Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a81f8ea

Browse files
tausbnRasmusWL
tausbn
authored and
RasmusWL
committed
Python: Add Django RawSQL and HttpRequest models
1 parent ff9482f commit a81f8ea

2 files changed

Lines changed: 24 additions & 1 deletion

File tree

python/ql/lib/semmle/python/frameworks/Django.qll

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -838,6 +838,10 @@ module PrivateDjango {
838838
or
839839
// Commonly used alias
840840
result = models().getMember("RawSQL")
841+
or
842+
result =
843+
ModelOutput::getATypeNode("django.db.models.expressions.RawSQL~Subclass")
844+
.getASubclass*()
841845
}
842846

843847
/**
@@ -1172,6 +1176,9 @@ module PrivateDjango {
11721176
or
11731177
// handle django.http.HttpRequest alias
11741178
result = http().getMember("HttpRequest")
1179+
or
1180+
result =
1181+
ModelOutput::getATypeNode("django.http.request.HttpRequest~Subclass").getASubclass*()
11751182
}
11761183

11771184
/**
@@ -1475,7 +1482,7 @@ module PrivateDjango {
14751482
API::Node classRef() {
14761483
result = baseClassRef().getASubclass*() or
14771484
result =
1478-
ModelOutput::getATypeNode("Django.http.response.HttpResponsePermanentRedirect~Subclass")
1485+
ModelOutput::getATypeNode("django.http.response.HttpResponsePermanentRedirect~Subclass")
14791486
.getASubclass*()
14801487
}
14811488

python/ql/src/meta/ClassHierarchy/Find.ql

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -259,6 +259,22 @@ class FabricConnection extends FindSubclassesSpec {
259259
}
260260
}
261261

262+
class DjangoRawSql extends FindSubclassesSpec {
263+
DjangoRawSql() { this = "django.db.models.expressions.RawSQL~Subclass" }
264+
265+
override API::Node getAlreadyModeledClass() {
266+
result = PrivateDjango::DjangoImpl::DB::Models::Expressions::RawSql::classRef()
267+
}
268+
}
269+
270+
class DjangoHttpRequest extends FindSubclassesSpec {
271+
DjangoHttpRequest() { this = "django.http.request.HttpRequest~Subclass" }
272+
273+
override API::Node getAlreadyModeledClass() {
274+
result = PrivateDjango::DjangoImpl::DjangoHttp::Request::HttpRequest::classRef()
275+
}
276+
}
277+
262278
bindingset[fullyQualified]
263279
predicate fullyQualifiedToYamlFormat(string fullyQualified, string type2, string path) {
264280
exists(int firstDot | firstDot = fullyQualified.indexOf(".", 0, 0) |

0 commit comments

Comments
 (0)