hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add jsonify XSS regression example

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2023-08-29 10:38:40 +02:00
parent 5f4861f72e
commit b36fd9fdab
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected
View File

@@ -3,6 +3,7 @@ edges
| reflected_xss.py:2:26:2:32 | GSSA Variable request | reflected_xss.py:9:18:9:24 | ControlFlowNode for request |
| reflected_xss.py:2:26:2:32 | GSSA Variable request | reflected_xss.py:21:23:21:29 | ControlFlowNode for request |
| reflected_xss.py:2:26:2:32 | GSSA Variable request | reflected_xss.py:27:23:27:29 | ControlFlowNode for request |
| reflected_xss.py:2:26:2:32 | GSSA Variable request | reflected_xss.py:33:12:33:18 | ControlFlowNode for request |
| reflected_xss.py:9:5:9:14 | SSA variable first_name | reflected_xss.py:10:26:10:53 | ControlFlowNode for BinaryExpr |
| reflected_xss.py:9:18:9:24 | ControlFlowNode for request | reflected_xss.py:9:18:9:29 | ControlFlowNode for Attribute |
| reflected_xss.py:9:18:9:29 | ControlFlowNode for Attribute | reflected_xss.py:9:18:9:45 | ControlFlowNode for Attribute() |
@@ -11,6 +12,8 @@ edges
| reflected_xss.py:21:23:21:29 | ControlFlowNode for request | reflected_xss.py:21:5:21:8 | SSA variable data |
| reflected_xss.py:27:5:27:8 | SSA variable data | reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() |
| reflected_xss.py:27:23:27:29 | ControlFlowNode for request | reflected_xss.py:27:5:27:8 | SSA variable data |
| reflected_xss.py:33:5:33:8 | SSA variable data | reflected_xss.py:34:20:34:23 | ControlFlowNode for data |
| reflected_xss.py:33:12:33:18 | ControlFlowNode for request | reflected_xss.py:33:5:33:8 | SSA variable data |
nodes
| reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| reflected_xss.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request |
@@ -25,8 +28,12 @@ nodes
| reflected_xss.py:27:5:27:8 | SSA variable data | semmle.label | SSA variable data |
| reflected_xss.py:27:23:27:29 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| reflected_xss.py:33:5:33:8 | SSA variable data | semmle.label | SSA variable data |
| reflected_xss.py:33:12:33:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| reflected_xss.py:34:20:34:23 | ControlFlowNode for data | semmle.label | ControlFlowNode for data |
subpaths
#select
| reflected_xss.py:10:26:10:53 | ControlFlowNode for BinaryExpr | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:10:26:10:53 | ControlFlowNode for BinaryExpr | Cross-site scripting vulnerability due to a $@. | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| reflected_xss.py:22:26:22:41 | ControlFlowNode for Attribute() | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:22:26:22:41 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to a $@. | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to a $@. | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
| reflected_xss.py:34:20:34:23 | ControlFlowNode for data | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:34:20:34:23 | ControlFlowNode for data | Cross-site scripting vulnerability due to a $@. | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |

8
python/ql/test/query-tests/Security/CWE-079-ReflectedXss/reflected_xss.py
View File

@@ -1,5 +1,5 @@
import json
from flask import Flask, request, make_response, escape
from flask import Flask, request, make_response, escape, jsonify
app = Flask(__name__)
@@ -26,3 +26,9 @@ def unsafe_json():
def safe_json():
data = json.loads(request.data)
return make_response(json.dumps(data), 200, {'Content-Type': 'application/json'}) # OK, FP
@app.route("/jsonify")
def jsonify():
data = request.data
return jsonify(data) # OK, FP