From cb1efa915e4d86bd83f2008fe003b96fe70f454a Mon Sep 17 00:00:00 2001
From: Taus <tausbn@github.com>
Date: Mon, 25 Sep 2023 13:24:07 +0000
Subject: [PATCH] Python: Add Flask response model

---
 python/ql/lib/semmle/python/frameworks/Flask.qll | 2 ++
 python/ql/src/meta/ClassHierarchy/Find.ql        | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/python/ql/lib/semmle/python/frameworks/Flask.qll b/python/ql/lib/semmle/python/frameworks/Flask.qll
index 8ae175eb9cf..d6c7a0c48f8 100644
--- a/python/ql/lib/semmle/python/frameworks/Flask.qll
+++ b/python/ql/lib/semmle/python/frameworks/Flask.qll
@@ -111,6 +111,8 @@ module Flask {
       result = API::moduleImport("flask").getMember("Response")
       or
       result = [FlaskApp::classRef(), FlaskApp::instance()].getMember("response_class")
+      or
+      result = ModelOutput::getATypeNode("flask.Response~Subclass").getASubclass*()
     }
 
     /**
diff --git a/python/ql/src/meta/ClassHierarchy/Find.ql b/python/ql/src/meta/ClassHierarchy/Find.ql
index 3c77926b772..2e8bf311729 100644
--- a/python/ql/src/meta/ClassHierarchy/Find.ql
+++ b/python/ql/src/meta/ClassHierarchy/Find.ql
@@ -208,6 +208,12 @@ class DjangoHttpResponseFileResponse extends FindSubclassesSpec {
   }
 }
 
+class FlaskResponse extends FindSubclassesSpec {
+  FlaskResponse() { this = "flask.Response~Subclass" }
+
+  override API::Node getAlreadyModeledClass() { result = Flask::Response::classRef() }
+}
+
 bindingset[fullyQualified]
 predicate fullyQualifiedToYamlFormat(string fullyQualified, string type2, string path) {
   exists(int firstDot | firstDot = fullyQualified.indexOf(".", 0, 0) |