hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
68f526da1f219fbca14fd7ea522e782cd5f260b4
codeql/python/ql
History
Rasmus Wriedt Larsen 498703fc81 Python: Escaping only valid with both input/output defined 
Problematic part is

```codeql
  /** A escape from string format with `markupsafe.Markup` as the format string. */
  private class MarkupEscapeFromStringFormat extends MarkupSafeEscape, Markup::StringFormat {
    override DataFlow::Node getAnInput() {
      result in [this.getArg(_), this.getArgByName(_)] and
      not result = Markup::instance()
    }

    override DataFlow::Node getOutput() { result = this }
  }
```

since the char-pred still holds even if `getAnInput` has no results...

I will say that doing it this way feels kinda dirty, and we _could_ fix
this by including the logic in `getAnInput` in the char-pred as well.
But as I see it, that would just lead to a lot of code duplication,
which isn't very nice.
2021-06-16 19:09:00 +02:00
..
examples
Add qlpack.yml files for example queries
2020-07-29 16:57:04 +02:00
src
Python: Escaping only valid with both input/output defined
2021-06-16 19:09:00 +02:00
test
Python: Escaping only valid with both input/output defined
2021-06-16 19:09:00 +02:00