Python: Add Authorization modeling in Flask

2026-04-30 19:26:02 +02:00 · 2021-07-20 17:44:36 +02:00
parent 133632119d
commit dac71ded9d
3 changed files with 61 additions and 1 deletions
--- a/python/ql/test/library-tests/frameworks/flask/taint_test.py
+++ b/python/ql/test/library-tests/frameworks/flask/taint_test.py
@@ -44,7 +44,16 @@ def test_taint(name = "World!", number="0", foo="foo"):  # $requestHandler route
        # werkzeug.datastructures.Authorization (a dict, with some properties)
        request.authorization, # $ tainted
        request.authorization['username'], # $ tainted
-        request.authorization.username, # $ MISSING: tainted
+        request.authorization.username, # $ tainted
+        request.authorization.password, # $ tainted
+        request.authorization.realm, # $ tainted
+        request.authorization.nonce, # $ tainted
+        request.authorization.uri, # $ tainted
+        request.authorization.nc, # $ tainted
+        request.authorization.cnonce, # $ tainted
+        request.authorization.response, # $ tainted
+        request.authorization.opaque, # $ tainted
+        request.authorization.qop, # $ tainted

        # werkzeug.datastructures.RequestCacheControl
        request.cache_control, # $ tainted