hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-05 13:37:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

python: fix test

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2024-12-03 18:33:47 +01:00
committed by Owen Mansel-Chan
parent fa9426c749
commit fa758d6bf5
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
python/ql/test/library-tests/frameworks/tornado/taint_test.py
View File

@@ -63,9 +63,8 @@ class TaintTest(tornado.web.RequestHandler):
request.headers["header-name"], # $ tainted
request.headers.get_list("header-name"), # $ tainted
request.headers.get_all(), # $ tainted
[(k, v) for (k, v) in request.headers.get_all()], # $ MISSING: tainted
[(k, v) for (k, v) in request.headers.get_all()][0], # $ tainted
list([(k, v) for (k, v) in request.headers.get_all()]), # $ MISSING: tainted
list([(k, v) for (k, v) in request.headers.get_all()])[0], # $ tainted
# Dict[str, http.cookies.Morsel]
request.cookies, # $ tainted
@@ -75,6 +74,11 @@ class TaintTest(tornado.web.RequestHandler):
request.cookies["cookie-name"].coded_value, # $ tainted
)
ensure_not_tainted(
[(k, v) for (k, v) in request.headers.get_all()], # The comprehension is not tainted, only the elements
list([(k, v) for (k, v) in request.headers.get_all()]), # Here, all the elements of the list are tainted, but the list is not.
)
def make_app():
return tornado.web.Application(