] |
|
||||
| test.py:17 | Attribute | tornado.request.HttpRequest |
|
||||
| test.py:26 | Attribute() | externally controlled string |
|
||||
@@ -1,13 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.TestUtils
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintSource src, TaintKind kind
|
||||
where src.isSourceOf(kind)
|
||||
select remove_library_prefix(src.getLocation()), src.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,8 +1,5 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.TestUtils
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
@@ -11,4 +8,3 @@ from TaintedNode node
|
||||
// Add this restriction to keep Python2 and 3 results the same.
|
||||
where not exists(node.getContext().getCaller())
|
||||
select remove_library_prefix(node.getLocation()), node.getAstNode().toString(), node.getTaintKind()
|
||||
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.turbogears.TurboGears
|
||||
|
||||
from TurboGearsControllerMethod m
|
||||
select m
|
||||
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
| test.py:8:16:8:69 | TurboGears ControllerMethodReturnValue | externally controlled string |
|
||||
| test.py:14:16:14:50 | TurboGears ControllerMethodReturnValue | externally controlled string |
|
||||
| test.py:19:16:19:50 | TurboGears ControllerMethodReturnValue | externally controlled string |
|
||||
| test.py:23:16:23:50 | TurboGears ControllerMethodReturnValue | externally controlled string |
|
||||
| test.py:27:16:27:38 | TurboGears ControllerMethodTemplatedReturnValue | {externally controlled string} |
|
||||
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpResponseTaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink, kind
|
||||
@@ -0,0 +1,3 @@
|
||||
| test.py:18:43:18:43 | b | externally controlled string |
|
||||
| test.py:22:29:22:29 | a | externally controlled string |
|
||||
| test.py:22:37:22:37 | b | externally controlled string |
|
||||
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpRequestTaintSource source, TaintKind kind
|
||||
where source.isSourceOf(kind)
|
||||
select source.(ControlFlowNode).getNode(), kind
|
||||
@@ -1,5 +0,0 @@
|
||||
| test.py:8 | BinaryExpr | externally controlled string |
|
||||
| test.py:14 | BinaryExpr | externally controlled string |
|
||||
| test.py:19 | BinaryExpr | externally controlled string |
|
||||
| test.py:23 | BinaryExpr | externally controlled string |
|
||||
| test.py:27 | Dict | {externally controlled string} |
|
||||
@@ -1,10 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from TaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink.getLocation().toString(), sink.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,3 +0,0 @@
|
||||
| test.py:18 | b | externally controlled string |
|
||||
| test.py:22 | a | externally controlled string |
|
||||
| test.py:22 | b | externally controlled string |
|
||||
@@ -1,10 +0,0 @@
|
||||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintSource src, TaintKind kind
|
||||
where src.isSourceOf(kind)
|
||||
select src.getLocation().toString(), src.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,13 +1,7 @@
|
||||
|
||||
import python
|
||||
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintedNode node
|
||||
|
||||
select node.getLocation().toString(), node.getAstNode().toString(), node.getTaintKind()
|
||||
|
||||
|
||||
@@ -0,0 +1,10 @@
|
||||
| test.py:7:16:7:23 | Twisted response | externally controlled string |
|
||||
| test.py:14:16:14:23 | Twisted response | externally controlled string |
|
||||
| test.py:21:16:21:23 | Twisted response | externally controlled string |
|
||||
| test.py:36:16:36:37 | Twisted response | externally controlled string |
|
||||
| test.py:40:23:40:30 | Twisted request setter | externally controlled string |
|
||||
| test.py:44:27:44:31 | Twisted request setter | externally controlled string |
|
||||
| test.py:44:34:44:38 | Twisted request setter | externally controlled string |
|
||||
| test.py:45:27:45:31 | Twisted request setter | externally controlled string |
|
||||
| test.py:45:34:45:40 | Twisted request setter | externally controlled string |
|
||||
| test.py:46:16:46:37 | Twisted response | externally controlled string |
|
||||
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpResponseTaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink, kind
|
||||
@@ -0,0 +1,8 @@
|
||||
| test.py:4:22:4:28 | request | twisted.request.http.Request |
|
||||
| test.py:9:26:9:32 | request | twisted.request.http.Request |
|
||||
| test.py:16:27:16:33 | request | twisted.request.http.Request |
|
||||
| test.py:24:24:24:30 | request | twisted.request.http.Request |
|
||||
| test.py:28:22:28:30 | myrequest | twisted.request.http.Request |
|
||||
| test.py:31:27:31:37 | postrequest | twisted.request.http.Request |
|
||||
| test.py:39:22:39:28 | request | twisted.request.http.Request |
|
||||
| test.py:43:22:43:28 | request | twisted.request.http.Request |
|
||||
7
python/ql/test/library-tests/web/twisted/HttpSources.ql
Normal file
7
python/ql/test/library-tests/web/twisted/HttpSources.ql
Normal file
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from HttpRequestTaintSource source, TaintKind kind
|
||||
where source.isSourceOf(kind)
|
||||
select source.(ControlFlowNode).getNode(), kind
|
||||
@@ -1,8 +0,0 @@
|
||||
| test.py:7 | response | externally controlled string |
|
||||
| test.py:14 | response | externally controlled string |
|
||||
| test.py:21 | response | externally controlled string |
|
||||
| test.py:36 | do_stuff_with() | externally controlled string |
|
||||
| test.py:40 | Str | externally controlled string |
|
||||
| test.py:44 | Str | externally controlled string |
|
||||
| test.py:45 | Str | externally controlled string |
|
||||
| test.py:46 | Str | externally controlled string |
|
||||
@@ -1,10 +0,0 @@
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
import semmle.python.TestUtils
|
||||
|
||||
from TaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select remove_library_prefix(sink.getLocation()), sink.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,8 +0,0 @@
|
||||
| test.py:4 | request | twisted.request.http.Request |
|
||||
| test.py:9 | request | twisted.request.http.Request |
|
||||
| test.py:16 | request | twisted.request.http.Request |
|
||||
| test.py:24 | request | twisted.request.http.Request |
|
||||
| test.py:28 | myrequest | twisted.request.http.Request |
|
||||
| test.py:31 | postrequest | twisted.request.http.Request |
|
||||
| test.py:39 | request | twisted.request.http.Request |
|
||||
| test.py:43 | request | twisted.request.http.Request |
|
||||
@@ -1,11 +0,0 @@
|
||||
import python
|
||||
import semmle.python.TestUtils
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintSource src, TaintKind kind
|
||||
where src.isSourceOf(kind)
|
||||
select remove_library_prefix(src.getLocation()), src.(ControlFlowNode).getNode().toString(), kind
|
||||
@@ -1,11 +1,8 @@
|
||||
import python
|
||||
import semmle.python.TestUtils
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from TaintedNode node
|
||||
|
||||
select remove_library_prefix(node.getLocation()), node.getAstNode().toString(), node.getTaintKind()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user