Python: Django: Don't require viewFunction to mark as route

It's very nice to be able to see all the DjangoRoutes even if we don't know the function that is used to handle the request, at least for debugging.
2026-05-01 03:35:13 +02:00 · 2020-03-11 12:34:43 +01:00
parent 2da1503942
commit b760b1f1f2
1 changed files with 7 additions and 20 deletions
--- a/python/ql/src/semmle/python/web/django/General.qll
+++ b/python/ql/src/semmle/python/web/django/General.qll
@@ -6,7 +6,11 @@ import semmle.python.web.Http
 // a FunctionValue, so we can't use `FunctionValue.getArgumentForCall`
 // https://github.com/django/django/blob/master/django/urls/conf.py#L76
 abstract class DjangoRoute extends CallNode {
-    abstract FunctionValue getViewFunction();
+    FunctionValue getViewFunction() {
+        result = this.getArg(1).pointsTo()
+        or
+        result = this.getArgByName("view").pointsTo()
+    }

    abstract string getANamedArgument();

@@ -25,14 +29,12 @@ class DjangoRouteRegex extends RegexString {

 class DjangoRegexRoute extends DjangoRoute {
    ControlFlowNode route;
-    FunctionValue view;

    DjangoRegexRoute() {
        exists(FunctionValue route_maker |
-            // Django 1.x
+            // Django 1.x: https://docs.djangoproject.com/en/1.11/ref/urls/#django.conf.urls.url
            Value::named("django.conf.urls.url") = route_maker and
-            route_maker.getArgumentForCall(this, 0) = route and
-            route_maker.getArgumentForCall(this, 1).pointsTo(view)
+            route_maker.getArgumentForCall(this, 0) = route
        )
        or
        // Django 2.x and 3.x: https://docs.djangoproject.com/en/3.0/ref/urls/#re-path
@@ -41,16 +43,9 @@ class DjangoRegexRoute extends DjangoRoute {
            route = this.getArg(0)
            or
            route = this.getArgByName("route")
-        ) and
-        (
-            this.getArg(1).pointsTo(view)
-            or
-            this.getArgByName("view").pointsTo(view)
        )
    }

-    override FunctionValue getViewFunction() { result = view }
-
    ControlFlowNode getRouteArg() { result = route }

    override string getANamedArgument() {
@@ -69,7 +64,6 @@ class DjangoRegexRoute extends DjangoRoute {

 class DjangoPathRoute extends DjangoRoute {
    ControlFlowNode route;
-    FunctionValue view;

    DjangoPathRoute() {
        // Django 2.x and 3.x: https://docs.djangoproject.com/en/3.0/ref/urls/#path
@@ -78,16 +72,9 @@ class DjangoPathRoute extends DjangoRoute {
            route = this.getArg(0)
            or
            route = this.getArgByName("route")
-        ) and
-        (
-            this.getArg(1).pointsTo(view)
-            or
-            this.getArgByName("view").pointsTo(view)
        )
    }

-    override FunctionValue getViewFunction() { result = view }
-
    override string getANamedArgument() {
        // regexp taken from django:
        // https://github.com/django/django/blob/7d1bf29977bb368d7c28e7c6eb146db3b3009ae7/django/urls/resolvers.py#L199