Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 12c4903

Browse files
RasmusWLRasmusWL
committed
Python: Modernise bottle library
1 parent 47a0942 commit 12c4903

7 files changed

Lines changed: 10 additions & 15 deletions

File tree

python/ql/src/semmle/python/web/bottle/General.qll

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,12 @@ import semmle.python.web.Http
33
import semmle.python.types.Extensions
44

55
/** The bottle module */
6-
ModuleObject theBottleModule() {
7-
result = ModuleObject::named("bottle")
6+
ModuleValue theBottleModule() {
7+
result = Module::named("bottle")
88
}
99

1010
/** The bottle.Bottle class */
11-
ClassObject theBottleClass() {
11+
ClassValue theBottleClass() {
1212
result = theBottleModule().attr("Bottle")
1313
}
1414

@@ -17,8 +17,8 @@ ClassObject theBottleClass() {
1717
*/
1818
predicate bottle_route(CallNode route_call, ControlFlowNode route, Function func) {
1919
exists(CallNode decorator_call, string name |
20-
route_call.getFunction().(AttrNode).getObject(name).refersTo(_, theBottleClass(), _) or
21-
route_call.getFunction().refersTo(theBottleModule().attr(name))
20+
route_call.getFunction().(AttrNode).getObject(name).pointsTo().getClass() = theBottleClass() or
21+
route_call.getFunction().pointsTo(theBottleModule().attr(name))
2222
|
2323
(name = "route" or name = httpVerbLower()) and
2424
decorator_call.getFunction() = route_call and

python/ql/src/semmle/python/web/bottle/Redirect.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ import semmle.python.security.TaintTracking
88
import semmle.python.security.strings.Basic
99
import semmle.python.web.bottle.General
1010

11-
FunctionObject bottle_redirect() {
11+
FunctionValue bottle_redirect() {
1212
result = theBottleModule().attr("redirect")
1313
}
1414

python/ql/src/semmle/python/web/bottle/Request.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ import semmle.python.security.strings.Untrusted
66
import semmle.python.web.Http
77
import semmle.python.web.bottle.General
88

9-
private Object theBottleRequestObject() {
9+
private Value theBottleRequestObject() {
1010
result = theBottleModule().attr("request")
1111
}
1212

@@ -32,7 +32,7 @@ class BottleRequestKind extends TaintKind {
3232
private class RequestSource extends TaintSource {
3333

3434
RequestSource() {
35-
this.(ControlFlowNode).refersTo(theBottleRequestObject())
35+
this.(ControlFlowNode).pointsTo(theBottleRequestObject())
3636
}
3737

3838
override predicate isSourceOf(TaintKind kind) {

python/ql/src/semmle/python/web/bottle/Response.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ class BottleResponse extends TaintKind {
1818

1919
}
2020

21-
private Object theBottleResponseObject() {
21+
private Value theBottleResponseObject() {
2222
result = theBottleModule().attr("response")
2323
}
2424

@@ -27,7 +27,7 @@ class BottleResponseBodyAssignment extends HttpResponseTaintSink {
2727
BottleResponseBodyAssignment() {
2828
exists(DefinitionNode lhs |
2929
lhs.getValue() = this and
30-
lhs.(AttrNode).getObject("body").refersTo(theBottleResponseObject())
30+
lhs.(AttrNode).getObject("body").pointsTo(theBottleResponseObject())
3131
)
3232
}
3333

python/ql/test/library-tests/web/bottle/Sources.expected

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,5 @@
11
| ../../../query-tests/Security/lib/bottle.py:64 | LocalRequest() | bottle.request |
2-
| ../../../query-tests/Security/lib/bottle.py:64 | request | bottle.request |
32
| test.py:3 | ImportMember | bottle.request |
4-
| test.py:3 | request | bottle.request |
53
| test.py:8 | name | externally controlled string |
64
| test.py:12 | name | externally controlled string |
75
| test.py:18 | request | bottle.request |

python/ql/test/library-tests/web/bottle/Taint.expected

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
| ../../../query-tests/Security/lib/bottle.py:64 | LocalRequest() | bottle.request |
2-
| ../../../query-tests/Security/lib/bottle.py:64 | request | bottle.request |
32
| ../../../query-tests/Security/lib/bottle.py:68 | url | externally controlled string |
43
| test.py:3 | ImportMember | bottle.request |
5-
| test.py:3 | request | bottle.request |
64
| test.py:8 | name | externally controlled string |
75
| test.py:9 | BinaryExpr | externally controlled string |
86
| test.py:9 | name | externally controlled string |

python/ql/test/query-tests/Security/lib/bottle.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,4 +67,3 @@ class LocalResponse(LocalProxy):
6767

6868
def redirect(url, code=None):
6969
pass
70-

0 commit comments

Comments
 (0)