hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Extend documentation

Browse Source
This commit is contained in:
jorgectf
2021-06-18 02:03:56 +02:00
parent 4963caf506
commit dcb1da338b
2 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
python/ql/src/experimental/semmle/python/Concepts.qll
View File

@@ -14,16 +14,35 @@ private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.dataflow.new.TaintTracking
private import experimental.semmle.python.Frameworks
/** Provides classes for modeling HTTP Header APIs. */
module HeaderDeclaration {
/**
* A data-flow node that collects functions setting HTTP Headers' content.
*
* Extend this class to model new APIs. If you want to refine existing API models,
* extend `HeaderDeclaration` instead.
*/
abstract class Range extends DataFlow::Node {
abstract DataFlow::Node getHeaderInputNode();
/**
* Gets the argument containing the header value.
*/
abstract DataFlow::Node getHeaderInput();
}
}
/**
* A data-flow node that collects functions setting HTTP Headers' content.
*
* Extend this class to model new APIs. If you want to refine existing API models,
* extend `HeaderDeclaration` instead.
*/
class HeaderDeclaration extends DataFlow::Node {
HeaderDeclaration::Range range;
HeaderDeclaration() { this = range }
DataFlow::Node getHeaderInputNode() { result = range.getHeaderInputNode() }
/**
* Gets the argument containing the header value.
*/
DataFlow::Node getHeaderInput() { result = range.getHeaderInput() }
}

5
python/ql/src/experimental/semmle/python/security/injection/HTTPHeaders.qll
View File

@@ -4,12 +4,15 @@ import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
import semmle.python.dataflow.new.RemoteFlowSources
/**
* A taint-tracking configuration for detecting HTTP Header injections.
*/
class HeaderInjectionFlowConfig extends TaintTracking::Configuration {
HeaderInjectionFlowConfig() { this = "HeaderInjectionFlowConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) {
sink = any(HeaderDeclaration headerDeclaration).getHeaderInputNode()
sink = any(HeaderDeclaration headerDeclaration).getHeaderInput()
}
}