hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add toString to TurboGears HttpResponseTaintSinks

Browse Source 
Naming these were a bit hard, but better than generic "Taint Sink"
This commit is contained in:
Rasmus Wriedt Larsen
2020-01-07 13:41:41 +01:00
parent 6b87458c2e
commit effa4548ab
4 changed files with 9 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/semmle/python/web/turbogears/Response.qll
View File

@@ -5,6 +5,8 @@ import semmle.python.web.Http
import TurboGears
class ControllerMethodReturnValue extends HttpResponseTaintSink {
override string toString() { result = "TurboGears ControllerMethodReturnValue" }
ControllerMethodReturnValue() {
exists(TurboGearsControllerMethod m |
m.getAReturnValueFlowNode() = this and
@@ -16,6 +18,8 @@ class ControllerMethodReturnValue extends HttpResponseTaintSink {
}
class ControllerMethodTemplatedReturnValue extends HttpResponseTaintSink {
override string toString() { result = "TurboGears ControllerMethodTemplatedReturnValue" }
ControllerMethodTemplatedReturnValue() {
exists(TurboGearsControllerMethod m |
m.getAReturnValueFlowNode() = this and

11
python/ql/test/library-tests/web/turbogears/HttpSinks.expected
View File

@@ -1,6 +1,5 @@
| test.py:8:16:8:69 | Taint sink | externally controlled string |
| test.py:14:16:14:50 | Taint sink | externally controlled string |
| test.py:19:16:19:50 | Taint sink | externally controlled string |
| test.py:23:16:23:50 | Taint sink | externally controlled string |
| test.py:27:16:27:38 | Taint sink | {externally controlled string} |
FIXME
| test.py:8:16:8:69 | TurboGears ControllerMethodReturnValue | externally controlled string |
| test.py:14:16:14:50 | TurboGears ControllerMethodReturnValue | externally controlled string |
| test.py:19:16:19:50 | TurboGears ControllerMethodReturnValue | externally controlled string |
| test.py:23:16:23:50 | TurboGears ControllerMethodReturnValue | externally controlled string |
| test.py:27:16:27:38 | TurboGears ControllerMethodTemplatedReturnValue | {externally controlled string} |

5
python/ql/test/library-tests/web/turbogears/Sinks.expected
View File

@@ -1,5 +0,0 @@
| test.py:8 | BinaryExpr | externally controlled string |
| test.py:14 | BinaryExpr | externally controlled string |
| test.py:19 | BinaryExpr | externally controlled string |
| test.py:23 | BinaryExpr | externally controlled string |
| test.py:27 | Dict | {externally controlled string} |

8
python/ql/test/library-tests/web/turbogears/Sinks.ql
View File

@@ -1,8 +0,0 @@
import python
import semmle.python.web.HttpRequest
import semmle.python.web.HttpResponse
import semmle.python.security.strings.Untrusted
from TaintSink sink, TaintKind kind
where sink.sinks(kind)
select sink.getLocation().toString(), sink.(ControlFlowNode).getNode().toString(), kind