hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add taint-step for methods on aiohttp.web.Request

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-05-27 10:28:07 +02:00
parent 63c7fa0c2c
commit dd131e6bf7
2 changed files with 23 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
python/ql/test/library-tests/frameworks/aiohttp/taint_test.py
View File

@@ -81,25 +81,25 @@ async def test_taint(request: web.Request): # $ requestHandler
request.if_unmodified_since, # $ tainted
request.if_range, # $ tainted
request.clone(scheme="https"), # $ MISSING: tainted
request.clone(scheme="https"), # $ tainted
# TODO: like request.transport.get_extra_info
request.get_extra_info("key"), # $ MISSING: tainted
request.get_extra_info("key"), # $ tainted
# bytes
await request.read(), # $ MISSING: tainted
await request.read(), # $ tainted
# str
await request.text(), # $ MISSING: tainted
await request.text(), # $ tainted
# obj
await request.json(), # $ MISSING: tainted
await request.json(), # $ tainted
# aiohttp.multipart.MultipartReader
await request.multipart(), # $ MISSING: tainted
await request.multipart(), # $ tainted
# multidict.MultiDictProxy[str]
await request.post(), # $ MISSING: tainted
await request.post(), # $ tainted
(await request.post()).getone("key"), # $ MISSING: tainted
)