mirror of
https://github.com/github/codeql.git
synced 2026-04-30 03:05:15 +02:00
Python: Autoformat (4 spaces) falcon library
This commit is contained in:
Rasmus Wriedt Larsen
@@ -1,15 +1,10 @@
|
||||
import python
|
||||
import semmle.python.web.Http
|
||||
|
||||
|
||||
/** The falcon API class */
|
||||
ClassValue theFalconAPIClass() {
|
||||
result = Value::named("falcon.API")
|
||||
}
|
||||
ClassValue theFalconAPIClass() { result = Value::named("falcon.API") }
|
||||
|
||||
|
||||
/** Holds if `route` is routed to `resource`
|
||||
*/
|
||||
/** Holds if `route` is routed to `resource` */
|
||||
private predicate api_route(CallNode route_call, ControlFlowNode route, ClassValue resource) {
|
||||
route_call.getFunction().(AttrNode).getObject("add_route").pointsTo().getClass() = theFalconAPIClass() and
|
||||
route_call.getArg(0) = route and
|
||||
@@ -21,10 +16,7 @@ private predicate route(FalconRoute route, Function target, string funcname) {
|
||||
}
|
||||
|
||||
class FalconRoute extends ControlFlowNode {
|
||||
|
||||
FalconRoute() {
|
||||
api_route(this, _, _)
|
||||
}
|
||||
FalconRoute() { api_route(this, _, _) }
|
||||
|
||||
string getUrl() {
|
||||
exists(StrConst url |
|
||||
@@ -33,36 +25,19 @@ class FalconRoute extends ControlFlowNode {
|
||||
)
|
||||
}
|
||||
|
||||
ClassValue getResourceClass() {
|
||||
api_route(this, _, result)
|
||||
}
|
||||
|
||||
FalconHandlerFunction getHandlerFunction(string method) {
|
||||
route(this, result, method)
|
||||
}
|
||||
ClassValue getResourceClass() { api_route(this, _, result) }
|
||||
|
||||
FalconHandlerFunction getHandlerFunction(string method) { route(this, result, method) }
|
||||
}
|
||||
|
||||
class FalconHandlerFunction extends Function {
|
||||
FalconHandlerFunction() { route(_, this, _) }
|
||||
|
||||
FalconHandlerFunction() {
|
||||
route(_, this, _)
|
||||
}
|
||||
private string methodName() { route(_, this, result) }
|
||||
|
||||
private string methodName() {
|
||||
route(_, this, result)
|
||||
}
|
||||
string getMethod() { result = this.methodName().toUpperCase() }
|
||||
|
||||
string getMethod() {
|
||||
result = this.methodName().toUpperCase()
|
||||
}
|
||||
|
||||
Parameter getRequest() {
|
||||
result = this.getArg(1)
|
||||
}
|
||||
|
||||
Parameter getResponse() {
|
||||
result = this.getArg(2)
|
||||
}
|
||||
Parameter getRequest() { result = this.getArg(1) }
|
||||
|
||||
Parameter getResponse() { result = this.getArg(2) }
|
||||
}
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
import python
|
||||
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.web.Http
|
||||
import semmle.python.web.falcon.General
|
||||
@@ -7,26 +6,22 @@ import semmle.python.security.strings.External
|
||||
|
||||
/** https://falcon.readthedocs.io/en/stable/api/request_and_response.html */
|
||||
class FalconRequest extends TaintKind {
|
||||
|
||||
FalconRequest() {
|
||||
this = "falcon.request"
|
||||
}
|
||||
FalconRequest() { this = "falcon.request" }
|
||||
|
||||
override TaintKind getTaintOfAttribute(string name) {
|
||||
name = "env" and result instanceof WsgiEnvironment
|
||||
or
|
||||
result instanceof ExternalStringKind and
|
||||
(
|
||||
name = "uri" or name = "url" or
|
||||
name = "uri" or
|
||||
name = "url" or
|
||||
name = "forwarded_uri" or
|
||||
name = "relative_uri" or
|
||||
name = "query_string"
|
||||
)
|
||||
or
|
||||
result instanceof ExternalStringDictKind and
|
||||
(
|
||||
name = "cookies" or name = "params"
|
||||
)
|
||||
(name = "cookies" or name = "params")
|
||||
or
|
||||
name = "stream" and result instanceof ExternalFileObject
|
||||
}
|
||||
@@ -41,16 +36,9 @@ class FalconRequest extends TaintKind {
|
||||
}
|
||||
|
||||
class FalconRequestParameter extends TaintSource {
|
||||
|
||||
FalconRequestParameter() {
|
||||
exists(FalconHandlerFunction f |
|
||||
f.getRequest() = this.(ControlFlowNode).getNode()
|
||||
)
|
||||
}
|
||||
|
||||
override predicate isSourceOf(TaintKind k) {
|
||||
k instanceof FalconRequest
|
||||
exists(FalconHandlerFunction f | f.getRequest() = this.(ControlFlowNode).getNode())
|
||||
}
|
||||
|
||||
override predicate isSourceOf(TaintKind k) { k instanceof FalconRequest }
|
||||
}
|
||||
|
||||
|
||||
@@ -1,48 +1,28 @@
|
||||
import python
|
||||
|
||||
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.web.Http
|
||||
import semmle.python.web.falcon.General
|
||||
import semmle.python.security.strings.External
|
||||
|
||||
|
||||
/** https://falcon.readthedocs.io/en/stable/api/request_and_response.html */
|
||||
class FalconResponse extends TaintKind {
|
||||
|
||||
FalconResponse() {
|
||||
this = "falcon.response"
|
||||
}
|
||||
|
||||
FalconResponse() { this = "falcon.response" }
|
||||
}
|
||||
|
||||
class FalconResponseParameter extends TaintSource {
|
||||
|
||||
FalconResponseParameter() {
|
||||
exists(FalconHandlerFunction f |
|
||||
f.getResponse() = this.(ControlFlowNode).getNode()
|
||||
)
|
||||
}
|
||||
|
||||
override predicate isSourceOf(TaintKind k) {
|
||||
k instanceof FalconResponse
|
||||
exists(FalconHandlerFunction f | f.getResponse() = this.(ControlFlowNode).getNode())
|
||||
}
|
||||
|
||||
override predicate isSourceOf(TaintKind k) { k instanceof FalconResponse }
|
||||
}
|
||||
|
||||
class FalconResponseBodySink extends HttpResponseTaintSink {
|
||||
|
||||
FalconResponseBodySink() {
|
||||
exists(AttrNode attr |
|
||||
any(FalconResponse f).taints(attr.getObject("body")) |
|
||||
exists(AttrNode attr | any(FalconResponse f).taints(attr.getObject("body")) |
|
||||
attr.(DefinitionNode).getValue() = this
|
||||
)
|
||||
}
|
||||
|
||||
override predicate sinks(TaintKind kind) {
|
||||
kind instanceof StringKind
|
||||
}
|
||||
|
||||
override predicate sinks(TaintKind kind) { kind instanceof StringKind }
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user