hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add django.shortcuts.redirect test

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-01-29 15:36:11 +01:00
parent 7a76a5134e
commit ff2f2b5792
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/test/experimental/library-tests/frameworks/django-v1/response_test.py
View File

@@ -1,4 +1,5 @@
from django.http.response import HttpResponse, HttpResponseRedirect, HttpResponsePermanentRedirect, JsonResponse, HttpResponseNotFound
import django.shortcuts
# Not an XSS sink, since the Content-Type is not "text/html"
# FP reported in https://github.com/github/codeql-python-team/issues/38
@@ -48,6 +49,11 @@ def redirect_through_normal_response(request):
return resp
def redirect_shortcut(request):
next = request.GET.get("next")
return django.shortcuts.redirect(next) # $ MISSING: HttpResponse HttpRedirectResponse redirectLocation=next
# Ensure that simple subclasses are still vuln to XSS
def xss__not_found(request):
return HttpResponseNotFound(request.GET.get("name")) # $HttpResponse mimetype=text/html responseBody=Attribute()