Python: Add responses to Falcon framework support.

2026-05-01 11:45:14 +02:00 · 2019-02-19 11:53:57 +00:00
parent 6a48420191
commit 9e268d77d0
6 changed files with 57 additions and 3 deletions
--- a/python/ql/src/semmle/python/web/HttpResponse.qll
+++ b/python/ql/src/semmle/python/web/HttpResponse.qll
@@ -5,3 +5,4 @@ import semmle.python.web.tornado.Response
 import semmle.python.web.twisted.Response
 import semmle.python.web.bottle.Response
 import semmle.python.web.turbogears.Response
+import semmle.python.web.falcon.Response
--- a/python/ql/src/semmle/python/web/falcon/Response.qll
+++ b/python/ql/src/semmle/python/web/falcon/Response.qll
@@ -0,0 +1,48 @@
+import python
+
+
+import semmle.python.security.TaintTracking
+import semmle.python.web.Http
+import semmle.python.web.falcon.General
+import semmle.python.security.strings.External
+
+
+/** https://falcon.readthedocs.io/en/stable/api/request_and_response.html */
+class FalconResponse extends TaintKind {
+
+    FalconResponse() {
+        this = "falcon.response"
+    }
+
+}
+
+class FalconResponseParameter extends TaintSource {
+
+    FalconResponseParameter() {
+        exists(FalconHandlerFunction f |
+            f.getResponse() = this.(ControlFlowNode).getNode()
+        )
+    }
+
+    override predicate isSourceOf(TaintKind k) {
+        k instanceof FalconResponse
+    }
+
+}
+
+class FalconResponseBodySink extends TaintSink {
+
+    FalconResponseBodySink() {
+        exists(AttrNode attr |
+            any(FalconResponse f).taints(attr.getObject("body")) |
+            attr.(DefinitionNode).getValue() = this
+        )
+    }
+
+    override predicate sinks(TaintKind kind) {
+        kind instanceof ExternalStringKind
+    }
+
+}
+
+
--- a/python/ql/test/library-tests/web/falcon/Routing.expected
+++ b/python/ql/test/library-tests/web/falcon/Routing.expected
@@ -1,2 +1,2 @@
 | /hello | get | test.py:9:5:9:32 | Function on_get |
-| /hello | post | test.py:12:5:12:33 | Function on_post |
+| /hello | post | test.py:19:5:19:33 | Function on_post |
--- a/python/ql/test/library-tests/web/falcon/Sinks.expected
+++ b/python/ql/test/library-tests/web/falcon/Sinks.expected
@@ -1 +1 @@
-fail
+| test.py:17 | Attribute() | externally controlled string |
--- a/python/ql/test/library-tests/web/falcon/Sources.expected
+++ b/python/ql/test/library-tests/web/falcon/Sources.expected
@@ -1 +1,2 @@
-fail
+| test.py:9 | req | falcon.request |
+| test.py:19 | req | falcon.request |
--- a/python/ql/test/library-tests/web/falcon/Taint.expected
+++ b/python/ql/test/library-tests/web/falcon/Taint.expected
@@ -1,14 +1,18 @@
 | test.py:9 | req | falcon.request |
+| test.py:9 | resp | falcon.response |
 | test.py:10 | Attribute | file[externally controlled string] |
 | test.py:10 | Attribute() | externally controlled string |
 | test.py:10 | req | falcon.request |
 | test.py:11 | Attribute() | externally controlled string |
 | test.py:11 | Attribute() | json[externally controlled string] |
 | test.py:11 | raw_json | externally controlled string |
+| test.py:12 | resp | falcon.response |
 | test.py:13 | Dict | {externally controlled string} |
 | test.py:13 | Dict | {json[externally controlled string]} |
 | test.py:15 | result | externally controlled string |
 | test.py:15 | result | json[externally controlled string] |
+| test.py:17 | resp | falcon.response |
 | test.py:17 | result | {externally controlled string} |
 | test.py:17 | result | {json[externally controlled string]} |
 | test.py:19 | req | falcon.request |
+| test.py:19 | resp | falcon.response |