Rasmus Wriedt Larsen
6cba2fe4f8
Python: Model Django response sinks that are not vuln to XSS
...
Since HttpResponse is not *only* used for XSS, it is still valuable to know the
content is send as part of the response.
The *proper* solution to this problem of not all HttpResponses being vulnerable
to XSS is probably to define a new abstract class in Http.qll called
HttpResponseXSSVulnerableSink (or similar). I would like to model a few more
libraries/frameworks before fully comitting to an approach though.
2020-05-26 16:45:46 +02:00
Rasmus Wriedt Larsen
3774310985
Python: Reduce FPs in Django due to bad XSS taint-sinks
...
Fixes https://github.com/github/codeql-python-team/issues/38
2020-05-18 19:14:43 +02:00
Rasmus Wriedt Larsen
fa08676a1d
Python: Proper redirect taint sinks for Django
...
Also a major restructuring of the code. A bit controversial since it
renames/moves classes that are already public.
Fixes https://github.com/github/codeql/issues/3466
2020-05-18 19:14:29 +02:00
Rasmus Wriedt Larsen
72ea4ff0dc
Python: Add more tests of django responses
...
They clearly shouldn't all be XSS sinks
2020-05-18 16:56:47 +02:00
Rasmus Wriedt Larsen
5a0babe88b
Python: Add support for Django 2.x and 3.x
...
I changed the django mock to support both 1.x and 2.x routing APIs, which is not
really a nice long term solution.
2020-02-18 11:22:35 +01:00
Rasmus Wriedt Larsen
a3c6472b9b
Python: Improve django tests (and prepare for v2 + v3 support)
2020-02-17 16:39:01 +01:00
Rasmus Wriedt Larsen
c25782d6da
Python: For web tests, use more precise name HttpResponseSinks
...
Since there are also HttpRedirectTaintSink, using HttpSink is confusing
2020-01-28 13:06:48 +01:00
