hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

python: add apologetic comment

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2022-02-14 11:37:46 +01:00
parent f21ac04285
commit bd14adefa0
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll
View File

@@ -57,6 +57,11 @@ module LogInjection {
* A call to replace line breaks functions as a sanitizer.
*/
class ReplaceLineBreaksSanitizer extends Sanitizer, DataFlow::CallCfgNode {
// This is actually not safe:
// - we do not check that all kinds of line breaks are replaced
// - we do not check that one kind of line breaks is not replaced by another
// however, we lack a simple way to do better, and the query would likely
// be too noisy without this. Consider rewriting using flow states.
ReplaceLineBreaksSanitizer() {
this.getFunction().(DataFlow::AttrRead).getAttributeName() = "replace" and
this.getArg(0).asExpr().(StrConst).getText() in ["\r\n", "\n"]