mirror of
https://github.com/github/codeql.git
synced 2026-05-30 19:11:23 +02:00
1bcaa56b10
Second batch of test reblessings, capturing changes in result content (not just toString labels): - Framework taint/concept tests (fastapi, sqlalchemy, aiohttp, lxml, stdlib, django-orm): mostly gained MISSING-tainted annotations where the new dataflow no longer reaches sinks. Some are real taint regressions; left as documented failures for follow-up. - Exception-handler tests (CWE-209-StackTraceExposure, EmptyExcept, CatchingBaseException, IncorrectExceptOrder, FileNotAlwaysClosed, FindSubclass/Find, Statements/exit/UseOfExit): the no-raise shared CFG abstraction does not emit ExceptionSuccessor abrupt-completion edges from arbitrary expressions, so except-handler bodies (and their exception target Names) are statically dead. Tracked separately under cfg-modelling-exceptions. - Dataflow-path / control-flow node toString polish across the security query suite (PathInjection, CodeInjection, UnsafeUnpacking, UnsafeUsageOfClientSideEncryptionVersion, RequestWithoutValidation, ReflectedXss, CallGraph): simple-leaf nodes now stringify as their AST text instead of 'After X'. - SSA / call-graph improvements (CmpTest, CallGraph/InlineCallGraphTest): fewer SSA mismatches between new and old; two previously-MISSING tt= annotations resolved. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
296 lines
29 KiB
Plaintext
296 lines
29 KiB
Plaintext
#select
|
|
| fastapi_path_injection.py:7:19:7:26 | filepath | fastapi_path_injection.py:17:21:17:24 | path | fastapi_path_injection.py:7:19:7:26 | filepath | This path depends on a $@. | fastapi_path_injection.py:17:21:17:24 | path | user-provided value |
|
|
| fastapi_path_injection.py:7:19:7:26 | filepath | fastapi_path_injection.py:31:21:31:24 | path | fastapi_path_injection.py:7:19:7:26 | filepath | This path depends on a $@. | fastapi_path_injection.py:31:21:31:24 | path | user-provided value |
|
|
| fastapi_path_injection.py:7:19:7:26 | filepath | fastapi_path_injection.py:48:21:48:24 | path | fastapi_path_injection.py:7:19:7:26 | filepath | This path depends on a $@. | fastapi_path_injection.py:48:21:48:24 | path | user-provided value |
|
|
| flask_path_injection.py:21:32:21:38 | dirname | flask_path_injection.py:1:26:1:32 | After ImportMember | flask_path_injection.py:21:32:21:38 | dirname | This path depends on a $@. | flask_path_injection.py:1:26:1:32 | After ImportMember | user-provided value |
|
|
| path_injection.py:13:14:13:47 | After Attribute() | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:13:14:13:47 | After Attribute() | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| path_injection.py:21:14:21:18 | npath | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:21:14:21:18 | npath | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| path_injection.py:31:14:31:18 | npath | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:31:14:31:18 | npath | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| path_injection.py:48:14:48:18 | npath | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:48:14:48:18 | npath | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| path_injection.py:65:14:65:18 | npath | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:65:14:65:18 | npath | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| path_injection.py:87:18:87:37 | possibly_unsafe_path | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:87:18:87:37 | possibly_unsafe_path | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| path_injection.py:94:14:94:17 | path | path_injection.py:91:20:91:25 | foo_id | path_injection.py:94:14:94:17 | path | This path depends on a $@. | path_injection.py:91:20:91:25 | foo_id | user-provided value |
|
|
| path_injection.py:102:14:102:17 | path | path_injection.py:98:20:98:22 | foo | path_injection.py:102:14:102:17 | path | This path depends on a $@. | path_injection.py:98:20:98:22 | foo | user-provided value |
|
|
| path_injection.py:113:14:113:17 | path | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:113:14:113:17 | path | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| path_injection.py:124:14:124:17 | path | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:124:14:124:17 | path | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| path_injection.py:132:14:132:22 | sanitized | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:132:14:132:22 | sanitized | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| path_injection.py:142:14:142:17 | path | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:142:14:142:17 | path | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| path_injection.py:152:18:152:21 | path | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:152:18:152:21 | path | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| pathlib_use.py:14:5:14:5 | p | pathlib_use.py:3:26:3:32 | After ImportMember | pathlib_use.py:14:5:14:5 | p | This path depends on a $@. | pathlib_use.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| pathlib_use.py:17:5:17:6 | p2 | pathlib_use.py:3:26:3:32 | After ImportMember | pathlib_use.py:17:5:17:6 | p2 | This path depends on a $@. | pathlib_use.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| test.py:19:10:19:10 | x | test.py:3:26:3:32 | After ImportMember | test.py:19:10:19:10 | x | This path depends on a $@. | test.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| test.py:26:10:26:10 | y | test.py:3:26:3:32 | After ImportMember | test.py:26:10:26:10 | y | This path depends on a $@. | test.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| test.py:33:14:33:14 | x | test.py:3:26:3:32 | After ImportMember | test.py:33:14:33:14 | x | This path depends on a $@. | test.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
| test.py:49:14:49:14 | y | test.py:3:26:3:32 | After ImportMember | test.py:49:14:49:14 | y | This path depends on a $@. | test.py:3:26:3:32 | After ImportMember | user-provided value |
|
|
edges
|
|
| fastapi_path_injection.py:6:24:6:31 | filepath | fastapi_path_injection.py:7:19:7:26 | filepath | provenance | |
|
|
| fastapi_path_injection.py:17:21:17:24 | path | fastapi_path_injection.py:20:34:20:37 | path | provenance | |
|
|
| fastapi_path_injection.py:20:34:20:37 | path | fastapi_path_injection.py:6:24:6:31 | filepath | provenance | |
|
|
| fastapi_path_injection.py:31:21:31:24 | path | fastapi_path_injection.py:32:34:32:37 | path | provenance | |
|
|
| fastapi_path_injection.py:32:34:32:37 | path | fastapi_path_injection.py:6:24:6:31 | filepath | provenance | |
|
|
| fastapi_path_injection.py:48:21:48:24 | path | fastapi_path_injection.py:49:45:49:48 | path | provenance | |
|
|
| fastapi_path_injection.py:49:45:49:48 | path | fastapi_path_injection.py:6:24:6:31 | filepath | provenance | |
|
|
| flask_path_injection.py:1:26:1:32 | After ImportMember | flask_path_injection.py:1:26:1:32 | request | provenance | |
|
|
| flask_path_injection.py:1:26:1:32 | request | flask_path_injection.py:19:15:19:21 | request | provenance | |
|
|
| flask_path_injection.py:19:5:19:11 | dirname | flask_path_injection.py:21:32:21:38 | dirname | provenance | |
|
|
| flask_path_injection.py:19:15:19:21 | request | flask_path_injection.py:19:15:19:26 | After Attribute | provenance | AdditionalTaintStep |
|
|
| flask_path_injection.py:19:15:19:26 | After Attribute | flask_path_injection.py:19:15:19:45 | After Attribute() | provenance | dict.get |
|
|
| flask_path_injection.py:19:15:19:45 | After Attribute() | flask_path_injection.py:19:5:19:11 | dirname | provenance | |
|
|
| path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:3:26:3:32 | request | provenance | |
|
|
| path_injection.py:3:26:3:32 | request | path_injection.py:12:16:12:22 | request | provenance | |
|
|
| path_injection.py:3:26:3:32 | request | path_injection.py:19:16:19:22 | request | provenance | |
|
|
| path_injection.py:3:26:3:32 | request | path_injection.py:27:16:27:22 | request | provenance | |
|
|
| path_injection.py:3:26:3:32 | request | path_injection.py:46:16:46:22 | request | provenance | |
|
|
| path_injection.py:3:26:3:32 | request | path_injection.py:63:16:63:22 | request | provenance | |
|
|
| path_injection.py:3:26:3:32 | request | path_injection.py:84:16:84:22 | request | provenance | |
|
|
| path_injection.py:3:26:3:32 | request | path_injection.py:107:16:107:22 | request | provenance | |
|
|
| path_injection.py:3:26:3:32 | request | path_injection.py:118:16:118:22 | request | provenance | |
|
|
| path_injection.py:3:26:3:32 | request | path_injection.py:129:16:129:22 | request | provenance | |
|
|
| path_injection.py:3:26:3:32 | request | path_injection.py:138:16:138:22 | request | provenance | |
|
|
| path_injection.py:3:26:3:32 | request | path_injection.py:149:16:149:22 | request | provenance | |
|
|
| path_injection.py:12:5:12:12 | filename | path_injection.py:13:14:13:47 | After Attribute() | provenance | AdditionalTaintStep |
|
|
| path_injection.py:12:16:12:22 | request | path_injection.py:12:16:12:27 | After Attribute | provenance | AdditionalTaintStep |
|
|
| path_injection.py:12:16:12:27 | After Attribute | path_injection.py:12:16:12:47 | After Attribute() | provenance | dict.get |
|
|
| path_injection.py:12:16:12:47 | After Attribute() | path_injection.py:12:5:12:12 | filename | provenance | |
|
|
| path_injection.py:19:5:19:12 | filename | path_injection.py:20:30:20:63 | After Attribute() | provenance | AdditionalTaintStep |
|
|
| path_injection.py:19:16:19:22 | request | path_injection.py:19:16:19:27 | After Attribute | provenance | AdditionalTaintStep |
|
|
| path_injection.py:19:16:19:27 | After Attribute | path_injection.py:19:16:19:47 | After Attribute() | provenance | dict.get |
|
|
| path_injection.py:19:16:19:47 | After Attribute() | path_injection.py:19:5:19:12 | filename | provenance | |
|
|
| path_injection.py:20:5:20:9 | npath | path_injection.py:21:14:21:18 | npath | provenance | |
|
|
| path_injection.py:20:13:20:64 | After Attribute() | path_injection.py:20:5:20:9 | npath | provenance | |
|
|
| path_injection.py:20:30:20:63 | After Attribute() | path_injection.py:20:13:20:64 | After Attribute() | provenance | Config |
|
|
| path_injection.py:27:5:27:12 | filename | path_injection.py:28:30:28:63 | After Attribute() | provenance | AdditionalTaintStep |
|
|
| path_injection.py:27:16:27:22 | request | path_injection.py:27:16:27:27 | After Attribute | provenance | AdditionalTaintStep |
|
|
| path_injection.py:27:16:27:27 | After Attribute | path_injection.py:27:16:27:47 | After Attribute() | provenance | dict.get |
|
|
| path_injection.py:27:16:27:47 | After Attribute() | path_injection.py:27:5:27:12 | filename | provenance | |
|
|
| path_injection.py:28:5:28:9 | npath | path_injection.py:31:14:31:18 | npath | provenance | |
|
|
| path_injection.py:28:13:28:64 | After Attribute() | path_injection.py:28:5:28:9 | npath | provenance | |
|
|
| path_injection.py:28:30:28:63 | After Attribute() | path_injection.py:28:13:28:64 | After Attribute() | provenance | Config |
|
|
| path_injection.py:46:5:46:12 | filename | path_injection.py:47:30:47:63 | After Attribute() | provenance | AdditionalTaintStep |
|
|
| path_injection.py:46:16:46:22 | request | path_injection.py:46:16:46:27 | After Attribute | provenance | AdditionalTaintStep |
|
|
| path_injection.py:46:16:46:27 | After Attribute | path_injection.py:46:16:46:47 | After Attribute() | provenance | dict.get |
|
|
| path_injection.py:46:16:46:47 | After Attribute() | path_injection.py:46:5:46:12 | filename | provenance | |
|
|
| path_injection.py:47:5:47:9 | npath | path_injection.py:48:14:48:18 | npath | provenance | |
|
|
| path_injection.py:47:13:47:64 | After Attribute() | path_injection.py:47:5:47:9 | npath | provenance | |
|
|
| path_injection.py:47:30:47:63 | After Attribute() | path_injection.py:47:13:47:64 | After Attribute() | provenance | Config |
|
|
| path_injection.py:63:5:63:12 | filename | path_injection.py:64:29:64:62 | After Attribute() | provenance | AdditionalTaintStep |
|
|
| path_injection.py:63:16:63:22 | request | path_injection.py:63:16:63:27 | After Attribute | provenance | AdditionalTaintStep |
|
|
| path_injection.py:63:16:63:27 | After Attribute | path_injection.py:63:16:63:47 | After Attribute() | provenance | dict.get |
|
|
| path_injection.py:63:16:63:47 | After Attribute() | path_injection.py:63:5:63:12 | filename | provenance | |
|
|
| path_injection.py:64:5:64:9 | npath | path_injection.py:65:14:65:18 | npath | provenance | |
|
|
| path_injection.py:64:13:64:63 | After Attribute() | path_injection.py:64:5:64:9 | npath | provenance | |
|
|
| path_injection.py:64:29:64:62 | After Attribute() | path_injection.py:64:13:64:63 | After Attribute() | provenance | Config |
|
|
| path_injection.py:84:5:84:12 | filename | path_injection.py:85:5:85:24 | possibly_unsafe_path | provenance | AdditionalTaintStep |
|
|
| path_injection.py:84:16:84:22 | request | path_injection.py:84:16:84:27 | After Attribute | provenance | AdditionalTaintStep |
|
|
| path_injection.py:84:16:84:27 | After Attribute | path_injection.py:84:16:84:47 | After Attribute() | provenance | dict.get |
|
|
| path_injection.py:84:16:84:47 | After Attribute() | path_injection.py:84:5:84:12 | filename | provenance | |
|
|
| path_injection.py:85:5:85:24 | possibly_unsafe_path | path_injection.py:86:24:86:43 | possibly_unsafe_path | provenance | |
|
|
| path_injection.py:86:24:86:43 | possibly_unsafe_path | path_injection.py:87:18:87:37 | possibly_unsafe_path | provenance | |
|
|
| path_injection.py:91:20:91:25 | foo_id | path_injection.py:93:5:93:8 | path | provenance | AdditionalTaintStep |
|
|
| path_injection.py:93:5:93:8 | path | path_injection.py:94:14:94:17 | path | provenance | |
|
|
| path_injection.py:98:20:98:22 | foo | path_injection.py:101:5:101:8 | path | provenance | AdditionalTaintStep |
|
|
| path_injection.py:101:5:101:8 | path | path_injection.py:102:14:102:17 | path | provenance | |
|
|
| path_injection.py:107:5:107:12 | filename | path_injection.py:108:5:108:8 | path | provenance | AdditionalTaintStep |
|
|
| path_injection.py:107:16:107:22 | request | path_injection.py:107:16:107:27 | After Attribute | provenance | AdditionalTaintStep |
|
|
| path_injection.py:107:16:107:27 | After Attribute | path_injection.py:107:16:107:47 | After Attribute() | provenance | dict.get |
|
|
| path_injection.py:107:16:107:47 | After Attribute() | path_injection.py:107:5:107:12 | filename | provenance | |
|
|
| path_injection.py:108:5:108:8 | path | path_injection.py:113:14:113:17 | path | provenance | |
|
|
| path_injection.py:118:5:118:12 | filename | path_injection.py:119:5:119:8 | path | provenance | AdditionalTaintStep |
|
|
| path_injection.py:118:16:118:22 | request | path_injection.py:118:16:118:27 | After Attribute | provenance | AdditionalTaintStep |
|
|
| path_injection.py:118:16:118:27 | After Attribute | path_injection.py:118:16:118:47 | After Attribute() | provenance | dict.get |
|
|
| path_injection.py:118:16:118:47 | After Attribute() | path_injection.py:118:5:118:12 | filename | provenance | |
|
|
| path_injection.py:119:5:119:8 | path | path_injection.py:124:14:124:17 | path | provenance | |
|
|
| path_injection.py:129:5:129:12 | filename | path_injection.py:130:5:130:8 | path | provenance | AdditionalTaintStep |
|
|
| path_injection.py:129:16:129:22 | request | path_injection.py:129:16:129:27 | After Attribute | provenance | AdditionalTaintStep |
|
|
| path_injection.py:129:16:129:27 | After Attribute | path_injection.py:129:16:129:47 | After Attribute() | provenance | dict.get |
|
|
| path_injection.py:129:16:129:47 | After Attribute() | path_injection.py:129:5:129:12 | filename | provenance | |
|
|
| path_injection.py:130:5:130:8 | path | path_injection.py:131:5:131:13 | sanitized | provenance | |
|
|
| path_injection.py:131:5:131:13 | sanitized | path_injection.py:132:14:132:22 | sanitized | provenance | |
|
|
| path_injection.py:138:5:138:12 | filename | path_injection.py:139:5:139:8 | path | provenance | AdditionalTaintStep |
|
|
| path_injection.py:138:16:138:22 | request | path_injection.py:138:16:138:27 | After Attribute | provenance | AdditionalTaintStep |
|
|
| path_injection.py:138:16:138:27 | After Attribute | path_injection.py:138:16:138:47 | After Attribute() | provenance | dict.get |
|
|
| path_injection.py:138:16:138:47 | After Attribute() | path_injection.py:138:5:138:12 | filename | provenance | |
|
|
| path_injection.py:139:5:139:8 | path | path_injection.py:140:47:140:50 | path | provenance | |
|
|
| path_injection.py:140:47:140:50 | path | path_injection.py:142:14:142:17 | path | provenance | |
|
|
| path_injection.py:149:5:149:12 | filename | path_injection.py:151:9:151:12 | path | provenance | AdditionalTaintStep |
|
|
| path_injection.py:149:16:149:22 | request | path_injection.py:149:16:149:27 | After Attribute | provenance | AdditionalTaintStep |
|
|
| path_injection.py:149:16:149:27 | After Attribute | path_injection.py:149:16:149:47 | After Attribute() | provenance | dict.get |
|
|
| path_injection.py:149:16:149:47 | After Attribute() | path_injection.py:149:5:149:12 | filename | provenance | |
|
|
| path_injection.py:151:9:151:12 | path | path_injection.py:152:18:152:21 | path | provenance | |
|
|
| pathlib_use.py:3:26:3:32 | After ImportMember | pathlib_use.py:3:26:3:32 | request | provenance | |
|
|
| pathlib_use.py:3:26:3:32 | request | pathlib_use.py:12:16:12:22 | request | provenance | |
|
|
| pathlib_use.py:12:5:12:12 | filename | pathlib_use.py:13:5:13:5 | p | provenance | AdditionalTaintStep |
|
|
| pathlib_use.py:12:5:12:12 | filename | pathlib_use.py:16:5:16:6 | p2 | provenance | AdditionalTaintStep |
|
|
| pathlib_use.py:12:16:12:22 | request | pathlib_use.py:12:16:12:27 | After Attribute | provenance | AdditionalTaintStep |
|
|
| pathlib_use.py:12:16:12:27 | After Attribute | pathlib_use.py:12:16:12:47 | After Attribute() | provenance | dict.get |
|
|
| pathlib_use.py:12:16:12:47 | After Attribute() | pathlib_use.py:12:5:12:12 | filename | provenance | |
|
|
| pathlib_use.py:13:5:13:5 | p | pathlib_use.py:14:5:14:5 | p | provenance | |
|
|
| pathlib_use.py:16:5:16:6 | p2 | pathlib_use.py:17:5:17:6 | p2 | provenance | |
|
|
| test.py:3:26:3:32 | After ImportMember | test.py:3:26:3:32 | request | provenance | |
|
|
| test.py:3:26:3:32 | request | test.py:9:12:9:18 | request | provenance | |
|
|
| test.py:9:12:9:18 | request | test.py:9:12:9:23 | After Attribute | provenance | AdditionalTaintStep |
|
|
| test.py:9:12:9:23 | After Attribute | test.py:9:12:9:39 | After Attribute() | provenance | dict.get |
|
|
| test.py:9:12:9:39 | After Attribute() | test.py:18:9:18:16 | After source() | provenance | |
|
|
| test.py:9:12:9:39 | After Attribute() | test.py:24:9:24:16 | After source() | provenance | |
|
|
| test.py:9:12:9:39 | After Attribute() | test.py:31:9:31:16 | After source() | provenance | |
|
|
| test.py:9:12:9:39 | After Attribute() | test.py:46:9:46:16 | After source() | provenance | |
|
|
| test.py:12:15:12:15 | x | test.py:13:29:13:29 | x | provenance | |
|
|
| test.py:13:29:13:29 | x | test.py:13:12:13:30 | After Attribute() | provenance | Config |
|
|
| test.py:18:5:18:5 | x | test.py:19:10:19:10 | x | provenance | |
|
|
| test.py:18:9:18:16 | After source() | test.py:18:5:18:5 | x | provenance | |
|
|
| test.py:24:5:24:5 | x | test.py:25:19:25:19 | x | provenance | |
|
|
| test.py:24:9:24:16 | After source() | test.py:24:5:24:5 | x | provenance | |
|
|
| test.py:25:5:25:5 | y | test.py:26:10:26:10 | y | provenance | |
|
|
| test.py:25:9:25:20 | After normalize() | test.py:25:5:25:5 | y | provenance | |
|
|
| test.py:25:19:25:19 | x | test.py:12:15:12:15 | x | provenance | |
|
|
| test.py:25:19:25:19 | x | test.py:25:9:25:20 | After normalize() | provenance | Config |
|
|
| test.py:31:5:31:5 | x | test.py:33:14:33:14 | x | provenance | |
|
|
| test.py:31:9:31:16 | After source() | test.py:31:5:31:5 | x | provenance | |
|
|
| test.py:46:5:46:5 | x | test.py:48:23:48:23 | x | provenance | |
|
|
| test.py:46:9:46:16 | After source() | test.py:46:5:46:5 | x | provenance | |
|
|
| test.py:48:9:48:9 | y | test.py:49:14:49:14 | y | provenance | |
|
|
| test.py:48:13:48:24 | After normalize() | test.py:48:9:48:9 | y | provenance | |
|
|
| test.py:48:23:48:23 | x | test.py:12:15:12:15 | x | provenance | |
|
|
| test.py:48:23:48:23 | x | test.py:48:13:48:24 | After normalize() | provenance | Config |
|
|
nodes
|
|
| fastapi_path_injection.py:6:24:6:31 | filepath | semmle.label | filepath |
|
|
| fastapi_path_injection.py:7:19:7:26 | filepath | semmle.label | filepath |
|
|
| fastapi_path_injection.py:17:21:17:24 | path | semmle.label | path |
|
|
| fastapi_path_injection.py:20:34:20:37 | path | semmle.label | path |
|
|
| fastapi_path_injection.py:31:21:31:24 | path | semmle.label | path |
|
|
| fastapi_path_injection.py:32:34:32:37 | path | semmle.label | path |
|
|
| fastapi_path_injection.py:48:21:48:24 | path | semmle.label | path |
|
|
| fastapi_path_injection.py:49:45:49:48 | path | semmle.label | path |
|
|
| flask_path_injection.py:1:26:1:32 | After ImportMember | semmle.label | After ImportMember |
|
|
| flask_path_injection.py:1:26:1:32 | request | semmle.label | request |
|
|
| flask_path_injection.py:19:5:19:11 | dirname | semmle.label | dirname |
|
|
| flask_path_injection.py:19:15:19:21 | request | semmle.label | request |
|
|
| flask_path_injection.py:19:15:19:26 | After Attribute | semmle.label | After Attribute |
|
|
| flask_path_injection.py:19:15:19:45 | After Attribute() | semmle.label | After Attribute() |
|
|
| flask_path_injection.py:21:32:21:38 | dirname | semmle.label | dirname |
|
|
| path_injection.py:3:26:3:32 | After ImportMember | semmle.label | After ImportMember |
|
|
| path_injection.py:3:26:3:32 | request | semmle.label | request |
|
|
| path_injection.py:12:5:12:12 | filename | semmle.label | filename |
|
|
| path_injection.py:12:16:12:22 | request | semmle.label | request |
|
|
| path_injection.py:12:16:12:27 | After Attribute | semmle.label | After Attribute |
|
|
| path_injection.py:12:16:12:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:13:14:13:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:19:5:19:12 | filename | semmle.label | filename |
|
|
| path_injection.py:19:16:19:22 | request | semmle.label | request |
|
|
| path_injection.py:19:16:19:27 | After Attribute | semmle.label | After Attribute |
|
|
| path_injection.py:19:16:19:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:20:5:20:9 | npath | semmle.label | npath |
|
|
| path_injection.py:20:13:20:64 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:20:30:20:63 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:21:14:21:18 | npath | semmle.label | npath |
|
|
| path_injection.py:27:5:27:12 | filename | semmle.label | filename |
|
|
| path_injection.py:27:16:27:22 | request | semmle.label | request |
|
|
| path_injection.py:27:16:27:27 | After Attribute | semmle.label | After Attribute |
|
|
| path_injection.py:27:16:27:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:28:5:28:9 | npath | semmle.label | npath |
|
|
| path_injection.py:28:13:28:64 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:28:30:28:63 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:31:14:31:18 | npath | semmle.label | npath |
|
|
| path_injection.py:46:5:46:12 | filename | semmle.label | filename |
|
|
| path_injection.py:46:16:46:22 | request | semmle.label | request |
|
|
| path_injection.py:46:16:46:27 | After Attribute | semmle.label | After Attribute |
|
|
| path_injection.py:46:16:46:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:47:5:47:9 | npath | semmle.label | npath |
|
|
| path_injection.py:47:13:47:64 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:47:30:47:63 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:48:14:48:18 | npath | semmle.label | npath |
|
|
| path_injection.py:63:5:63:12 | filename | semmle.label | filename |
|
|
| path_injection.py:63:16:63:22 | request | semmle.label | request |
|
|
| path_injection.py:63:16:63:27 | After Attribute | semmle.label | After Attribute |
|
|
| path_injection.py:63:16:63:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:64:5:64:9 | npath | semmle.label | npath |
|
|
| path_injection.py:64:13:64:63 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:64:29:64:62 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:65:14:65:18 | npath | semmle.label | npath |
|
|
| path_injection.py:84:5:84:12 | filename | semmle.label | filename |
|
|
| path_injection.py:84:16:84:22 | request | semmle.label | request |
|
|
| path_injection.py:84:16:84:27 | After Attribute | semmle.label | After Attribute |
|
|
| path_injection.py:84:16:84:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:85:5:85:24 | possibly_unsafe_path | semmle.label | possibly_unsafe_path |
|
|
| path_injection.py:86:24:86:43 | possibly_unsafe_path | semmle.label | possibly_unsafe_path |
|
|
| path_injection.py:87:18:87:37 | possibly_unsafe_path | semmle.label | possibly_unsafe_path |
|
|
| path_injection.py:91:20:91:25 | foo_id | semmle.label | foo_id |
|
|
| path_injection.py:93:5:93:8 | path | semmle.label | path |
|
|
| path_injection.py:94:14:94:17 | path | semmle.label | path |
|
|
| path_injection.py:98:20:98:22 | foo | semmle.label | foo |
|
|
| path_injection.py:101:5:101:8 | path | semmle.label | path |
|
|
| path_injection.py:102:14:102:17 | path | semmle.label | path |
|
|
| path_injection.py:107:5:107:12 | filename | semmle.label | filename |
|
|
| path_injection.py:107:16:107:22 | request | semmle.label | request |
|
|
| path_injection.py:107:16:107:27 | After Attribute | semmle.label | After Attribute |
|
|
| path_injection.py:107:16:107:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:108:5:108:8 | path | semmle.label | path |
|
|
| path_injection.py:113:14:113:17 | path | semmle.label | path |
|
|
| path_injection.py:118:5:118:12 | filename | semmle.label | filename |
|
|
| path_injection.py:118:16:118:22 | request | semmle.label | request |
|
|
| path_injection.py:118:16:118:27 | After Attribute | semmle.label | After Attribute |
|
|
| path_injection.py:118:16:118:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:119:5:119:8 | path | semmle.label | path |
|
|
| path_injection.py:124:14:124:17 | path | semmle.label | path |
|
|
| path_injection.py:129:5:129:12 | filename | semmle.label | filename |
|
|
| path_injection.py:129:16:129:22 | request | semmle.label | request |
|
|
| path_injection.py:129:16:129:27 | After Attribute | semmle.label | After Attribute |
|
|
| path_injection.py:129:16:129:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:130:5:130:8 | path | semmle.label | path |
|
|
| path_injection.py:131:5:131:13 | sanitized | semmle.label | sanitized |
|
|
| path_injection.py:132:14:132:22 | sanitized | semmle.label | sanitized |
|
|
| path_injection.py:138:5:138:12 | filename | semmle.label | filename |
|
|
| path_injection.py:138:16:138:22 | request | semmle.label | request |
|
|
| path_injection.py:138:16:138:27 | After Attribute | semmle.label | After Attribute |
|
|
| path_injection.py:138:16:138:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:139:5:139:8 | path | semmle.label | path |
|
|
| path_injection.py:140:47:140:50 | path | semmle.label | path |
|
|
| path_injection.py:142:14:142:17 | path | semmle.label | path |
|
|
| path_injection.py:149:5:149:12 | filename | semmle.label | filename |
|
|
| path_injection.py:149:16:149:22 | request | semmle.label | request |
|
|
| path_injection.py:149:16:149:27 | After Attribute | semmle.label | After Attribute |
|
|
| path_injection.py:149:16:149:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| path_injection.py:151:9:151:12 | path | semmle.label | path |
|
|
| path_injection.py:152:18:152:21 | path | semmle.label | path |
|
|
| pathlib_use.py:3:26:3:32 | After ImportMember | semmle.label | After ImportMember |
|
|
| pathlib_use.py:3:26:3:32 | request | semmle.label | request |
|
|
| pathlib_use.py:12:5:12:12 | filename | semmle.label | filename |
|
|
| pathlib_use.py:12:16:12:22 | request | semmle.label | request |
|
|
| pathlib_use.py:12:16:12:27 | After Attribute | semmle.label | After Attribute |
|
|
| pathlib_use.py:12:16:12:47 | After Attribute() | semmle.label | After Attribute() |
|
|
| pathlib_use.py:13:5:13:5 | p | semmle.label | p |
|
|
| pathlib_use.py:14:5:14:5 | p | semmle.label | p |
|
|
| pathlib_use.py:16:5:16:6 | p2 | semmle.label | p2 |
|
|
| pathlib_use.py:17:5:17:6 | p2 | semmle.label | p2 |
|
|
| test.py:3:26:3:32 | After ImportMember | semmle.label | After ImportMember |
|
|
| test.py:3:26:3:32 | request | semmle.label | request |
|
|
| test.py:9:12:9:18 | request | semmle.label | request |
|
|
| test.py:9:12:9:23 | After Attribute | semmle.label | After Attribute |
|
|
| test.py:9:12:9:39 | After Attribute() | semmle.label | After Attribute() |
|
|
| test.py:12:15:12:15 | x | semmle.label | x |
|
|
| test.py:13:12:13:30 | After Attribute() | semmle.label | After Attribute() |
|
|
| test.py:13:29:13:29 | x | semmle.label | x |
|
|
| test.py:18:5:18:5 | x | semmle.label | x |
|
|
| test.py:18:9:18:16 | After source() | semmle.label | After source() |
|
|
| test.py:19:10:19:10 | x | semmle.label | x |
|
|
| test.py:24:5:24:5 | x | semmle.label | x |
|
|
| test.py:24:9:24:16 | After source() | semmle.label | After source() |
|
|
| test.py:25:5:25:5 | y | semmle.label | y |
|
|
| test.py:25:9:25:20 | After normalize() | semmle.label | After normalize() |
|
|
| test.py:25:19:25:19 | x | semmle.label | x |
|
|
| test.py:26:10:26:10 | y | semmle.label | y |
|
|
| test.py:31:5:31:5 | x | semmle.label | x |
|
|
| test.py:31:9:31:16 | After source() | semmle.label | After source() |
|
|
| test.py:33:14:33:14 | x | semmle.label | x |
|
|
| test.py:46:5:46:5 | x | semmle.label | x |
|
|
| test.py:46:9:46:16 | After source() | semmle.label | After source() |
|
|
| test.py:48:9:48:9 | y | semmle.label | y |
|
|
| test.py:48:13:48:24 | After normalize() | semmle.label | After normalize() |
|
|
| test.py:48:23:48:23 | x | semmle.label | x |
|
|
| test.py:49:14:49:14 | y | semmle.label | y |
|
|
subpaths
|
|
| test.py:25:19:25:19 | x | test.py:12:15:12:15 | x | test.py:13:12:13:30 | After Attribute() | test.py:25:9:25:20 | After normalize() |
|
|
| test.py:48:23:48:23 | x | test.py:12:15:12:15 | x | test.py:13:12:13:30 | After Attribute() | test.py:48:13:48:24 | After normalize() |
|
|
testFailures
|
|
| fastapi_path_injection.py:26:72:26:81 | Comment # $ Source | Missing result: Source |
|