Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit bced467

Browse files
RasmusWLRasmusWL
committed
Python: Refactor django additional step handling
So it matches the new style we're using in aiohttp/twisted/...
1 parent ce4b192 commit bced467

1 file changed

Lines changed: 36 additions & 24 deletions

File tree

python/ql/src/semmle/python/frameworks/Django.qll

Lines changed: 36 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1883,33 +1883,45 @@ private module PrivateDjango {
18831883
}
18841884
}
18851885

1886-
private class DjangoHttpRequstAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
1886+
private class DjangoHttpRequestAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
18871887
override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
1888+
// Methods
1889+
//
1890+
// TODO: When we have tools that make it easy, model these properly to handle
1891+
// `meth = obj.meth; meth()`. Until then, we'll use this more syntactic approach
1892+
// (since it allows us to at least capture the most common cases).
18881893
nodeFrom = django::http::request::HttpRequest::instance() and
1889-
exists(DataFlow::AttrRead read | nodeTo = read and read.getObject() = nodeFrom |
1890-
read.getAttributeName() in [
1891-
// str / bytes
1892-
"body", "path", "path_info", "method", "encoding", "content_type",
1893-
// django.http.QueryDict
1894-
// TODO: Model QueryDict
1895-
"GET", "POST",
1896-
// dict[str, str]
1897-
"content_params", "COOKIES",
1898-
// dict[str, Any]
1899-
"META",
1900-
// HttpHeaders (case insensitive dict-like)
1901-
"headers",
1902-
// MultiValueDict[str, UploadedFile]
1903-
// TODO: Model MultiValueDict
1904-
// TODO: Model UploadedFile
1905-
"FILES",
1906-
// django.urls.ResolverMatch
1907-
// TODO: Model ResolverMatch
1908-
"resolver_match"
1909-
]
1910-
// TODO: Handle calls to methods
1911-
// TODO: Handle that a HttpRequest is iterable
1894+
exists(DataFlow::AttrRead attr | attr.getObject() = nodeFrom |
1895+
attr.getAttributeName() in ["TODO"] and
1896+
nodeTo.(DataFlow::CallCfgNode).getFunction() = attr and
1897+
none()
19121898
)
1899+
or
1900+
// Attributes
1901+
nodeFrom = django::http::request::HttpRequest::instance() and
1902+
nodeTo.(DataFlow::AttrRead).getObject() = nodeFrom and
1903+
nodeTo.(DataFlow::AttrRead).getAttributeName() in [
1904+
// str / bytes
1905+
"body", "path", "path_info", "method", "encoding", "content_type",
1906+
// django.http.QueryDict
1907+
// TODO: Model QueryDict
1908+
"GET", "POST",
1909+
// dict[str, str]
1910+
"content_params", "COOKIES",
1911+
// dict[str, Any]
1912+
"META",
1913+
// HttpHeaders (case insensitive dict-like)
1914+
"headers",
1915+
// MultiValueDict[str, UploadedFile]
1916+
// TODO: Model MultiValueDict
1917+
// TODO: Model UploadedFile
1918+
"FILES",
1919+
// django.urls.ResolverMatch
1920+
// TODO: Model ResolverMatch
1921+
"resolver_match"
1922+
]
1923+
// TODO: Handle calls to methods
1924+
// TODO: Handle that a HttpRequest is iterable
19131925
}
19141926
}
19151927

0 commit comments

Comments
 (0)