hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add library tests for django.

Browse Source
This commit is contained in:
Mark Shannon
2019-04-12 16:14:14 +01:00
parent 46b9ef79b4
commit 90bbfd3b16
9 changed files with 79 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/test/library-tests/web/django/Sinks.expected Normal file
View File

@@ -0,0 +1,6 @@
| test.py:18 | Str | externally controlled string |
| test.py:21 | BinaryExpr | externally controlled string |
| test.py:24 | BinaryExpr | externally controlled string |
| test.py:25 | BinaryExpr | externally controlled string |
| test.py:26 | BinaryExpr | externally controlled string |
| test.py:34 | BinaryExpr | externally controlled string |

13
python/ql/test/library-tests/web/django/Sinks.ql Normal file
View File

@@ -0,0 +1,13 @@
import python
import semmle.python.web.HttpRequest
import semmle.python.web.HttpResponse
import semmle.python.web.django.Db
import semmle.python.web.django.Model
import semmle.python.security.strings.Untrusted
from TaintSink sink, TaintKind kind
where sink.sinks(kind)
select sink.getLocation().toString(), sink.(ControlFlowNode).getNode().toString(), kind

2
python/ql/test/library-tests/web/django/Sources.expected Normal file
View File

@@ -0,0 +1,2 @@
| test.py:11 | request | django.request.HttpRequest |
| test.py:31 | request | django.request.HttpRequest |

10
python/ql/test/library-tests/web/django/Sources.ql Normal file
View File

@@ -0,0 +1,10 @@
import python
import semmle.python.web.HttpRequest
import semmle.python.security.strings.Untrusted
from TaintSource src, TaintKind kind
where src.isSourceOf(kind)
select src.getLocation().toString(), src.(ControlFlowNode).getNode().toString(), kind

2
python/ql/test/library-tests/web/django/options Normal file
View File

@@ -0,0 +1,2 @@
semmle-extractor-options: --max-import-depth=3 --lang=3 -p ../../../query-tests/Security/lib/
optimize: true

40
python/ql/test/library-tests/web/django/test.py Normal file
View File

@@ -0,0 +1,40 @@
from django.conf.urls import patterns, url
from django.db import connection, models
from django.db.models.expressions import RawSQL
from django.http.response import HttpResponse
import base64
class Name(models.Model):
pass
def save_name(request):
if request.method == 'POST':
name = request.POST.get('name')
curs = connection.cursor()
#GOOD -- Using parameters
curs.execute(
"insert into names_file ('name') values ('%s')", name)
#BAD -- Using string formatting
curs.execute(
"insert into names_file ('name') values ('%s')" % name)
#BAD -- other ways of executing raw SQL code with string interpolation
Name.objects.annotate(RawSQL("insert into names_file ('name') values ('%s')" % name))
Name.objects.raw("insert into names_file ('name') values ('%s')" % name)
Name.objects.extra("insert into names_file ('name') values ('%s')" % name)
urlpatterns1 = patterns(url(r'^save_name/$',
save_name, name='save_name'))
def maybe_xss(request):
first_name = request.POST.get('first_name', '')
resp = HttpResponse()
resp.write("first name is " + first_name)
return resp
urlpatterns2 = [
# Route to code_execution
url(r'^maybe_xss$', maybe_xss, name='maybe_xss')
]