Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 8b2c34e

Browse files
RasmusWLRasmusWL
authored
Merge pull request #4747 from yoff/python-path-injection-doc
Python: Fix documentation for path injection.
2 parents b5626cb + fd8c696 commit 8b2c34e

1 file changed

Lines changed: 12 additions & 10 deletions

File tree

python/ql/src/Security/CWE-022/PathInjection.ql

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,18 @@
1414
* external/cwe/cwe-036
1515
* external/cwe/cwe-073
1616
* external/cwe/cwe-099
17-
*
17+
*/
18+
19+
import python
20+
import semmle.python.dataflow.new.DataFlow
21+
import semmle.python.dataflow.new.DataFlow2
22+
import semmle.python.dataflow.new.TaintTracking
23+
import semmle.python.dataflow.new.TaintTracking2
24+
import semmle.python.Concepts
25+
import semmle.python.dataflow.new.RemoteFlowSources
26+
import ChainedConfigs12
27+
28+
/*
1829
* The query detects cases where a user-controlled path is used in an unsafe manner,
1930
* meaning it is not both normalized and _afterwards_ checked.
2031
*
@@ -36,15 +47,6 @@
3647
* to a sink.
3748
*/
3849

39-
import python
40-
import semmle.python.dataflow.new.DataFlow
41-
import semmle.python.dataflow.new.DataFlow2
42-
import semmle.python.dataflow.new.TaintTracking
43-
import semmle.python.dataflow.new.TaintTracking2
44-
import semmle.python.Concepts
45-
import semmle.python.dataflow.new.RemoteFlowSources
46-
import ChainedConfigs12
47-
4850
// ---------------------------------------------------------------------------
4951
// Case 1. The path is never normalized.
5052
// ---------------------------------------------------------------------------

0 commit comments

Comments
 (0)