mirror of
https://github.com/github/codeql.git
synced 2025-12-21 19:26:31 +01:00
43688715f5
Just a port of the old tests, except for the fact that I learned `cgi.FieldStorage()` _should_ be tainted when not specifying any arguments. (and moved taint-test to own function) Also clarified how imports of all the .*HTTPRequestHandler works in Python2
10 lines
308 B
Plaintext
10 lines
308 B
Plaintext
import experimental.dataflow.tainttracking.TestTaintLib
|
|
import semmle.python.dataflow.new.RemoteFlowSources
|
|
|
|
class WithRemoteFlowSources extends TestTaintTrackingConfiguration {
|
|
override predicate isSource(DataFlow::Node source) {
|
|
super.isSource(source) or
|
|
source instanceof RemoteFlowSource
|
|
}
|
|
}
|