зеркало из https://github.com/github/codeql.git
Python: Add flask tests from internal repo
This commit is contained in:
Родитель
ec79bfacf8
Коммит
edfcf39137
|
@ -0,0 +1,4 @@
|
|||
| / | Function hello |
|
||||
| /dangerous | Function dangerous |
|
||||
| /dangerous-with-cfg-split | Function dangerous2 |
|
||||
| /the/ | Function get |
|
|
@ -0,0 +1,9 @@
|
|||
import python
|
||||
|
||||
import semmle.python.web.flask.General
|
||||
|
||||
from ControlFlowNode regex, Function func
|
||||
|
||||
where flask_routing(regex, func)
|
||||
|
||||
select regex.getNode().(StrConst).getText(), func.toString()
|
|
@ -0,0 +1,4 @@
|
|||
| test.py:8 | Str | externally controlled string |
|
||||
| test.py:29 | Attribute() | externally controlled string |
|
||||
| test.py:35 | Subscript | externally controlled string |
|
||||
| test.py:36 | None | externally controlled string |
|
|
@ -0,0 +1,10 @@
|
|||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from TaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select sink.getLocation().toString(), sink.(ControlFlowNode).getNode().toString(), kind
|
|
@ -0,0 +1,4 @@
|
|||
| test.py:22 | Attribute() | flask/MyView.as.view |
|
||||
| test.py:29 | Attribute | {externally controlled string} |
|
||||
| test.py:33 | Attribute | {externally controlled string} |
|
||||
| test.py:35 | Attribute | {externally controlled string} |
|
|
@ -0,0 +1,11 @@
|
|||
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintSource src, TaintKind kind
|
||||
where src.isSourceOf(kind)
|
||||
select src.getLocation().toString(), src.(ControlFlowNode).getNode().toString(), kind
|
|
@ -0,0 +1,8 @@
|
|||
| test.py:22 | Attribute() | flask/MyView.as.view |
|
||||
| test.py:25 | the_view | flask/MyView.as.view |
|
||||
| test.py:29 | Attribute | {externally controlled string} |
|
||||
| test.py:29 | Attribute() | externally controlled string |
|
||||
| test.py:33 | Attribute | {externally controlled string} |
|
||||
| test.py:33 | Subscript | externally controlled string |
|
||||
| test.py:35 | Attribute | {externally controlled string} |
|
||||
| test.py:35 | Subscript | externally controlled string |
|
|
@ -0,0 +1,12 @@
|
|||
|
||||
import python
|
||||
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintedNode node
|
||||
where node.getLocation().getFile().getName().matches("%test.py")
|
||||
select node.getLocation().toString(), node.getAstNode().toString(), node.getTaintKind()
|
|
@ -0,0 +1,2 @@
|
|||
semmle-extractor-options: --max-import-depth=3 --lang=3 -p ../../../query-tests/Security/lib/
|
||||
optimize: true
|
|
@ -0,0 +1,36 @@
|
|||
import flask
|
||||
|
||||
from flask import Flask, request
|
||||
app = Flask(__name__)
|
||||
|
||||
@app.route("/")
|
||||
def hello():
|
||||
return "Hello World!"
|
||||
|
||||
from flask.views import MethodView
|
||||
|
||||
class MyView(MethodView):
|
||||
|
||||
def get(self, user_id):
|
||||
if user_id is None:
|
||||
# return a list of users
|
||||
pass
|
||||
else:
|
||||
# expose a single user
|
||||
pass
|
||||
|
||||
the_view = MyView.as_view('my_view')
|
||||
|
||||
app.add_url_rule('/the/', defaults={'user_id': None},
|
||||
view_func=the_view, methods=['GET',])
|
||||
|
||||
@app.route("/dangerous")
|
||||
def dangerous():
|
||||
return request.args.get('payload')
|
||||
|
||||
@app.route("/dangerous-with-cfg-split")
|
||||
def dangerous2():
|
||||
x = request.form['param0']
|
||||
if request.method == "POST":
|
||||
return request.form['param1']
|
||||
return None
|
Загрузка…
Ссылка в новой задаче