Python: Add test highlighting missing routed parameter flow to **kwargs parameter of request handler function

RasmusWL · RasmusWL · commit 24687b415620 · 2023-10-23T16:49:43.000+02:00
diff --git a/python/ql/test/library-tests/frameworks/django-v2-v3/taint_test.py b/python/ql/test/library-tests/frameworks/django-v2-v3/taint_test.py
@@ -174,8 +174,20 @@ def some_method(self):
         )
 
 
+def kwargs_param(request, **kwargs): # $ requestHandler
+    ensure_tainted(
+        kwargs, # $ MISSING: tainted
+        kwargs["foo"], # $ MISSING: tainted
+        kwargs["bar"]  # $ MISSING: tainted
+    )
+
+    ensure_tainted(request) # $ tainted
+
+
 # fake setup, you can't actually run this
 urlpatterns = [
     path("test-taint/<foo>/<bar>", test_taint),  # $ routeSetup="test-taint/<foo>/<bar>"
     path("ClassView/", ClassView.as_view()), # $ routeSetup="ClassView/"
+    path("test-kwargs_param/<foo>/<bar>", kwargs_param),  # $ routeSetup="test-kwargs_param/<foo>/<bar>"
+
 ]
