Python: Fix Flask request.files modeling

2026-04-30 11:15:13 +02:00 · 2022-05-02 14:14:29 +02:00
parent 0c62916af5
commit fb0133d276
2 changed files with 2 additions and 2 deletions
--- a/python/ql/lib/semmle/python/frameworks/Flask.qll
+++ b/python/ql/lib/semmle/python/frameworks/Flask.qll
@@ -418,7 +418,7 @@ module Flask {
      // TODO: This approach for identifying member-access is very adhoc, and we should
      // be able to do something more structured for providing modeling of the members
      // of a container-object.
-      exists(DataFlow::AttrRead files | files = request().getMember("files").getAnImmediateUse() |
+      exists(DataFlow::Node files | files = request().getMember("files").getAUse() |
        this.asCfgNode().(SubscriptNode).getObject() = files.asCfgNode()
        or
        this.(DataFlow::MethodCallNode).calls(files, "get")
--- a/python/ql/test/library-tests/frameworks/flask/taint_test.py
+++ b/python/ql/test/library-tests/frameworks/flask/taint_test.py
@@ -204,7 +204,7 @@ def test_taint(name = "World!", number="0", foo="foo"):  # $requestHandler route
        b.getlist('key'), # $ tainted
        gl('key'), # $ tainted

-        files.get('key').filename, # $ MISSING: tainted
+        files.get('key').filename, # $ tainted
    )

    # aliasing tests