Python: Move py/incomplete-hostname-regexp tests to own folder

2026-05-05 05:35:13 +02:00 · 2021-07-19 16:48:21 +02:00
parent 7939a1372e
commit da021feb8b
3 changed files with 0 additions and 0 deletions
--- a/python/ql/test/query-tests/Security/CWE-020-IncompleteHostnameRegExp/IncompleteHostnameRegExp.expected
+++ b/python/ql/test/query-tests/Security/CWE-020-IncompleteHostnameRegExp/IncompleteHostnameRegExp.expected
@@ -0,0 +1 @@
+| hosttest.py:6:27:6:51 | Str | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
--- a/python/ql/test/query-tests/Security/CWE-020-IncompleteHostnameRegExp/IncompleteHostnameRegExp.qlref
+++ b/python/ql/test/query-tests/Security/CWE-020-IncompleteHostnameRegExp/IncompleteHostnameRegExp.qlref
@@ -0,0 +1 @@
+Security/CWE-020/IncompleteHostnameRegExp.ql
--- a/python/ql/test/query-tests/Security/CWE-020-IncompleteHostnameRegExp/hosttest.py
+++ b/python/ql/test/query-tests/Security/CWE-020-IncompleteHostnameRegExp/hosttest.py
@@ -0,0 +1,23 @@
+from flask import Flask, request, redirect
+import re
+
+app = Flask(__name__)
+
+UNSAFE_REGEX = re.compile("(www|beta).example.com/")
+SAFE_REGEX = re.compile(r"(www|beta)\.example\.com/")
+
+@app.route('/some/path/bad')
+def unsafe(request):
+    target = request.args.get('target', '')
+    if UNSAFE_REGEX.match(target):
+        return redirect(target)
+
+@app.route('/some/path/good')
+def safe(request):
+    target = request.args.get('target', '')
+    if SAFE_REGEX.match(target):
+        return redirect(target)
+
+# FP reported in https://github.com/github/codeql/issues/3712
+# This does not define a regex (but could be used by other code to do so)
+escaped = re.escape("https://www.humblebundle.com/home/library")
				`@@ -0,0 +1 @@`
				`\| hosttest.py:6:27:6:51 \| Str \| This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. \|`
				`@@ -0,0 +1 @@`
				`Security/CWE-020/IncompleteHostnameRegExp.ql`