Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 002190f

Browse files
RasmusWLRasmusWL
committed
Python: Autoformat flask library
1 parent a9d43a2 commit 002190f

4 files changed

Lines changed: 50 additions & 116 deletions

File tree

python/ql/src/semmle/python/web/flask/General.qll

Lines changed: 16 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -2,20 +2,15 @@ import python
22
import semmle.python.web.Http
33

44
/** The flask app class */
5-
ClassValue theFlaskClass() {
6-
result = Value::named("flask.Flask")
7-
}
5+
ClassValue theFlaskClass() { result = Value::named("flask.Flask") }
86

97
/** The flask MethodView class */
10-
ClassValue theFlaskMethodViewClass() {
11-
result = Value::named("flask.views.MethodView")
12-
}
8+
ClassValue theFlaskMethodViewClass() { result = Value::named("flask.views.MethodView") }
139

14-
ClassValue theFlaskReponseClass() {
15-
result = Value::named("flask.Response")
16-
}
10+
ClassValue theFlaskReponseClass() { result = Value::named("flask.Response") }
1711

18-
/** Holds if `route` is routed to `func`
12+
/**
13+
* Holds if `route` is routed to `func`
1914
* by decorating `func` with `app.route(route)`
2015
*/
2116
predicate app_route(ControlFlowNode route, Function func) {
@@ -31,29 +26,28 @@ predicate app_route(ControlFlowNode route, Function func) {
3126
private predicate add_url_rule_call(ControlFlowNode regex, ControlFlowNode callable) {
3227
exists(CallNode call |
3328
call.getFunction().(AttrNode).getObject("add_url_rule").pointsTo().getClass() = theFlaskClass() and
34-
regex = call.getArg(0) |
29+
regex = call.getArg(0)
30+
|
3531
callable = call.getArg(2) or
3632
callable = call.getArgByName("view_func")
3733
)
3834
}
3935

4036
/** Holds if urls matching `regex` are routed to `func` */
4137
predicate add_url_rule(ControlFlowNode regex, Function func) {
42-
exists(ControlFlowNode callable |
43-
add_url_rule_call(regex, callable)
44-
|
38+
exists(ControlFlowNode callable | add_url_rule_call(regex, callable) |
4539
exists(PythonFunctionValue f | f.getScope() = func and callable.pointsTo(f))
4640
or
4741
/* MethodView.as_view() */
48-
exists(MethodViewClass view_cls |
49-
view_cls.asTaint().taints(callable) |
42+
exists(MethodViewClass view_cls | view_cls.asTaint().taints(callable) |
5043
func = view_cls.lookup(httpVerbLower()).(FunctionValue).getScope()
5144
)
5245
/* TODO: -- Handle Views that aren't MethodViews */
5346
)
5447
}
5548

56-
/** Holds if urls matching `regex` are routed to `func` using
49+
/**
50+
* Holds if urls matching `regex` are routed to `func` using
5751
* any of flask's routing mechanisms.
5852
*/
5953
predicate flask_routing(ControlFlowNode regex, Function func) {
@@ -64,55 +58,39 @@ predicate flask_routing(ControlFlowNode regex, Function func) {
6458

6559
/** A class that extends flask.views.MethodView */
6660
private class MethodViewClass extends ClassValue {
67-
68-
MethodViewClass() {
69-
this.getASuperType() = theFlaskMethodViewClass()
70-
}
61+
MethodViewClass() { this.getASuperType() = theFlaskMethodViewClass() }
7162

7263
/* As we are restricted to strings for taint kinds, we need to map these classes to strings. */
73-
string taintString() {
74-
result = "flask/" + this.getQualifiedName() + ".as.view"
75-
}
64+
string taintString() { result = "flask/" + this.getQualifiedName() + ".as.view" }
7665

7766
/* As we are restricted to strings for taint kinds, we need to map these classes to strings. */
78-
TaintKind asTaint() {
79-
result = this.taintString()
80-
}
67+
TaintKind asTaint() { result = this.taintString() }
8168
}
8269

8370
private class MethodViewTaint extends TaintKind {
84-
85-
MethodViewTaint() {
86-
any(MethodViewClass cls).taintString() = this
87-
}
71+
MethodViewTaint() { any(MethodViewClass cls).taintString() = this }
8872
}
8973

9074
/** A source of method view "taint"s. */
9175
private class AsView extends TaintSource {
92-
9376
AsView() {
9477
exists(ClassValue view_class |
9578
view_class.getASuperType() = theFlaskMethodViewClass() and
9679
this.(CallNode).getFunction().(AttrNode).getObject("as_view").pointsTo(view_class)
9780
)
9881
}
9982

100-
override string toString() {
101-
result = "flask.MethodView.as_view()"
102-
}
83+
override string toString() { result = "flask.MethodView.as_view()" }
10384

10485
override predicate isSourceOf(TaintKind kind) {
10586
exists(MethodViewClass view_class |
10687
kind = view_class.asTaint() and
10788
this.(CallNode).getFunction().(AttrNode).getObject("as_view").pointsTo(view_class)
10889
)
10990
}
110-
11191
}
11292

113-
11493
class FlaskCookieSet extends CookieSet, CallNode {
115-
11694
FlaskCookieSet() {
11795
this.getFunction().(AttrNode).getObject("set_cookie").pointsTo().getClass() = theFlaskReponseClass()
11896
}
@@ -122,6 +100,4 @@ class FlaskCookieSet extends CookieSet, CallNode {
122100
override ControlFlowNode getKey() { result = this.getArg(0) }
123101

124102
override ControlFlowNode getValue() { result = this.getArg(1) }
125-
126-
127103
}

python/ql/src/semmle/python/web/flask/Redirect.qll

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,26 @@
1-
/** Provides class representing the `flask.redirect` function.
1+
/**
2+
* Provides class representing the `flask.redirect` function.
23
* This module is intended to be imported into a taint-tracking query
34
* to extend `TaintSink`.
45
*/
5-
import python
66

7+
import python
78
import semmle.python.security.TaintTracking
89
import semmle.python.security.strings.Basic
910
import semmle.python.web.flask.General
1011

11-
FunctionValue flask_redirect() {
12-
result = Value::named("flask.redirect")
13-
}
12+
FunctionValue flask_redirect() { result = Value::named("flask.redirect") }
1413

1514
/**
1615
* Represents an argument to the `flask.redirect` function.
1716
*/
1817
class FlaskRedirect extends HttpRedirectTaintSink {
19-
20-
override string toString() {
21-
result = "flask.redirect"
22-
}
18+
override string toString() { result = "flask.redirect" }
2319

2420
FlaskRedirect() {
2521
exists(CallNode call |
2622
flask_redirect().getACall() = call and
2723
this = call.getAnArg()
2824
)
2925
}
30-
3126
}

python/ql/src/semmle/python/web/flask/Request.qll

Lines changed: 20 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,9 @@
11
import python
2-
32
import semmle.python.security.TaintTracking
43
import semmle.python.web.Http
54
import semmle.python.web.flask.General
65

7-
private Value theFlaskRequestObject() {
8-
result = Value::named("flask.request")
9-
10-
}
6+
private Value theFlaskRequestObject() { result = Value::named("flask.request") }
117

128
/** Holds if `attr` is an access of attribute `name` of the flask request object */
139
private predicate flask_request_attr(AttrNode attr, string name) {
@@ -17,63 +13,44 @@ private predicate flask_request_attr(AttrNode attr, string name) {
1713

1814
/** Source of external data from a flask request */
1915
class FlaskRequestData extends HttpRequestTaintSource {
20-
2116
FlaskRequestData() {
2217
not this instanceof FlaskRequestArgs and
23-
exists(string name |
24-
flask_request_attr(this, name) |
25-
name = "path" or name = "full_path" or
26-
name = "base_url" or name = "url"
18+
exists(string name | flask_request_attr(this, name) |
19+
name = "path" or
20+
name = "full_path" or
21+
name = "base_url" or
22+
name = "url"
2723
)
2824
}
2925

30-
override predicate isSourceOf(TaintKind kind) {
31-
kind instanceof ExternalStringKind
32-
}
33-
34-
override string toString() {
35-
result = "flask.request"
36-
}
26+
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind }
3727

28+
override string toString() { result = "flask.request" }
3829
}
3930

4031
/** Source of dictionary whose values are externally controlled */
4132
class FlaskRequestArgs extends HttpRequestTaintSource {
42-
4333
FlaskRequestArgs() {
44-
exists(string attr |
45-
flask_request_attr(this, attr) |
46-
attr = "args" or attr = "form" or
47-
attr = "values" or attr = "files" or
48-
attr = "headers" or attr = "json"
34+
exists(string attr | flask_request_attr(this, attr) |
35+
attr = "args" or
36+
attr = "form" or
37+
attr = "values" or
38+
attr = "files" or
39+
attr = "headers" or
40+
attr = "json"
4941
)
5042
}
5143

52-
override predicate isSourceOf(TaintKind kind) {
53-
kind instanceof ExternalStringDictKind
54-
}
55-
56-
override string toString() {
57-
result = "flask.request.args"
58-
}
44+
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringDictKind }
5945

46+
override string toString() { result = "flask.request.args" }
6047
}
6148

62-
6349
/** Source of dictionary whose values are externally controlled */
6450
class FlaskRequestJson extends TaintSource {
51+
FlaskRequestJson() { flask_request_attr(this, "json") }
6552

66-
FlaskRequestJson() {
67-
flask_request_attr(this, "json")
68-
}
69-
70-
override predicate isSourceOf(TaintKind kind) {
71-
kind instanceof ExternalJsonKind
72-
}
73-
74-
override string toString() {
75-
result = "flask.request.json"
76-
}
53+
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalJsonKind }
7754

55+
override string toString() { result = "flask.request.json" }
7856
}
79-

python/ql/src/semmle/python/web/flask/Response.qll

Lines changed: 9 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,48 +1,34 @@
11
import python
2-
3-
42
import semmle.python.security.TaintTracking
53
import semmle.python.security.strings.Basic
6-
74
import semmle.python.web.flask.General
85

9-
/** A flask response, which is vulnerable to any sort of
10-
* http response malice. */
6+
/**
7+
* A flask response, which is vulnerable to any sort of
8+
* http response malice.
9+
*/
1110
class FlaskRoutedResponse extends HttpResponseTaintSink {
12-
1311
FlaskRoutedResponse() {
1412
exists(PyFunctionObject response |
1513
flask_routing(_, response.getFunction()) and
1614
this = response.getAReturnedNode()
1715
)
1816
}
1917

20-
override predicate sinks(TaintKind kind) {
21-
kind instanceof StringKind
22-
}
23-
24-
override string toString() {
25-
result = "flask.routed.response"
26-
}
18+
override predicate sinks(TaintKind kind) { kind instanceof StringKind }
2719

20+
override string toString() { result = "flask.routed.response" }
2821
}
2922

30-
3123
class FlaskResponseArgument extends HttpResponseTaintSink {
32-
3324
FlaskResponseArgument() {
3425
exists(CallNode call |
3526
call.getFunction().pointsTo(theFlaskReponseClass()) and
3627
call.getArg(0) = this
3728
)
3829
}
3930

40-
override predicate sinks(TaintKind kind) {
41-
kind instanceof StringKind
42-
}
43-
44-
override string toString() {
45-
result = "flask.response.argument"
46-
}
31+
override predicate sinks(TaintKind kind) { kind instanceof StringKind }
4732

48-
}
33+
override string toString() { result = "flask.response.argument" }
34+
}

0 commit comments

Comments
 (0)