hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add SmtpLib to Frameworks.qll and minimal fixes

Browse Source
This commit is contained in:
jorgectf
2021-11-13 14:24:02 +01:00
parent dbdf102ea6
commit e7cb762947
4 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/src/experimental/semmle/python/Frameworks.qll
View File

@@ -9,6 +9,7 @@ private import experimental.semmle.python.frameworks.Werkzeug
private import experimental.semmle.python.frameworks.LDAP
private import experimental.semmle.python.frameworks.NoSQL
private import experimental.semmle.python.frameworks.Log
private import experimental.semmle.python.libraries.FlaskMail
private import experimental.semmle.python.frameworks.Django
private import experimental.semmle.python.frameworks.Sendgrid
private import experimental.semmle.python.libraries.FlaskMail
private import experimental.semmle.python.libraries.SmtpLib

6
python/ql/src/experimental/semmle/python/frameworks/Django.qll
View File

@@ -8,7 +8,7 @@ private import semmle.python.frameworks.Django
private import semmle.python.dataflow.new.DataFlow
private import experimental.semmle.python.Concepts
private import semmle.python.ApiGraphs
import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.dataflow.new.RemoteFlowSources
private module PrivateDjango {
private module django {
@@ -112,7 +112,7 @@ private module PrivateDjango {
* * `getFrom()`'s result would be `"from@example.com"`.
* * `getSubject()`'s result would be `"Subject"`.
*/
private class DjangoSendMail extends DataFlow::CallCfgNode, EmailSender {
private class DjangoSendMail extends DataFlow::CallCfgNode, EmailSender::Range {
DjangoSendMail() { this = djangoMail().getMember("send_mail").getACall() }
override DataFlow::Node getPlainTextBody() {
@@ -152,7 +152,7 @@ private module PrivateDjango {
* * `getFrom()`'s result would be `none`.
* * `getSubject()`'s result would be `"Subject"`.
*/
private class DjangoMailInternal extends DataFlow::CallCfgNode, EmailSender {
private class DjangoMailInternal extends DataFlow::CallCfgNode, EmailSender::Range {
DjangoMailInternal() {
this = djangoMail().getMember(["mail_admins", "mail_managers"]).getACall()
}

2
python/ql/src/experimental/semmle/python/frameworks/Sendgrid.qll
View File

@@ -83,7 +83,7 @@ private module Sendgrid {
* * `getFrom()`'s result would be `"from@example.com"`.
* * `getSubject()`'s result would be `"Sending with SendGrid is Fun"`.
*/
private class SendGridMail extends DataFlow::CallCfgNode, EmailSender {
private class SendGridMail extends DataFlow::CallCfgNode, EmailSender::Range {
SendGridMail() { this.getFunction() = sendgridApiSendCall() }
override DataFlow::Node getPlainTextBody() {

2
python/ql/src/experimental/semmle/python/libraries/FlaskMail.qll
View File

@@ -67,7 +67,7 @@ private module FlaskMail {
* * `getFrom()`'s result would be `"from@example.com"`.
* * `getSubject()`'s result would be `"Subject"`.
*/
private class FlaskMail extends DataFlow::CallCfgNode, EmailSender {
private class FlaskMail extends DataFlow::CallCfgNode, EmailSender::Range {
FlaskMail() {
this =
[flaskMailInstance(), flaskMailInstance().getMember("connect").getReturn()]