mirror of
https://github.com/github/codeql.git
synced 2025-12-26 21:56:39 +01:00
43 lines
1.2 KiB
Plaintext
43 lines
1.2 KiB
Plaintext
/**
|
|
* Provides classes modeling security-relevant aspects of the `sanic` PyPI package.
|
|
* See https://sanic.dev/.
|
|
*/
|
|
|
|
private import python
|
|
private import semmle.python.dataflow.new.DataFlow
|
|
private import semmle.python.dataflow.new.RemoteFlowSources
|
|
private import semmle.python.dataflow.new.TaintTracking
|
|
private import semmle.python.Concepts
|
|
private import semmle.python.ApiGraphs
|
|
|
|
/**
|
|
* Provides models for the `sanic` PyPI package.
|
|
* See https://sanic.dev/.
|
|
*/
|
|
private module Sanic {
|
|
/**
|
|
* Provides models for Sanic applications (an instance of `sanic.Sanic`).
|
|
*/
|
|
module App {
|
|
/** Gets a reference to a Sanic application (an instance of `sanic.Sanic`). */
|
|
API::Node instance() { result = API::moduleImport("sanic").getMember("Sanic").getReturn() }
|
|
}
|
|
|
|
/**
|
|
* A call to the `file` or `file_stream` functions of `sanic.response` as a sink for Filesystem access.
|
|
*/
|
|
class FileResponseCall extends FileSystemAccess::Range, API::CallNode {
|
|
FileResponseCall() {
|
|
this =
|
|
API::moduleImport("sanic")
|
|
.getMember("response")
|
|
.getMember(["file", "file_stream"])
|
|
.getACall()
|
|
}
|
|
|
|
override DataFlow::Node getAPathArgument() {
|
|
result = this.getParameter(0, "location").asSink()
|
|
}
|
|
}
|
|
}
|