Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 441e206

Browse files
yoffyoff
committed
python: CSRF -> Csrf
1 parent 53de828 commit 441e206

3 files changed

Lines changed: 26 additions & 26 deletions

File tree

python/ql/lib/semmle/python/Concepts.qll

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -110,9 +110,9 @@ module FileSystemWriteAccess {
110110
* in a global manner.
111111
*
112112
* Extend this class to refine existing API models. If you want to model new APIs,
113-
* extend `CSRFProtectionSetting::Range` instead.
113+
* extend `CsrfProtectionSetting::Range` instead.
114114
*/
115-
class CSRFProtectionSetting extends DataFlow::Node instanceof CSRFProtectionSetting::Range {
115+
class CsrfProtectionSetting extends DataFlow::Node instanceof CsrfProtectionSetting::Range {
116116
/**
117117
* Gets the boolean value corresponding to if CSRF protection is enabled
118118
* (`true`) or disabled (`false`) by this node.
@@ -121,13 +121,13 @@ class CSRFProtectionSetting extends DataFlow::Node instanceof CSRFProtectionSett
121121
}
122122

123123
/** Provides a class for modeling new CSRF protection setting APIs. */
124-
module CSRFProtectionSetting {
124+
module CsrfProtectionSetting {
125125
/**
126126
* A data-flow node that may set or unset Cross-site request forgery protection
127127
* in a global manner.
128128
*
129129
* Extend this class to model new APIs. If you want to refine existing API models,
130-
* extend `CSRFProtectionSetting` instead.
130+
* extend `CsrfProtectionSetting` instead.
131131
*/
132132
abstract class Range extends DataFlow::Node {
133133
/**
@@ -143,9 +143,9 @@ module CSRFProtectionSetting {
143143
* for a specific part of an application.
144144
*
145145
* Extend this class to refine existing API models. If you want to model new APIs,
146-
* extend `CSRFProtection::Range` instead.
146+
* extend `CsrfLocalProtection::Range` instead.
147147
*/
148-
class CSRFProtection extends DataFlow::Node instanceof CSRFProtection::Range {
148+
class CsrfLocalProtection extends DataFlow::Node instanceof CsrfLocalProtection::Range {
149149
/**
150150
* Gets a `Function` representing the protected interaction
151151
* (probably a request handler).
@@ -154,13 +154,13 @@ class CSRFProtection extends DataFlow::Node instanceof CSRFProtection::Range {
154154
}
155155

156156
/** Provides a class for modeling new CSRF protection setting APIs. */
157-
module CSRFProtection {
157+
module CsrfLocalProtection {
158158
/**
159159
* A data-flow node that provides Cross-site request forgery protection
160160
* for a specific part of an application.
161161
*
162162
* Extend this class to model new APIs. If you want to refine existing API models,
163-
* extend `CSRFProtection` instead.
163+
* extend `CsrfLocalProtection` instead.
164164
*/
165165
abstract class Range extends DataFlow::Node {
166166
/**

python/ql/lib/semmle/python/frameworks/Django.qll

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -2320,7 +2320,7 @@ module PrivateDjango {
23202320
/**
23212321
* A custom middleware stack
23222322
*/
2323-
private class DjangoSettingsMiddlewareStack extends CSRFProtectionSetting::Range {
2323+
private class DjangoSettingsMiddlewareStack extends CsrfProtectionSetting::Range {
23242324
List list;
23252325

23262326
DjangoSettingsMiddlewareStack() {
@@ -2345,21 +2345,21 @@ module PrivateDjango {
23452345
else result = false
23462346
}
23472347
}
2348-
}
23492348

2350-
private class DjangoCSRFDecorator extends CSRFProtection::Range {
2351-
Function function;
2352-
2353-
DjangoCSRFDecorator() {
2354-
this =
2355-
API::moduleImport("django")
2356-
.getMember("views")
2357-
.getMember("decorators")
2358-
.getMember("csrf")
2359-
.getMember("csrf_protect")
2360-
.getAUse() and
2361-
this.asExpr() = function.getADecorator()
2362-
}
2349+
private class DjangoCsrfDecorator extends CsrfLocalProtection::Range {
2350+
Function function;
23632351

2364-
override Function getProtected() { result = function }
2352+
DjangoCsrfDecorator() {
2353+
this =
2354+
API::moduleImport("django")
2355+
.getMember("views")
2356+
.getMember("decorators")
2357+
.getMember("csrf")
2358+
.getMember("csrf_protect")
2359+
.getAUse() and
2360+
this.asExpr() = function.getADecorator()
2361+
}
2362+
2363+
override Function getProtected() { result = function }
2364+
}
23652365
}

python/ql/src/Security/CWE-352/CSRFProtectionDisabled.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,10 +14,10 @@
1414
import python
1515
import semmle.python.Concepts
1616

17-
from CSRFProtectionSetting s
17+
from CsrfProtectionSetting s
1818
where
1919
s.getVerificationSetting() = false and
20-
not exists(CSRFProtection p) and
20+
not exists(CsrfLocalProtection p) and
2121
// rule out test code as this is a common place to turn off CSRF protection
2222
not s.getLocation().getFile().getAbsolutePath().matches("%test%")
2323
select s, "Potential CSRF vulnerability due to forgery protection being disabled or weakened."

0 commit comments

Comments
 (0)