hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix up some typos for bottle and add a few more tests.

Browse Source
This commit is contained in:
Mark Shannon
2019-02-11 14:33:49 +00:00
parent aab0a243dc
commit b644891e53
7 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/semmle/python/web/bottle/General.qll
View File

@@ -2,12 +2,12 @@ import python
import semmle.python.web.Http
import semmle.python.types.Extensions
/** The flask module */
/** The bottle module */
ModuleObject theBottleModule() {
result = ModuleObject::named("bottle")
}
/** The flask app class */
/** The bottle.Bottle class */
ClassObject theBottleClass() {
result = ModuleObject::named("bottle").getAttribute("Bottle")
}

6
python/ql/src/semmle/python/web/bottle/Response.qll
View File

@@ -6,7 +6,7 @@ import semmle.python.web.Http
import semmle.python.web.bottle.General
/** A django.http.response.Response object
/** A bottle.Response object
* This isn't really a "taint", but we use the value tracking machinery to
* track the flow of response objects.
*/
@@ -19,7 +19,7 @@ class BottleResponse extends TaintKind {
}
private Object theBottleResponseObject() {
result = theBottleModule().getAttribute("request")
result = theBottleModule().getAttribute("response")
}
class BottleResponseBodyAssignment extends TaintSink {
@@ -32,7 +32,7 @@ class BottleResponseBodyAssignment extends TaintSink {
}
override predicate sinks(TaintKind kind) {
kind instanceof StringKind
kind instanceof UntrustedStringKind
}
}