codeql/python/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess copy.md

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
lgtm,codescanning
* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`, making them sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
	`lgtm,codescanning`
	* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`, making them sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.