hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-31 03:21:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
1bcaa56b1055fab2bd502f691a150871d7c11284
codeql/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected
yoff 1bcaa56b10 Python: rebless second round after shared-CFG dataflow migration 
Second batch of test reblessings, capturing changes in result content
(not just toString labels):

- Framework taint/concept tests (fastapi, sqlalchemy, aiohttp, lxml,
  stdlib, django-orm): mostly gained MISSING-tainted annotations where
  the new dataflow no longer reaches sinks. Some are real taint
  regressions; left as documented failures for follow-up.

- Exception-handler tests (CWE-209-StackTraceExposure, EmptyExcept,
  CatchingBaseException, IncorrectExceptOrder, FileNotAlwaysClosed,
  FindSubclass/Find, Statements/exit/UseOfExit): the no-raise shared CFG
  abstraction does not emit ExceptionSuccessor abrupt-completion edges
  from arbitrary expressions, so except-handler bodies (and their
  exception target Names) are statically dead. Tracked separately under
  cfg-modelling-exceptions.

- Dataflow-path / control-flow node toString polish across the security
  query suite (PathInjection, CodeInjection, UnsafeUnpacking,
  UnsafeUsageOfClientSideEncryptionVersion, RequestWithoutValidation,
  ReflectedXss, CallGraph): simple-leaf nodes now stringify as their
  AST text instead of 'After X'.

- SSA / call-graph improvements (CmpTest, CallGraph/InlineCallGraphTest):
  fewer SSA mismatches between new and old; two previously-MISSING tt=
  annotations resolved.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-28 21:09:49 +00:00

108 lines
15 KiB
Plaintext
Raw Blame History

edges
| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | testapp/orm_security_tests.py:42:23:42:42 | After Attribute() [empty] [List element, Attribute age] | provenance | |
| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | testapp/orm_security_tests.py:51:14:51:53 | After Attribute() [Attribute age] | provenance | |
| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | testapp/orm_security_tests.py:42:23:42:42 | After Attribute() [empty] [List element, Attribute name] | provenance | |
| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | testapp/orm_security_tests.py:47:14:47:53 | After Attribute() [Attribute name] | provenance | |
| testapp/orm_security_tests.py:19:12:19:18 | request | testapp/orm_security_tests.py:22:23:22:42 | After Subscript | provenance | AdditionalTaintStep |
| testapp/orm_security_tests.py:19:12:19:18 | request | testapp/orm_security_tests.py:23:22:23:40 | After Subscript | provenance | AdditionalTaintStep |
| testapp/orm_security_tests.py:22:9:22:14 | [post] person [Attribute name] | testapp/orm_security_tests.py:23:9:23:14 | person [Attribute name] | provenance | |
| testapp/orm_security_tests.py:22:23:22:42 | After Subscript | testapp/orm_security_tests.py:22:9:22:14 | [post] person [Attribute name] | provenance | |
| testapp/orm_security_tests.py:23:9:23:14 | [post] person [Attribute age] | testapp/orm_security_tests.py:28:9:28:14 | person [Attribute age] | provenance | |
| testapp/orm_security_tests.py:23:9:23:14 | person [Attribute name] | testapp/orm_security_tests.py:28:9:28:14 | person [Attribute name] | provenance | |
| testapp/orm_security_tests.py:23:22:23:40 | After Subscript | testapp/orm_security_tests.py:23:9:23:14 | [post] person [Attribute age] | provenance | |
| testapp/orm_security_tests.py:28:9:28:14 | person [Attribute age] | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | provenance | |
| testapp/orm_security_tests.py:28:9:28:14 | person [Attribute name] | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | provenance | |
| testapp/orm_security_tests.py:42:13:42:18 | person [Attribute age] | testapp/orm_security_tests.py:43:62:43:67 | person [Attribute age] | provenance | |
| testapp/orm_security_tests.py:42:13:42:18 | person [Attribute name] | testapp/orm_security_tests.py:43:49:43:54 | person [Attribute name] | provenance | |
| testapp/orm_security_tests.py:42:23:42:42 | After Attribute() [empty] [List element, Attribute age] | testapp/orm_security_tests.py:42:13:42:18 | person [Attribute age] | provenance | |
| testapp/orm_security_tests.py:42:23:42:42 | After Attribute() [empty] [List element, Attribute name] | testapp/orm_security_tests.py:42:13:42:18 | person [Attribute name] | provenance | |
| testapp/orm_security_tests.py:43:13:43:21 | resp_text | testapp/orm_security_tests.py:44:29:44:37 | resp_text | provenance | |
| testapp/orm_security_tests.py:43:49:43:54 | person [Attribute name] | testapp/orm_security_tests.py:43:49:43:59 | After Attribute | provenance | |
| testapp/orm_security_tests.py:43:49:43:59 | After Attribute | testapp/orm_security_tests.py:43:13:43:21 | resp_text | provenance | |
| testapp/orm_security_tests.py:43:62:43:67 | person [Attribute age] | testapp/orm_security_tests.py:43:62:43:71 | After Attribute | provenance | |
| testapp/orm_security_tests.py:43:62:43:71 | After Attribute | testapp/orm_security_tests.py:43:13:43:21 | resp_text | provenance | |
| testapp/orm_security_tests.py:47:5:47:10 | person [Attribute name] | testapp/orm_security_tests.py:48:46:48:51 | person [Attribute name] | provenance | |
| testapp/orm_security_tests.py:47:14:47:53 | After Attribute() [Attribute name] | testapp/orm_security_tests.py:47:5:47:10 | person [Attribute name] | provenance | |
| testapp/orm_security_tests.py:48:46:48:51 | person [Attribute name] | testapp/orm_security_tests.py:48:46:48:56 | After Attribute | provenance | |
| testapp/orm_security_tests.py:48:46:48:56 | After Attribute | testapp/orm_security_tests.py:48:25:48:57 | After Attribute() | provenance | |
| testapp/orm_security_tests.py:51:5:51:10 | person [Attribute age] | testapp/orm_security_tests.py:55:45:55:50 | person [Attribute age] | provenance | |
| testapp/orm_security_tests.py:51:14:51:53 | After Attribute() [Attribute age] | testapp/orm_security_tests.py:51:5:51:10 | person [Attribute age] | provenance | |
| testapp/orm_security_tests.py:55:45:55:50 | person [Attribute age] | testapp/orm_security_tests.py:55:45:55:54 | After Attribute | provenance | |
| testapp/orm_security_tests.py:55:45:55:54 | After Attribute | testapp/orm_security_tests.py:55:25:55:55 | After Attribute() | provenance | |
| testapp/orm_security_tests.py:92:1:92:44 | [orm-model] Class CommentValidatorNotUsed [Attribute text] | testapp/orm_security_tests.py:101:15:101:52 | After Attribute() [Attribute text] | provenance | |
| testapp/orm_security_tests.py:95:37:95:43 | request | testapp/orm_security_tests.py:96:44:96:63 | After Subscript | provenance | AdditionalTaintStep |
| testapp/orm_security_tests.py:96:5:96:11 | comment [Attribute text] | testapp/orm_security_tests.py:97:5:97:11 | comment [Attribute text] | provenance | |
| testapp/orm_security_tests.py:96:15:96:64 | After CommentValidatorNotUsed() [Attribute text] | testapp/orm_security_tests.py:96:5:96:11 | comment [Attribute text] | provenance | |
| testapp/orm_security_tests.py:96:44:96:63 | After Subscript | testapp/orm_security_tests.py:96:15:96:64 | After CommentValidatorNotUsed() [Attribute text] | provenance | |
| testapp/orm_security_tests.py:97:5:97:11 | comment [Attribute text] | testapp/orm_security_tests.py:92:1:92:44 | [orm-model] Class CommentValidatorNotUsed [Attribute text] | provenance | |
| testapp/orm_security_tests.py:101:5:101:11 | comment [Attribute text] | testapp/orm_security_tests.py:102:25:102:31 | comment [Attribute text] | provenance | |
| testapp/orm_security_tests.py:101:15:101:52 | After Attribute() [Attribute text] | testapp/orm_security_tests.py:101:5:101:11 | comment [Attribute text] | provenance | |
| testapp/orm_security_tests.py:102:25:102:31 | comment [Attribute text] | testapp/orm_security_tests.py:102:25:102:36 | After Attribute | provenance | |
| testapp/orm_security_tests.py:111:1:111:41 | [orm-model] Class CommentValidatorUsed [Attribute text] | testapp/orm_security_tests.py:120:15:120:49 | After Attribute() [Attribute text] | provenance | |
| testapp/orm_security_tests.py:114:33:114:39 | request | testapp/orm_security_tests.py:115:41:115:60 | After Subscript | provenance | AdditionalTaintStep |
| testapp/orm_security_tests.py:115:5:115:11 | comment [Attribute text] | testapp/orm_security_tests.py:117:5:117:11 | comment [Attribute text] | provenance | |
| testapp/orm_security_tests.py:115:15:115:61 | After CommentValidatorUsed() [Attribute text] | testapp/orm_security_tests.py:115:5:115:11 | comment [Attribute text] | provenance | |
| testapp/orm_security_tests.py:115:41:115:60 | After Subscript | testapp/orm_security_tests.py:115:15:115:61 | After CommentValidatorUsed() [Attribute text] | provenance | |
| testapp/orm_security_tests.py:117:5:117:11 | comment [Attribute text] | testapp/orm_security_tests.py:111:1:111:41 | [orm-model] Class CommentValidatorUsed [Attribute text] | provenance | |
| testapp/orm_security_tests.py:120:5:120:11 | comment [Attribute text] | testapp/orm_security_tests.py:121:25:121:31 | comment [Attribute text] | provenance | |
| testapp/orm_security_tests.py:120:15:120:49 | After Attribute() [Attribute text] | testapp/orm_security_tests.py:120:5:120:11 | comment [Attribute text] | provenance | |
| testapp/orm_security_tests.py:121:25:121:31 | comment [Attribute text] | testapp/orm_security_tests.py:121:25:121:36 | After Attribute | provenance | |
nodes
| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | semmle.label | [orm-model] Class Person [Attribute age] |
| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | semmle.label | [orm-model] Class Person [Attribute name] |
| testapp/orm_security_tests.py:19:12:19:18 | request | semmle.label | request |
| testapp/orm_security_tests.py:22:9:22:14 | [post] person [Attribute name] | semmle.label | [post] person [Attribute name] |
| testapp/orm_security_tests.py:22:23:22:42 | After Subscript | semmle.label | After Subscript |
| testapp/orm_security_tests.py:23:9:23:14 | [post] person [Attribute age] | semmle.label | [post] person [Attribute age] |
| testapp/orm_security_tests.py:23:9:23:14 | person [Attribute name] | semmle.label | person [Attribute name] |
| testapp/orm_security_tests.py:23:22:23:40 | After Subscript | semmle.label | After Subscript |
| testapp/orm_security_tests.py:28:9:28:14 | person [Attribute age] | semmle.label | person [Attribute age] |
| testapp/orm_security_tests.py:28:9:28:14 | person [Attribute name] | semmle.label | person [Attribute name] |
| testapp/orm_security_tests.py:42:13:42:18 | person [Attribute age] | semmle.label | person [Attribute age] |
| testapp/orm_security_tests.py:42:13:42:18 | person [Attribute name] | semmle.label | person [Attribute name] |
| testapp/orm_security_tests.py:42:23:42:42 | After Attribute() [empty] [List element, Attribute age] | semmle.label | After Attribute() [empty] [List element, Attribute age] |
| testapp/orm_security_tests.py:42:23:42:42 | After Attribute() [empty] [List element, Attribute name] | semmle.label | After Attribute() [empty] [List element, Attribute name] |
| testapp/orm_security_tests.py:43:13:43:21 | resp_text | semmle.label | resp_text |
| testapp/orm_security_tests.py:43:49:43:54 | person [Attribute name] | semmle.label | person [Attribute name] |
| testapp/orm_security_tests.py:43:49:43:59 | After Attribute | semmle.label | After Attribute |
| testapp/orm_security_tests.py:43:62:43:67 | person [Attribute age] | semmle.label | person [Attribute age] |
| testapp/orm_security_tests.py:43:62:43:71 | After Attribute | semmle.label | After Attribute |
| testapp/orm_security_tests.py:44:29:44:37 | resp_text | semmle.label | resp_text |
| testapp/orm_security_tests.py:47:5:47:10 | person [Attribute name] | semmle.label | person [Attribute name] |
| testapp/orm_security_tests.py:47:14:47:53 | After Attribute() [Attribute name] | semmle.label | After Attribute() [Attribute name] |
| testapp/orm_security_tests.py:48:25:48:57 | After Attribute() | semmle.label | After Attribute() |
| testapp/orm_security_tests.py:48:46:48:51 | person [Attribute name] | semmle.label | person [Attribute name] |
| testapp/orm_security_tests.py:48:46:48:56 | After Attribute | semmle.label | After Attribute |
| testapp/orm_security_tests.py:51:5:51:10 | person [Attribute age] | semmle.label | person [Attribute age] |
| testapp/orm_security_tests.py:51:14:51:53 | After Attribute() [Attribute age] | semmle.label | After Attribute() [Attribute age] |
| testapp/orm_security_tests.py:55:25:55:55 | After Attribute() | semmle.label | After Attribute() |
| testapp/orm_security_tests.py:55:45:55:50 | person [Attribute age] | semmle.label | person [Attribute age] |
| testapp/orm_security_tests.py:55:45:55:54 | After Attribute | semmle.label | After Attribute |
| testapp/orm_security_tests.py:92:1:92:44 | [orm-model] Class CommentValidatorNotUsed [Attribute text] | semmle.label | [orm-model] Class CommentValidatorNotUsed [Attribute text] |
| testapp/orm_security_tests.py:95:37:95:43 | request | semmle.label | request |
| testapp/orm_security_tests.py:96:5:96:11 | comment [Attribute text] | semmle.label | comment [Attribute text] |
| testapp/orm_security_tests.py:96:15:96:64 | After CommentValidatorNotUsed() [Attribute text] | semmle.label | After CommentValidatorNotUsed() [Attribute text] |
| testapp/orm_security_tests.py:96:44:96:63 | After Subscript | semmle.label | After Subscript |
| testapp/orm_security_tests.py:97:5:97:11 | comment [Attribute text] | semmle.label | comment [Attribute text] |
| testapp/orm_security_tests.py:101:5:101:11 | comment [Attribute text] | semmle.label | comment [Attribute text] |
| testapp/orm_security_tests.py:101:15:101:52 | After Attribute() [Attribute text] | semmle.label | After Attribute() [Attribute text] |
| testapp/orm_security_tests.py:102:25:102:31 | comment [Attribute text] | semmle.label | comment [Attribute text] |
| testapp/orm_security_tests.py:102:25:102:36 | After Attribute | semmle.label | After Attribute |
| testapp/orm_security_tests.py:111:1:111:41 | [orm-model] Class CommentValidatorUsed [Attribute text] | semmle.label | [orm-model] Class CommentValidatorUsed [Attribute text] |
| testapp/orm_security_tests.py:114:33:114:39 | request | semmle.label | request |
| testapp/orm_security_tests.py:115:5:115:11 | comment [Attribute text] | semmle.label | comment [Attribute text] |
| testapp/orm_security_tests.py:115:15:115:61 | After CommentValidatorUsed() [Attribute text] | semmle.label | After CommentValidatorUsed() [Attribute text] |
| testapp/orm_security_tests.py:115:41:115:60 | After Subscript | semmle.label | After Subscript |
| testapp/orm_security_tests.py:117:5:117:11 | comment [Attribute text] | semmle.label | comment [Attribute text] |
| testapp/orm_security_tests.py:120:5:120:11 | comment [Attribute text] | semmle.label | comment [Attribute text] |
| testapp/orm_security_tests.py:120:15:120:49 | After Attribute() [Attribute text] | semmle.label | After Attribute() [Attribute text] |
| testapp/orm_security_tests.py:121:25:121:31 | comment [Attribute text] | semmle.label | comment [Attribute text] |
| testapp/orm_security_tests.py:121:25:121:36 | After Attribute | semmle.label | After Attribute |
subpaths
#select
| testapp/orm_security_tests.py:44:29:44:37 | resp_text | testapp/orm_security_tests.py:19:12:19:18 | request | testapp/orm_security_tests.py:44:29:44:37 | resp_text | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | request | user-provided value |
| testapp/orm_security_tests.py:48:25:48:57 | After Attribute() | testapp/orm_security_tests.py:19:12:19:18 | request | testapp/orm_security_tests.py:48:25:48:57 | After Attribute() | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | request | user-provided value |
| testapp/orm_security_tests.py:55:25:55:55 | After Attribute() | testapp/orm_security_tests.py:19:12:19:18 | request | testapp/orm_security_tests.py:55:25:55:55 | After Attribute() | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | request | user-provided value |
| testapp/orm_security_tests.py:102:25:102:36 | After Attribute | testapp/orm_security_tests.py:95:37:95:43 | request | testapp/orm_security_tests.py:102:25:102:36 | After Attribute | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:95:37:95:43 | request | user-provided value |
| testapp/orm_security_tests.py:121:25:121:36 | After Attribute | testapp/orm_security_tests.py:114:33:114:39 | request | testapp/orm_security_tests.py:121:25:121:36 | After Attribute | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:114:33:114:39 | request | user-provided value |
Reference in New Issue View Git Blame Copy Permalink