codeql/python/ql/test/library-tests/frameworks/twisted/taint_test.py

from twisted.web.resource import Resource
from twisted.web.server import Request

class MyTaintTest(Resource):
    def getChild(self, path, request): # $ requestHandler
        ensure_tainted(path, request) # $ tainted

    def render(self, request): # $ requestHandler
        ensure_tainted(request) # $ tainted

    def render_GET(self, request: Request): # $ requestHandler
        # see https://twistedmatrix.com/documents/21.2.0/api/twisted.web.server.Request.html
        ensure_tainted(
            request, # $ tainted

            request.uri, # $ tainted
            request.path, # $ tainted
            request.prepath, # $ tainted
            request.postpath, # $ tainted

            # file-like
            request.content, # $ tainted
            request.content.read(), # $ MISSING: tainted

            # Dict[bytes, List[bytes]] (for query args)
            request.args, # $ tainted
            request.args[b"key"], # $ tainted
            request.args[b"key"][0], # $ tainted
            request.args.get(b"key"), # $ tainted
            request.args.get(b"key")[0], # $ tainted

            request.received_cookies, # $ tainted
            request.received_cookies["key"], # $ tainted
            request.received_cookies.get("key"), # $ tainted
            request.getCookie(b"key"), # $ tainted

            # twisted.web.http_headers.Headers
            # see https://twistedmatrix.com/documents/21.2.0/api/twisted.web.http_headers.Headers.html
            request.requestHeaders, # $ tainted
            request.requestHeaders.getRawHeaders("key"), # $ MISSING: tainted
            request.requestHeaders.getRawHeaders("key")[0], # $ MISSING: tainted
            request.requestHeaders.getAllRawHeaders(), # $ MISSING: tainted
            list(request.requestHeaders.getAllRawHeaders()), # $ MISSING: tainted

            request.getHeader("key"), # $ tainted
            request.getAllHeaders(), # $ tainted
            request.getAllHeaders()["key"], # $ tainted

            request.user, # $ tainted
            request.getUser(), # $ tainted

            request.password, # $ tainted
            request.getPassword(), # $ tainted

            request.host, # $ tainted
            request.getHost(), # $ tainted
            request.getRequestHostname(), # $ tainted
        )

        # technically user-controlled, but unlikely to lead to vulnerabilities.
        ensure_not_tainted(
            request.method,
        )

        # not tainted at all
        ensure_not_tainted(
            # outgoing things
            request.cookies,
            request.responseHeaders,
        )