hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
tausbn/python-refine-location-of-flask-request-sources
codeql/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected
Taus 0f4f909ded Python: Update test .expected files 
Really starting to regret our widespread use of `flask.request` as _the_
example of a remote flow source.
2025-08-29 12:01:29 +00:00

45 lines
5.1 KiB
Plaintext
Raw Permalink Blame History

#select
| code_injection.py:7:10:7:13 | ControlFlowNode for code | code_injection.py:6:12:6:18 | ControlFlowNode for request | code_injection.py:7:10:7:13 | ControlFlowNode for code | This code execution depends on a $@. | code_injection.py:6:12:6:18 | ControlFlowNode for request | user-provided value |
| code_injection.py:8:10:8:13 | ControlFlowNode for code | code_injection.py:6:12:6:18 | ControlFlowNode for request | code_injection.py:8:10:8:13 | ControlFlowNode for code | This code execution depends on a $@. | code_injection.py:6:12:6:18 | ControlFlowNode for request | user-provided value |
| code_injection.py:10:10:10:12 | ControlFlowNode for cmd | code_injection.py:6:12:6:18 | ControlFlowNode for request | code_injection.py:10:10:10:12 | ControlFlowNode for cmd | This code execution depends on a $@. | code_injection.py:6:12:6:18 | ControlFlowNode for request | user-provided value |
| code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | code_injection.py:18:16:18:22 | ControlFlowNode for request | code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | This code execution depends on a $@. | code_injection.py:18:16:18:22 | ControlFlowNode for request | user-provided value |
edges
| code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:7:10:7:13 | ControlFlowNode for code | provenance | |
| code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:8:10:8:13 | ControlFlowNode for code | provenance | |
| code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:9:5:9:7 | ControlFlowNode for cmd | provenance | AdditionalTaintStep |
| code_injection.py:6:12:6:18 | ControlFlowNode for request | code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | provenance | dict.get |
| code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | code_injection.py:6:5:6:8 | ControlFlowNode for code | provenance | |
| code_injection.py:9:5:9:7 | ControlFlowNode for cmd | code_injection.py:10:10:10:12 | ControlFlowNode for cmd | provenance | |
| code_injection.py:18:5:18:12 | ControlFlowNode for obj_name | code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | provenance | |
| code_injection.py:18:16:18:22 | ControlFlowNode for request | code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | provenance | dict.get |
| code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | code_injection.py:18:5:18:12 | ControlFlowNode for obj_name | provenance | |
nodes
| code_injection.py:6:5:6:8 | ControlFlowNode for code | semmle.label | ControlFlowNode for code |
| code_injection.py:6:12:6:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| code_injection.py:7:10:7:13 | ControlFlowNode for code | semmle.label | ControlFlowNode for code |
| code_injection.py:8:10:8:13 | ControlFlowNode for code | semmle.label | ControlFlowNode for code |
| code_injection.py:9:5:9:7 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
| code_injection.py:10:10:10:12 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
| code_injection.py:18:5:18:12 | ControlFlowNode for obj_name | semmle.label | ControlFlowNode for obj_name |
| code_injection.py:18:16:18:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | semmle.label | ControlFlowNode for obj_name |
subpaths
testFailures
| code_injection.py:1:34:1:49 | Comment # $ Source=flask | Missing result: Source=flask |
| code_injection.py:6:12:6:18 | ControlFlowNode for request | Unexpected result: Source |
| code_injection.py:7:10:7:13 | ControlFlowNode for code | Unexpected result: Alert |
| code_injection.py:7:16:7:30 | Comment # $ Alert=flask | Missing result: Alert=flask |
| code_injection.py:8:10:8:13 | ControlFlowNode for code | Unexpected result: Alert |
| code_injection.py:8:16:8:30 | Comment # $ Alert=flask | Missing result: Alert=flask |
| code_injection.py:10:10:10:12 | ControlFlowNode for cmd | Unexpected result: Alert |
| code_injection.py:10:15:10:29 | Comment # $ Alert=flask | Missing result: Alert=flask |
| code_injection.py:18:16:18:22 | ControlFlowNode for request | Unexpected result: Source |
| code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | Unexpected result: Alert |
| code_injection.py:21:30:21:54 | Comment # $ SPURIOUS: Alert=flask | Fixed spurious result: Alert=flask |
Reference in New Issue View Git Blame Copy Permalink