hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Formatting

Browse Source
This commit is contained in:
Kevin Stubbings
2024-09-03 14:34:25 -07:00
parent 581e7f5d3c
commit bd2564ee44
4 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/lib/change-notes/2024-08-30-bottle-tornado.md
View File

@@ -1,4 +0,0 @@
---
category: majorAnalysis
---
* Added modeling of the `bottle` and `tornado` framework, leading to new remote flow sources and header writes

4
python/ql/lib/change-notes/2024-08-30-bottle.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: majorAnalysis
---
* Added modeling of the `bottle` framework, leading to new remote flow sources and header writes

13
python/ql/lib/semmle/python/frameworks/Bottle.qll
View File

@@ -5,7 +5,6 @@
private import python private import python
private import semmle.python.Concepts private import semmle.python.Concepts
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.ApiGraphs private import semmle.python.ApiGraphs
private import semmle.python.dataflow.new.RemoteFlowSources private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.frameworks.internal.InstanceTaintStepsHelper private import semmle.python.frameworks.internal.InstanceTaintStepsHelper
@@ -17,14 +16,18 @@ private import semmle.python.frameworks.internal.InstanceTaintStepsHelper
* See https://bottlepy.org/docs/dev/. * See https://bottlepy.org/docs/dev/.
*/ */
module Bottle { module Bottle {
module BottleModule { /** Gets a reference to the `bottle` module. */
API::Node bottle() { result = API::moduleImport("bottle") } API::Node bottle() { result = API::moduleImport("bottle") }
/** Provides models for the `bottle` module. */
module BottleModule {
/** Provides models for the `bottle.response` module */
module Response { module Response {
/** Gets a reference to the `bottle.response` module. */
API::Node response() { result = bottle().getMember("response") } API::Node response() { result = bottle().getMember("response") }
/** /**
* A call to the `bottle.web.RequestHandler.set_header` or `bottle.web.RequestHandler.add_header` method. * A call to the `bottle.BaseResponse.set_header` or `bottle.BaseResponse.add_header` method.
* *
* See https://bottlepy.org/docs/dev/api.html#bottle.BaseResponse.set_header * See https://bottlepy.org/docs/dev/api.html#bottle.BaseResponse.set_header
*/ */
@@ -48,7 +51,9 @@ module Bottle {
override predicate valueAllowsNewline() { none() } override predicate valueAllowsNewline() { none() }
} }
/** Provides models for the `bottle.request` module */
module Request { module Request {
/** Gets a reference to the `bottle.request` module. */
API::Node request() { result = bottle().getMember("request") } API::Node request() { result = bottle().getMember("request") }
private class Request extends RemoteFlowSource::Range { private class Request extends RemoteFlowSource::Range {

2
python/ql/test/library-tests/frameworks/bottle/ConceptsTest.ql
View File

@@ -1,2 +1,2 @@
import python import python
import experimental.meta.ConceptsTest import experimental.meta.ConceptsTest