Python: Model routed parameter flow to *args and **kwargs in Django + rest framework

2025-12-18 01:33:15 +01:00 · 2023-10-23 17:15:26 +02:00
parent 24687b4156
commit e8f548ab52
4 changed files with 29 additions and 10 deletions
--- a/python/ql/test/library-tests/frameworks/django-v2-v3/taint_test.py
+++ b/python/ql/test/library-tests/frameworks/django-v2-v3/taint_test.py
@@ -174,11 +174,11 @@ class ClassView(View):
        )


-def kwargs_param(request, **kwargs): # $ requestHandler
+def kwargs_param(request, **kwargs): # $ requestHandler routedParameter=kwargs
    ensure_tainted(
-        kwargs, # $ MISSING: tainted
-        kwargs["foo"], # $ MISSING: tainted
-        kwargs["bar"]  # $ MISSING: tainted
+        kwargs, # $ tainted
+        kwargs["foo"], # $ tainted
+        kwargs["bar"]  # $ tainted
    )

    ensure_tainted(request) # $ tainted