hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update HeaderDeclaration input naming

Browse Source
This commit is contained in:
jorgectf
2021-06-20 00:13:59 +02:00
parent 017a778a20
commit b10ade17be
5 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/experimental/semmle/python/Concepts.qll
View File

@@ -159,7 +159,7 @@ module HeaderDeclaration {
/**
* Gets the argument containing the header value.
*/
abstract DataFlow::Node getHeaderInput();
abstract DataFlow::Node getAnInput();
}
}
@@ -177,5 +177,5 @@ class HeaderDeclaration extends DataFlow::Node {
/**
* Gets the argument containing the header value.
*/
DataFlow::Node getHeaderInput() { result = range.getHeaderInput() }
DataFlow::Node getAnInput() { result = range.getAnInput() }
}

4
python/ql/src/experimental/semmle/python/frameworks/Django.qll
View File

@@ -56,7 +56,7 @@ private module PrivateDjango {
class DjangoResponseSetItemCall extends DataFlow::CallCfgNode, HeaderDeclaration::Range {
DjangoResponseSetItemCall() { this.getFunction() = headerSetItemCall() }
override DataFlow::Node getHeaderInput() { result = this.getArg([0, 1]) }
override DataFlow::Node getAnInput() { result = this.getArg([0, 1]) }
}
class DjangoResponseDefinition extends DataFlow::Node, HeaderDeclaration::Range {
@@ -67,7 +67,7 @@ private module PrivateDjango {
headerInput.asCfgNode() = this.asCfgNode().(DefinitionNode).getValue()
}
override DataFlow::Node getHeaderInput() {
override DataFlow::Node getAnInput() {
result.asExpr() in [headerInput.asExpr(), this.asExpr().(Subscript).getIndex()]
}
}

6
python/ql/src/experimental/semmle/python/frameworks/Flask.qll
View File

@@ -54,7 +54,7 @@ module ExperimentalFlask {
headerInput.asCfgNode() = this.asCfgNode().(DefinitionNode).getValue()
}
override DataFlow::Node getHeaderInput() {
override DataFlow::Node getAnInput() {
result.asExpr() in [headerInput.asExpr(), this.asExpr().(Subscript).getIndex()]
}
}
@@ -62,12 +62,12 @@ module ExperimentalFlask {
private class FlaskMakeResponseExtend extends DataFlow::CallCfgNode, HeaderDeclaration::Range {
FlaskMakeResponseExtend() { this.getFunction() = headerInstanceCall() }
override DataFlow::Node getHeaderInput() { result = this.getArg(_) }
override DataFlow::Node getAnInput() { result = this.getArg(_) }
}
private class FlaskResponse extends DataFlow::CallCfgNode, HeaderDeclaration::Range {
FlaskResponse() { this = Flask::Response::classRef().getACall() }
override DataFlow::Node getHeaderInput() { result = this.getArgByName("headers") }
override DataFlow::Node getAnInput() { result = this.getArgByName("headers") }
}
}

2
python/ql/src/experimental/semmle/python/frameworks/Werkzeug.qll
View File

@@ -24,7 +24,7 @@ private module Werkzeug {
this.getFunction().(DataFlow::AttrRead).getAttributeName() = "add"
}
override DataFlow::Node getHeaderInput() { result = this.getArg(_) }
override DataFlow::Node getAnInput() { result = this.getArg(_) }
}
}
}

2
python/ql/src/experimental/semmle/python/security/injection/HTTPHeaders.qll
View File

@@ -13,6 +13,6 @@ class HeaderInjectionFlowConfig extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) {
sink = any(HeaderDeclaration headerDeclaration).getHeaderInput()
sink = any(HeaderDeclaration headerDeclaration).getAnInput()
}
}