Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 608ce50

Browse files
RasmusWLRasmusWL
committed
Python: Expose HTTP verbs in HTTP concept
Let's discuss whether doing it this way is reasonable, since I'm not 100% sure whether this fits into "concepts" or not.
1 parent c7ab78f commit 608ce50

3 files changed

Lines changed: 5 additions & 4 deletions

File tree

python/ql/src/semmle/python/Concepts.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -295,6 +295,8 @@ module SqlExecution {
295295

296296
/** Provides classes for modeling HTTP-related APIs. */
297297
module HTTP {
298+
import semmle.python.web.HttpConstants
299+
298300
/** Provides classes for modeling HTTP servers. */
299301
module Server {
300302
/**

python/ql/src/semmle/python/frameworks/Django.qll

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1680,8 +1680,7 @@ private module Django {
16801680
// TODO: This doesn't handle attribute assignment. Should be OK, but analysis is not as complete as with
16811681
// points-to and `.lookup`, which would handle `post = my_post_handler` inside class def
16821682
result = this.getAMethod() and
1683-
// TODO: Add HTTP verbs
1684-
result.getName() in ["post", "get"]
1683+
result.getName() = HTTP::httpVerbLower()
16851684
}
16861685

16871686
/** Gets a reference to this class. */

python/ql/src/semmle/python/web/HttpConstants.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/** Gets an http verb */
1+
/** Gets an HTTP verb */
22
string httpVerb() {
33
result = "GET" or
44
result = "POST" or
@@ -9,5 +9,5 @@ string httpVerb() {
99
result = "HEAD"
1010
}
1111

12-
/** Gets an http verb, in lower case */
12+
/** Gets an HTTP verb, in lower case */
1313
string httpVerbLower() { result = httpVerb().toLowerCase() }

0 commit comments

Comments
 (0)