Python: FastAPI: Model Cookie Writes

2026-05-03 12:45:27 +02:00 · 2021-09-23 10:00:45 +02:00
parent d34c5fd72f
commit c50c805f5f
2 changed files with 96 additions and 7 deletions
--- a/python/ql/test/library-tests/frameworks/fastapi/response_test.py
+++ b/python/ql/test/library-tests/frameworks/fastapi/response_test.py
@@ -7,18 +7,18 @@ app = FastAPI()


@app.get("/response_parameter") # $ routeSetup="/response_parameter"
-async def response_parameter(response: Response): # $ requestHandler SPURIOUS: routedParameter=response
-    response.set_cookie("key", "value") # $ MISSING: CookieWrite CookieName="key" CookieValue="value"
-    response.set_cookie(key="key", value="value") # $ MISSING: CookieWrite CookieName="key" CookieValue="value"
-    response.headers.append("Set-Cookie", "key2=value2") # $ MISSING: CookieWrite CookieRawHeader="key2=value2"
-    response.headers.append(key="Set-Cookie", value="key2=value2") # $ MISSING: CookieWrite CookieRawHeader="key2=value2"
+async def response_parameter(response: Response): # $ requestHandler
+    response.set_cookie("key", "value") # $ CookieWrite CookieName="key" CookieValue="value"
+    response.set_cookie(key="key", value="value") # $ CookieWrite CookieName="key" CookieValue="value"
+    response.headers.append("Set-Cookie", "key2=value2") # $ CookieWrite CookieRawHeader="key2=value2"
+    response.headers.append(key="Set-Cookie", value="key2=value2") # $ CookieWrite CookieRawHeader="key2=value2"
    response.headers["X-MyHeader"] = "header-value"
    response.status_code = 418
    return {"message": "response as parameter"} # $ HttpResponse mimetype=application/json responseBody=Dict


@app.get("/resp_parameter") # $ routeSetup="/resp_parameter"
-async def resp_parameter(resp: Response): # $ requestHandler SPURIOUS: routedParameter=resp
+async def resp_parameter(resp: Response): # $ requestHandler
    resp.status_code = 418
    return {"message": "resp as parameter"} # $ HttpResponse mimetype=application/json responseBody=Dict