hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
z80coder/query-pack-release-candidate-2
codeql/python/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess copy.md
Rasmus Wriedt Larsen d493cfdf3a Python: Model FastAPI FileResponse as FileSystemAccess 
This was an oversight from our initial FastAPI modeling work.
2021-11-24 11:44:51 +01:00

230 B
Raw Permalink Blame History

lgtm,codescanning

  • Extended the modeling of FastAPI such that fastapi.responses.FileResponse are considered FileSystemAccess, making them sinks for the Uncontrolled data used in path expression (py/path-injection) query.