Python: Add basic support for stdlib cookie objects.

2026-05-03 20:58:03 +02:00 · 2019-02-26 16:26:47 +00:00
parent b8b4216352
commit e933ba28d5
1 changed files with 32 additions and 0 deletions
--- a/python/ql/src/semmle/python/web/Http.qll
+++ b/python/ql/src/semmle/python/web/Http.qll
@@ -56,4 +56,36 @@ class WsgiEnvironment extends TaintKind {

 }

+/** A standard morsel object from a HTTP request, a value in a cookie,
+ * typically an instance of `http.cookies.Morsel` */
+class UntrustedMorsel extends TaintKind {
+
+    UntrustedMorsel() {
+        this = "http.Morsel"
+    }
+
+
+    override TaintKind getTaintOfAttribute(string name) {
+        result instanceof ExternalStringKind and
+        (
+            name = "value"
+        )
+    }
+
+}
+
+/** A standard cookie object from a HTTP request, typically an instance of `http.cookies.SimpleCookie` */
+class UntrustedCookie extends TaintKind {
+
+    UntrustedCookie() {
+        this = "http.Cookie"
+    }
+
+    override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) {
+        tonode.(SubscriptNode).getValue() = fromnode and
+        result instanceof UntrustedMorsel
+    }
+
+}
+