Formatting

2025-12-16 16:53:25 +01:00 · 2024-09-03 14:34:25 -07:00
parent 581e7f5d3c
commit bd2564ee44
4 changed files with 14 additions and 9 deletions
--- a/python/ql/lib/change-notes/2024-08-30-bottle-tornado.md
+++ b/python/ql/lib/change-notes/2024-08-30-bottle-tornado.md
@@ -1,4 +0,0 @@
---
-category: majorAnalysis
---
-* Added modeling of the `bottle` and `tornado` framework, leading to new remote flow sources and header writes
--- a/python/ql/lib/change-notes/2024-08-30-bottle.md
+++ b/python/ql/lib/change-notes/2024-08-30-bottle.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Added modeling of the `bottle` framework, leading to new remote flow sources and header writes
--- a/python/ql/lib/semmle/python/frameworks/Bottle.qll
+++ b/python/ql/lib/semmle/python/frameworks/Bottle.qll
@@ -5,7 +5,6 @@

 private import python
 private import semmle.python.Concepts
-private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.ApiGraphs
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.frameworks.internal.InstanceTaintStepsHelper
@@ -17,14 +16,18 @@ private import semmle.python.frameworks.internal.InstanceTaintStepsHelper
 * See https://bottlepy.org/docs/dev/.
 */
 module Bottle {
-  module BottleModule {
-    API::Node bottle() { result = API::moduleImport("bottle") }
+  /** Gets a reference to the `bottle` module. */
+  API::Node bottle() { result = API::moduleImport("bottle") }

+  /** Provides models for the `bottle` module. */
+  module BottleModule {
+    /** Provides models for the `bottle.response` module */
    module Response {
+      /** Gets a reference to the `bottle.response` module. */
      API::Node response() { result = bottle().getMember("response") }

      /**
-       * A call to the `bottle.web.RequestHandler.set_header` or `bottle.web.RequestHandler.add_header` method.
+       * A call to the `bottle.BaseResponse.set_header` or `bottle.BaseResponse.add_header` method.
       *
       * See https://bottlepy.org/docs/dev/api.html#bottle.BaseResponse.set_header
       */
@@ -48,7 +51,9 @@ module Bottle {
        override predicate valueAllowsNewline() { none() }
      }

+      /** Provides models for the `bottle.request` module */
      module Request {
+        /** Gets a reference to the `bottle.request` module. */
        API::Node request() { result = bottle().getMember("request") }

        private class Request extends RemoteFlowSource::Range {
--- a/python/ql/test/library-tests/frameworks/bottle/ConceptsTest.ql
+++ b/python/ql/test/library-tests/frameworks/bottle/ConceptsTest.ql
@@ -1,2 +1,2 @@
 import python
-import experimental.meta.ConceptsTest
+import experimental.meta.ConceptsTest