Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 1db7865

Browse files
KwstubbsKwstubbs
committed
Corrections
1 parent 8bf8893 commit 1db7865

5 files changed

Lines changed: 60 additions & 30 deletions

File tree

python/ql/lib/semmle/python/Concepts.qll

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1425,11 +1425,14 @@ module Http {
14251425
string middleware_name() { result = super.middleware_name() }
14261426

14271427
/**
1428-
* Gets the boolean value corresponding to if CORS credentials is enabled
1429-
* (`true`) or disabled (`false`) by this node.
1428+
* Gets the dataflow node corresponding to the allowed CORS origins
14301429
*/
14311430
DataFlow::Node allowed_origins() { result = super.allowed_origins() }
14321431

1432+
/**
1433+
* Gets the boolean value corresponding to if CORS credentials is enabled
1434+
* (`true`) or disabled (`false`) by this node.
1435+
*/
14331436
DataFlow::Node allowed_credentials() { result = super.allowed_credentials() }
14341437
}
14351438

python/ql/lib/semmle/python/frameworks/FastApi.qll

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,16 +43,30 @@ module FastApi {
4343
* A call to `app.add_middleware` adding CORSMiddleware.
4444
*/
4545
class AddCorsMiddlewareCall extends Http::Server::CorsMiddleware::Range, AddMiddlewareCall {
46+
/**
47+
* Gets the string corresponding to the middleware
48+
*/
4649
override string middleware_name() { result = this.getArg(0).asExpr().(Name).toString() }
4750

51+
/**
52+
* Gets the dataflow node corresponding to the allowed CORS origins
53+
*/
4854
override DataFlow::Node allowed_origins() { result = this.getArgByName("allow_origins") }
49-
55+
/**
56+
* Gets the boolean value corresponding to if CORS credentials is enabled
57+
* (`true`) or disabled (`false`) by this node.
58+
*/
5059
override DataFlow::Node allowed_credentials() {
5160
result = this.getArgByName("allow_credentials")
5261
}
53-
62+
/**
63+
* Gets the dataflow node corresponding to the allowed CORS methods
64+
*/
5465
DataFlow::Node allowed_methods() { result = this.getArgByName("allow_methods") }
5566

67+
/**
68+
* Gets the dataflow node corresponding to the allowed CORS headers
69+
*/
5670
DataFlow::Node allowed_headers() { result = this.getArgByName("allow_headers") }
5771
}
5872

python/ql/lib/semmle/python/frameworks/Starlette.qll

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,12 +28,13 @@ module Starlette {
2828
/**
2929
* Provides models for the `starlette.app` class
3030
*
31-
* See https://www.starlette.io/websockets/.
31+
*
3232
*/
3333
module App {
34+
/** Gets import of `starlette.app`. */
3435
API::Node cls() { result = API::moduleImport("starlette").getMember("app") }
3536

36-
/** Gets a reference to a FastAPI application (an instance of `fastapi.FastAPI`). */
37+
/** Gets a reference to a Starlette application (an instance of `starlette.app`). */
3738
API::Node instance() { result = cls().getReturn() }
3839
}
3940

@@ -52,16 +53,25 @@ module Starlette {
5253
* A call to any of the execute methods on a `app.add_middleware` with CORSMiddleware.
5354
*/
5455
class AddCorsMiddlewareCall extends AddMiddlewareCall, Http::Server::CorsMiddleware::Range {
56+
57+
/**
58+
* Gets the string corresponding to the middleware
59+
*/
5560
override string middleware_name() { result = this.getArg(0).asExpr().(Name).toString() }
5661

5762
override DataFlow::Node allowed_origins() { result = this.getArgByName("allow_origins") }
5863

5964
override DataFlow::Node allowed_credentials() {
6065
result = this.getArgByName("allow_credentials")
6166
}
62-
67+
/**
68+
* Gets the dataflow node corresponding to the allowed CORS methods
69+
*/
6370
DataFlow::Node allowed_methods() { result = this.getArgByName("allow_methods") }
6471

72+
/**
73+
* Gets the dataflow node corresponding to the allowed CORS headers
74+
*/
6575
DataFlow::Node allowed_headers() { result = this.getArgByName("allow_headers") }
6676
}
6777

python/ql/src/experimental/Security/CWE-942/CorsMisconfigurationMiddleware.qhelp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
<qhelp>
55
<overview>
66
<p>
7-
Web browsers, by default, disallow cross-origin resource sharing via direct HTTP requests (i.e. using a JavaScript HTTP client).
7+
Web browsers, by default, disallow cross-origin resource sharing via direct HTTP requests.
88
Still, to satisfy some needs that arose with the growth of the web, an expedient was created to make exceptions possible.
99
CORS (Cross-origin resource sharing) is a mechanism that allows resources of a web endpoint (let's call it "Peer A")
1010
to be accessed from another web page belonging to a different domain ("Peer B").

python/ql/src/experimental/Security/CWE-942/CorsMisconfigurationMiddleware.ql

Lines changed: 25 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -11,26 +11,29 @@
1111
* external/cwe/cwe-352
1212
*/
1313

14-
import python
15-
import semmle.python.Concepts
16-
private import semmle.python.dataflow.new.DataFlow
17-
predicate containsStar(DataFlow::Node array){
18-
(array.asExpr() instanceof List and
19-
array.asExpr().getASubExpression().(StringLiteral).getText().matches("*")) or
20-
(array.asExpr().(StringLiteral).getText().matches(["*", "null"]))
14+
import python
15+
import semmle.python.Concepts
16+
private import semmle.python.dataflow.new.DataFlow
2117

22-
}
23-
24-
predicate isCorsMiddleware(Http::Server::CorsMiddleware middleware){
25-
middleware.middleware_name().matches("CORSMiddleware")
26-
}
27-
28-
predicate credentialsAllowed(Http::Server::CorsMiddleware middleware){
29-
middleware.allowed_credentials().asExpr() instanceof True
30-
}
31-
32-
from Http::Server::CorsMiddleware a
33-
where credentialsAllowed(a) and
34-
containsStar(a.allowed_origins().getALocalSource()) and
35-
isCorsMiddleware(a)
36-
select a, "This CORS middleware uses a vulnerable configuration that leaves it open to attacks from arbitrary websites"
18+
predicate containsStar(DataFlow::Node array) {
19+
array.asExpr() instanceof List and
20+
array.asExpr().getASubExpression().(StringLiteral).getText() = ["*", "null"]
21+
or
22+
array.asExpr().(StringLiteral).getText() = ["*", "null"]
23+
}
24+
25+
predicate isCorsMiddleware(Http::Server::CorsMiddleware middleware) {
26+
middleware.middleware_name().matches("CORSMiddleware")
27+
}
28+
29+
predicate credentialsAllowed(Http::Server::CorsMiddleware middleware) {
30+
middleware.allowed_credentials().asExpr() instanceof True
31+
}
32+
33+
from Http::Server::CorsMiddleware a
34+
where
35+
credentialsAllowed(a) and
36+
containsStar(a.allowed_origins().getALocalSource()) and
37+
isCorsMiddleware(a)
38+
select a,
39+
"This CORS middleware uses a vulnerable configuration that leaves it open to attacks from arbitrary websites"

0 commit comments

Comments
 (0)