Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a480da6

Browse files
markshannonmarkshannon
committed
Python: Generalize turbogear response sinks to allow for internally sourced strings.
1 parent 2995b02 commit a480da6

2 files changed

Lines changed: 15 additions & 4 deletions

File tree

python/ql/src/semmle/python/security/strings/Basic.qll

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115,3 +115,14 @@ private predicate os_path_join(ControlFlowNode fromnode, CallNode tonode) {
115115
tonode = path_join.getACall() and tonode.getAnArg() = fromnode
116116
)
117117
}
118+
119+
/** A kind of "taint", representing a dictionary mapping str->"taint" */
120+
class StringDictKind extends DictKind {
121+
122+
StringDictKind() {
123+
this.getValue() instanceof StringKind
124+
}
125+
126+
}
127+
128+

python/ql/src/semmle/python/web/turbogears/Response.qll

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
import python
22

33
import semmle.python.security.TaintTracking
4-
import semmle.python.security.strings.Untrusted
4+
import semmle.python.security.strings.Basic
55

66
import TurboGears
77

@@ -17,7 +17,7 @@ class ControllerMethodReturnValue extends TaintSink {
1717
}
1818

1919
override predicate sinks(TaintKind kind) {
20-
kind instanceof ExternalStringKind
20+
kind instanceof StringKind
2121
}
2222

2323
}
@@ -32,7 +32,7 @@ class ControllerMethodTemplatedReturnValue extends TaintSink {
3232
}
3333

3434
override predicate sinks(TaintKind kind) {
35-
kind instanceof ExternalStringDictKind
35+
kind instanceof StringDictKind
3636
}
3737

38-
}
38+
}

0 commit comments

Comments
 (0)