Add instance taint steps for requests

2026-04-29 02:35:15 +02:00 · 2024-04-22 16:03:39 +01:00
parent 88e3227ed0
commit f85ee38e04
2 changed files with 104 additions and 3 deletions
--- a/python/ql/test/library-tests/frameworks/pyramid/pyramid_test.py
+++ b/python/ql/test/library-tests/frameworks/pyramid/pyramid_test.py
@@ -4,9 +4,66 @@ from pyramid.config import Configurator
@view_config(route_name="test1")
 def test1(request):
    ensure_tainted(
-        request,              # $ tainted
-        request.body,         # $ MISSING:tainted
-        request.GET['a']      # $ MISSING:tainted
+        request,                   # $ tainted
+
+        request.accept,            # $ tainted
+        request.accept_charset,    # $ tainted
+        request.accept_encoding,   # $ tainted
+        request.accept_language,   # $ tainted
+        request.authorization,     # $ tainted
+        request.cache_control,     # $ tainted
+        request.client_addr,       # $ tainted
+        request.content_type,      # $ tainted
+        request.domain,            # $ tainted
+        request.host,              # $ tainted
+        request.host_port,         # $ tainted
+        request.host_url,          # $ tainted
+        request.if_match,          # $ tainted
+        request.if_none_match,     # $ tainted
+        request.if_range,          # $ tainted   
+        request.pragma,            # $ tainted
+        request.range,             # $ tainted
+        request.referer,           # $ tainted
+        request.referrer,          # $ tainted
+        request.user_agent,        # $ tainted
+
+        request.as_bytes,          # $ tainted
+
+        request.body,              # $ tainted
+        request.body_file,         # $ tainted
+        request.body_file_raw,     # $ tainted
+        request.body_file_seekable,# $ tainted
+        request.body_file.read(),  # $ MISSING:tainted
+
+        request.json,              # $ tainted
+        request.json_body,         # $ tainted
+        request.json['a']['b'][0]['c'],   # $ tainted
+
+        request.text,               # $ tainted
+
+        request.path,               # $ tainted
+        request.path_info,          # $ tainted
+        request.path_info_peek(),   # $ tainted
+        request.path_info_pop(),    # $ tainted
+        request.path_qs,            # $ tainted
+        request.path_url,           # $ tainted
+        request.query_string,       # $ tainted
+
+        request.url,                # $ tainted
+        request.urlargs,            # $ tainted
+        request.urlvars,            # $ tainted
+
+        request.GET['a'],           # $ tainted
+        request.POST['b'],          # $ tainted
+        request.cookies['c'],       # $ tainted
+        request.params['d'],        # $ tainted
+        request.headers['X-My-Header'],   # $ tainted
+        request.GET.values(),       # $ tainted
+
+        request.copy(),             # $ tainted
+        request.copy_body(),        # $ tainted
+        request.copy_get(),         # $ tainted
+        request.copy().GET['a']     # $ MISSING:tainted
        ) 

 def test2(request):