hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: client request: getUrl => getAUrlPart

Browse Source 
I think `getUrl` is a bit too misleading, since from the name, I would
only ever expect ONE result for one request being made.

`getAUrlPart` captures that there could be multiple results, and that
they might not constitute a whole URl.

Which is the same naming I used when I tried to model this a long time ago
a80860cdc6/python/ql/lib/semmle/python/web/Http.qll (L102-L111)
This commit is contained in:
Rasmus Wriedt Larsen
2021-12-15 21:33:54 +01:00
parent 6f81685f48
commit f8fc583af3
7 changed files with 54 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/lib/semmle/python/Concepts.qll
View File

@@ -829,7 +829,7 @@ module HTTP {
* Gets a node that contributes to the URL of the request.
* Depending on the framework, a request may have multiple nodes which contribute to the URL.
*/
DataFlow::Node getUrl() { result = super.getUrl() }
DataFlow::Node getAUrlPart() { result = super.getAUrlPart() }
/** Gets a string that identifies the framework used for this request. */
string getFramework() { result = super.getFramework() }
@@ -864,7 +864,7 @@ module HTTP {
* Gets a node that contributes to the URL of the request.
* Depending on the framework, a request may have multiple nodes which contribute to the URL.
*/
abstract DataFlow::Node getUrl();
abstract DataFlow::Node getAUrlPart();
/** Gets a string that identifies the framework used for this request. */
abstract string getFramework();
@@ -888,7 +888,7 @@ module HTTP {
private class HttpClientRequestAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
exists(Request req |
nodeFrom = req.getUrl() and
nodeFrom = req.getAUrlPart() and
nodeTo = req.getResponse()
)
}

2
python/ql/lib/semmle/python/frameworks/Requests.qll
View File

@@ -43,7 +43,7 @@ private module Requests {
)
}
override DataFlow::Node getUrl() {
override DataFlow::Node getAUrlPart() {
result = this.getArgByName("url")
or
not methodName = "request" and

2
python/ql/lib/semmle/python/frameworks/Stdlib.qll
View File

@@ -2179,7 +2179,7 @@ private module StdlibPrivate {
this.getObject().getALocalSource()
}
override DataFlow::Node getUrl() {
override DataFlow::Node getAUrlPart() {
result in [this.getArg(1), this.getArgByName("url")]
or
this.getObject() = instance(result)