Formatting updates

2026-04-25 08:45:14 +02:00 · 2024-11-29 10:29:37 +00:00
parent dd8b7a4a8f
commit ebaab89933
5 changed files with 11 additions and 12 deletions
--- a/python/ql/lib/semmle/python/Frameworks.qll
+++ b/python/ql/lib/semmle/python/Frameworks.qll
@@ -17,7 +17,6 @@ private import semmle.python.frameworks.Asyncpg
 private import semmle.python.frameworks.Baize
 private import semmle.python.frameworks.Bottle
 private import semmle.python.frameworks.BSon
-private import semmle.python.frameworks.Bottle
 private import semmle.python.frameworks.CassandraDriver
 private import semmle.python.frameworks.Chameleon
 private import semmle.python.frameworks.Cherrypy
--- a/python/ql/src/Security/CWE-074/TemplateInjection.ql
+++ b/python/ql/src/Security/CWE-074/TemplateInjection.ql
@@ -16,5 +16,5 @@ import TemplateInjectionFlow::PathGraph

 from TemplateInjectionFlow::PathNode source, TemplateInjectionFlow::PathNode sink
 where TemplateInjectionFlow::flowPath(source, sink)
-select sink.getNode(), source, sink, "This template construction depends on a $@.", source.getNode(),
-  "user-provided value"
+select sink.getNode(), source, sink, "This template construction depends on a $@.",
+  source.getNode(), "user-provided value"
--- a/python/ql/test/library-tests/frameworks/django-v2-v3/template_test.py
+++ b/python/ql/test/library-tests/frameworks/django-v2-v3/template_test.py
@@ -2,14 +2,14 @@ from django.template import Template, engines
 from django.urls import path
 from django.http.response import HttpResponse

-def a(request):  # $requestHandler
-    t = Template("abc").render() # $templateConstruction="abc"
-    return HttpResponse(t)  # $HttpResponse
+def a(request):  # $ requestHandler
+    t = Template("abc").render() # $ templateConstruction="abc"
+    return HttpResponse(t)  # $ HttpResponse

-def b(request): # $requestHandler
+def b(request): # $ requestHandler
    # This case is not currently supported
-    t = django.template.engines["django"].from_string("abc") # $MISSING:templateConstruction="abc"
-    return HttpResponse(t)  # $HttpResponse
+    t = django.template.engines["django"].from_string("abc") # $ MISSING:templateConstruction="abc"
+    return HttpResponse(t)  # $ HttpResponse

 urlpatterns = [
    path("a", a),  # $ routeSetup="a"
--- a/python/ql/test/library-tests/frameworks/flask/template_test.py
+++ b/python/ql/test/library-tests/frameworks/flask/template_test.py
@@ -2,12 +2,12 @@ from flask import Flask, Response, stream_with_context, render_template_string,
 app = Flask(__name__)

@app.route("/a")  # $routeSetup="/a"
-def a():  # $requestHandler
+def a():  # $ requestHandler
    r = render_template_string("abc") # $ templateConstruction="abc"
    return r # $ HttpResponse

@app.route("/b")  # $routeSetup="/b"
-def b():  # $requestHandler
+def b():  # $ requestHandler
    s = stream_template_string("abc") # $ templateConstruction="abc"
    r = Response(stream_with_context(s)) # $ HttpResponse
    return r # $ HttpResponse
--- a/python/ql/test/library-tests/frameworks/jinja2/template_test.py
+++ b/python/ql/test/library-tests/frameworks/jinja2/template_test.py
@@ -7,5 +7,5 @@ def test():
    t = Template("abc") # $ templateConstruction="abc"

    env2 = SandboxedEnvironment()
-    t = env.from_string("abc") # No result as we don't model SandboxedEnvironment. We may wish to instead specifically model it as NOT vulnerable to template injection vulnerabilities.
+    t = env2.from_string("abc") # No result as we don't model SandboxedEnvironment. We may wish to instead specifically model it as NOT vulnerable to template injection vulnerabilities.
    return t