hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

python: add apologetic comment

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2022-02-14 11:37:46 +01:00
parent f21ac04285
commit bd14adefa0
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll
View File

@@ -57,6 +57,11 @@ module LogInjection {
* A call to replace line breaks functions as a sanitizer. * A call to replace line breaks functions as a sanitizer.
*/ */
class ReplaceLineBreaksSanitizer extends Sanitizer, DataFlow::CallCfgNode { class ReplaceLineBreaksSanitizer extends Sanitizer, DataFlow::CallCfgNode {
// This is actually not safe:
// - we do not check that all kinds of line breaks are replaced
// - we do not check that one kind of line breaks is not replaced by another
// however, we lack a simple way to do better, and the query would likely
// be too noisy without this. Consider rewriting using flow states.
ReplaceLineBreaksSanitizer() { ReplaceLineBreaksSanitizer() {
this.getFunction().(DataFlow::AttrRead).getAttributeName() = "replace" and this.getFunction().(DataFlow::AttrRead).getAttributeName() = "replace" and
this.getArg(0).asExpr().(StrConst).getText() in ["\r\n", "\n"] this.getArg(0).asExpr().(StrConst).getText() in ["\r\n", "\n"]