codeql/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md at 6664a3814a2879ecf2b9ec17f71eed42a35413a0 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00

Files

Dave Bartolomeo a62f181d42 Move new change notes to appropriate packs

2021-12-14 12:05:15 -05:00

270 B

Raw Blame History

category, tags

category

tags

minorAnalysis

lgtm

codescanning

Extended the modeling of FastAPI such that fastapi.responses.FileResponse are considered FileSystemAccess, making them sinks for the Uncontrolled data used in path expression (py/path-injection) query.