mirror of
https://github.com/github/codeql.git
synced 2026-01-19 17:34:47 +01:00
19 lines
586 B
Plaintext
19 lines
586 B
Plaintext
import python
|
|
import semmle.python.dataflow.TaintTracking
|
|
import semmle.python.security.strings.Untrusted
|
|
import semmle.python.web.Http
|
|
import semmle.python.web.cherrypy.General
|
|
|
|
deprecated class CherryPyExposedFunctionResult extends HttpResponseTaintSink {
|
|
CherryPyExposedFunctionResult() {
|
|
exists(Return ret |
|
|
ret.getScope() instanceof CherryPyExposedFunction and
|
|
ret.getValue().getAFlowNode() = this
|
|
)
|
|
}
|
|
|
|
override predicate sinks(TaintKind kind) { kind instanceof StringKind }
|
|
|
|
override string toString() { result = "cherrypy handler function result" }
|
|
}
|