зеркало из https://github.com/github/codeql.git
Python: Remove duplicated SSTI tests
Besides the Cheetah tests, which were missing from the query tests.
This commit is contained in:
Rasmus Wriedt Larsen
Родитель
33f8998c2e
Коммит
38577e6a5c
|
|
@ -0,0 +1,22 @@
|
|||
from flask import Flask, request
|
||||
from Cheetah.Template import Template
|
||||
|
||||
|
||||
app = Flask(__name__)
|
||||
|
||||
|
||||
@app.route('/other')
|
||||
def a():
|
||||
template = request.args.get('template')
|
||||
return Template(template)
|
||||
|
||||
|
||||
class Template3(Template):
|
||||
title = 'Hello World Example!'
|
||||
contents = 'Hello World!'
|
||||
|
||||
|
||||
@app.route('/other2')
|
||||
def b():
|
||||
template = request.args.get('template')
|
||||
t3 = Template3(template)
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
from bottle import Bottle, route, request, redirect, response
|
||||
import airspeed
|
||||
|
||||
|
||||
app = Bottle()
|
||||
|
||||
|
||||
@route('/other')
|
||||
def a():
|
||||
return airspeed.Template("sink")
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
WARNING: Type SSTISink has been deprecated and may be removed in future (AirspeedSSTISinks.ql:4,6-14)
|
||||
| Airspeed.py:10:30:10:35 | argument to airspeed.Template() |
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
import python
|
||||
import experimental.semmle.python.templates.Airspeed
|
||||
|
||||
from SSTISink s
|
||||
select s
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
from bottle import Bottle, route, request, redirect, response, SimpleTemplate
|
||||
from bottle import template as temp
|
||||
|
||||
|
||||
app = Bottle()
|
||||
|
||||
|
||||
@route('/other')
|
||||
def a():
|
||||
template = "test"
|
||||
tpl = SimpleTemplate(template)
|
||||
|
||||
|
||||
@route('/other2')
|
||||
def b():
|
||||
template = "test"
|
||||
return temp(template, name='World')
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
WARNING: Type SSTISink has been deprecated and may be removed in future (BottleSSTISinks.ql:4,6-14)
|
||||
| Bottle.py:11:26:11:33 | argument to bottle.SimpleTemplate() |
|
||||
| Bottle.py:17:17:17:24 | argument to bottle.template() |
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
import python
|
||||
import experimental.semmle.python.templates.Bottle
|
||||
|
||||
from SSTISink s
|
||||
select s
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
from chameleon import PageTemplate
|
||||
|
||||
|
||||
def chameleon():
|
||||
template = PageTemplate("sink")
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
WARNING: Type SSTISink has been deprecated and may be removed in future (ChameleonSSTISinks.ql:4,6-14)
|
||||
| Chameleon.py:5:29:5:34 | argument to Chameleon.PageTemplate() |
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
import python
|
||||
import experimental.semmle.python.templates.Chameleon
|
||||
|
||||
from SSTISink s
|
||||
select s
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
WARNING: Type SSTISink has been deprecated and may be removed in future (CheetahSSTISinks.ql:4,6-14)
|
||||
| CheetahSinks.py:10:21:10:26 | argument to Cheetah.Template.Template() |
|
||||
| CheetahSinks.py:20:20:20:25 | argument to Cheetah.Template.Template() |
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
import python
|
||||
import experimental.semmle.python.templates.Cheetah
|
||||
|
||||
from SSTISink s
|
||||
select s
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
from bottle import Bottle, route, request, redirect, response, SimpleTemplate
|
||||
from Cheetah.Template import Template
|
||||
|
||||
|
||||
app = Bottle()
|
||||
|
||||
|
||||
@route('/other')
|
||||
def a():
|
||||
return Template("sink")
|
||||
|
||||
|
||||
class Template3(Template):
|
||||
title = 'Hello World Example!'
|
||||
contents = 'Hello World!'
|
||||
|
||||
|
||||
@route('/other2')
|
||||
def b():
|
||||
t3 = Template3("sink")
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
WARNING: Type SSTISink has been deprecated and may be removed in future (ChevronSSTISinks.ql:4,6-14)
|
||||
| ChevronSinks.py:10:27:10:32 | argument to chevron.render() |
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
import python
|
||||
import experimental.semmle.python.templates.Chevron
|
||||
|
||||
from SSTISink s
|
||||
select s
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
from bottle import Bottle, route, request, redirect, response, SimpleTemplate
|
||||
import chevron
|
||||
|
||||
|
||||
app = Bottle()
|
||||
|
||||
|
||||
@route('/other')
|
||||
def a():
|
||||
return chevron.render("sink", {"key": "value"})
|
||||
|
||||
|
||||
@route('/other2')
|
||||
def b():
|
||||
sink = {
|
||||
'template': "template",
|
||||
|
||||
'data': {
|
||||
'key': 'value'
|
||||
}
|
||||
}
|
||||
return chevron.render(**sink)
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
WARNING: Type SSTISink has been deprecated and may be removed in future (DjangoSSTISinks.ql:4,6-14)
|
||||
| DjangoTemplates.py:9:18:9:25 | argument to Django.template() |
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
import python
|
||||
import experimental.semmle.python.templates.DjangoTemplate
|
||||
|
||||
from SSTISink s
|
||||
select s
|
||||
|
|
@ -1,39 +0,0 @@
|
|||
from django.urls import path
|
||||
from django.http import HttpResponse
|
||||
from django.template import Template, Context, Engine, engines
|
||||
|
||||
|
||||
def dj(request):
|
||||
# Load the template
|
||||
template = request.GET['template']
|
||||
t = Template(template)
|
||||
ctx = Context(locals())
|
||||
html = t.render(ctx)
|
||||
return HttpResponse(html)
|
||||
|
||||
|
||||
def djEngine(request):
|
||||
# Load the template
|
||||
template = request.GET['template']
|
||||
|
||||
django_engine = engines['django']
|
||||
t = django_engine.from_string(template)
|
||||
ctx = Context(locals())
|
||||
html = t.render(ctx)
|
||||
return HttpResponse(html)
|
||||
|
||||
|
||||
def djEngineJinja(request):
|
||||
# Load the template
|
||||
template = request.GET['template']
|
||||
|
||||
django_engine = engines['jinja']
|
||||
t = django_engine.from_string(template)
|
||||
ctx = Context(locals())
|
||||
html = t.render(ctx)
|
||||
return HttpResponse(html)
|
||||
|
||||
|
||||
urlpatterns = [
|
||||
path('', dj)
|
||||
]
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
|
||||
|
||||
def genshi1():
|
||||
from genshi.template import MarkupTemplate
|
||||
tmpl = MarkupTemplate('sink')
|
||||
|
||||
|
||||
def genshi2():
|
||||
from genshi.template import TextTemplate
|
||||
tmpl = TextTemplate('sink')
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
WARNING: Type SSTISink has been deprecated and may be removed in future (GenshiSSTISinks.ql:4,6-14)
|
||||
| Genshi.py:5:27:5:32 | argument to genshi.template.MarkupTemplate() |
|
||||
| Genshi.py:10:25:10:30 | argument to genshi.template.TextTemplate() |
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
import python
|
||||
import experimental.semmle.python.templates.Genshi
|
||||
|
||||
from SSTISink s
|
||||
select s
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
from jinja2 import Template as Jinja2_Template
|
||||
from jinja2 import Environment, DictLoader, escape
|
||||
|
||||
|
||||
def jinja():
|
||||
t = Jinja2_Template("sink")
|
||||
|
||||
|
||||
def jinja2():
|
||||
random = "esdad" + "asdad"
|
||||
t = Jinja2_Template(random)
|
||||
|
||||
|
||||
def jinja3():
|
||||
random = 1234
|
||||
t = Jinja2_Template("sink"+random)
|
||||
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
WARNING: Type SSTISink has been deprecated and may be removed in future (JinjaSSTISinks.ql:4,6-14)
|
||||
| Jinja2Templates.py:6:25:6:30 | argument to jinja2.Template() |
|
||||
| Jinja2Templates.py:11:25:11:30 | argument to jinja2.Template() |
|
||||
| Jinja2Templates.py:16:25:16:37 | argument to jinja2.Template() |
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
import python
|
||||
import experimental.semmle.python.templates.Jinja
|
||||
|
||||
from SSTISink s
|
||||
select s
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
|
||||
|
||||
def mako():
|
||||
from mako.template import Template
|
||||
mytemplate = Template("sink")
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
WARNING: Type SSTISink has been deprecated and may be removed in future (MakoSSTISinks.ql:4,6-14)
|
||||
| Mako.py:5:27:5:32 | argument to mako.template.Template() |
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
import python
|
||||
import experimental.semmle.python.templates.Mako
|
||||
|
||||
from SSTISink s
|
||||
select s
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
|
||||
|
||||
def trender():
|
||||
from trender import TRender
|
||||
template = '@greet world!'
|
||||
compiled = TRender(template)
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
WARNING: Type SSTISink has been deprecated and may be removed in future (TRenderSSTISinks.ql:4,6-14)
|
||||
| TRender.py:6:24:6:31 | argument to trender.TRender() |
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
import python
|
||||
import experimental.semmle.python.templates.TRender
|
||||
|
||||
from SSTISink s
|
||||
select s
|
||||
|
|
@ -1 +0,0 @@
|
|||
semmle-extractor-options: --lang=3 --max-import-depth=3 -p ../../../../../query-tests/Security/lib/
|
||||
Загрузка…
Ссылка в новой задаче