Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit bf8bfd9

Browse files
yoffyoff
committed
Python: Add inline query test
1 parent 19046ea commit bf8bfd9

9 files changed

Lines changed: 23 additions & 16 deletions

File tree

python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/DataflowQueryTest.expected

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
failures
2+
missingAnnotationOnSink
3+
testFailures

python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/DataflowQueryTest.ql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
import python
2+
import experimental.dataflow.TestUtil.DataflowQueryTest
3+
import semmle.python.security.dataflow.NoSQLInjectionQuery
4+
import FromTaintTrackingStateConfig<Config>

python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_mongoengine_bad.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,15 +19,15 @@ def subclass_objects():
1919
unsafe_search = request.args['search']
2020
json_search = json.loads(unsafe_search)
2121

22-
return Movie.objects(__raw__=json_search)
22+
return Movie.objects(__raw__=json_search) #$ result=BAD
2323

2424
@app.route("/get_db_find")
2525
def get_db_find():
2626
unsafe_search = request.args['search']
2727
json_search = json.loads(unsafe_search)
2828

2929
retrieved_db = db.get_db()
30-
return retrieved_db["Movie"].find({'name': json_search})
30+
return retrieved_db["Movie"].find({'name': json_search}) #$ result=BAD
3131

3232
# if __name__ == "__main__":
3333
# app.run(debug=True)

python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_mongoengine_good.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ def subclass_objects():
2121
json_search = json.loads(unsafe_search)
2222
safe_search = sanitize(json_search)
2323

24-
return Movie.objects(__raw__=safe_search)
24+
return Movie.objects(__raw__=safe_search) #$ result=OK
2525

2626
# if __name__ == "__main__":
2727
# app.run(debug=True)

python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_pymongo_bad.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ def home_page():
1111
unsafe_search = request.args['search']
1212
json_search = json.loads(unsafe_search)
1313

14-
return mongo.db.user.find({'name': json_search})
14+
return mongo.db.user.find({'name': json_search}) #$ result=BAD
1515

1616
# if __name__ == "__main__":
1717
# app.run(debug=True)

python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_pymongo_good.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ def home_page():
1313
json_search = json.loads(unsafe_search)
1414
safe_search = sanitize(json_search)
1515

16-
return mongo.db.user.find({'name': safe_search})
16+
return mongo.db.user.find({'name': safe_search}) #$ result=OK
1717

1818
# if __name__ == "__main__":
1919
# app.run(debug=True)

python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/mongoengine_bad.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -19,46 +19,46 @@ def connect_find():
1919
json_search = json.loads(unsafe_search)
2020

2121
db = me.connect('mydb')
22-
return db.movie.find({'name': json_search})
22+
return db.movie.find({'name': json_search}) #$ result=BAD
2323

2424
@app.route("/connection_connect_find")
2525
def connection_connect_find():
2626
unsafe_search = request.args['search']
2727
json_search = json.loads(unsafe_search)
2828

2929
db = connect('mydb')
30-
return db.movie.find({'name': json_search})
30+
return db.movie.find({'name': json_search}) #$ result=BAD
3131

3232
@app.route("/get_db_find")
3333
def get_db_find():
3434
unsafe_search = request.args['search']
3535
json_search = json.loads(unsafe_search)
3636

3737
db = me.get_db()
38-
return db.movie.find({'name': json_search})
38+
return db.movie.find({'name': json_search}) #$ result=BAD
3939

4040
@app.route("/connection_get_db_find")
4141
def connection_get_db_find():
4242
unsafe_search = request.args['search']
4343
json_search = json.loads(unsafe_search)
4444

4545
db = get_db()
46-
return db.movie.find({'name': json_search})
46+
return db.movie.find({'name': json_search}) #$ result=BAD
4747

4848
@app.route("/subclass_objects")
4949
def subclass_objects():
5050
unsafe_search = request.args['search']
5151
json_search = json.loads(unsafe_search)
5252

53-
return Movie.objects(__raw__=json_search)
53+
return Movie.objects(__raw__=json_search) #$ result=BAD
5454

5555
@app.route("/subscript_find")
5656
def subscript_find():
5757
unsafe_search = request.args['search']
5858
json_search = json.loads(unsafe_search)
5959

6060
db = me.connect('mydb')
61-
return db['movie'].find({'name': json_search})
61+
return db['movie'].find({'name': json_search}) #$ result=BAD
6262

6363
# if __name__ == "__main__":
6464
# app.run(debug=True)

python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/mongoengine_good.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ def connect_find():
2121
safe_search = sanitize(json_search)
2222

2323
db = me.connect('mydb')
24-
return db.movie.find({'name': safe_search})
24+
return db.movie.find({'name': safe_search}) #$ result=OK
2525

2626
# if __name__ == "__main__":
2727
# app.run(debug=True)

python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/pymongo_test.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ def bad():
1212
unsafe_search = request.args['search']
1313
json_search = json.loads(unsafe_search)
1414

15-
return client.db.collection.find_one({'data': json_search})
15+
return client.db.collection.find_one({'data': json_search}) #$ result=BAD
1616

1717

1818
@app.route("/good")
@@ -21,7 +21,7 @@ def good():
2121
json_search = json.loads(unsafe_search)
2222
safe_search = sanitize(json_search)
2323

24-
return client.db.collection.find_one({'data': safe_search})
24+
return client.db.collection.find_one({'data': safe_search}) #$ result=OK
2525

2626

2727
@app.route("/bad2")
@@ -30,7 +30,7 @@ def bad2():
3030
client = MongoClient("localhost", 27017, maxPoolSize=50)
3131
db = client.localhost
3232
collection = db['collection']
33-
cursor = collection.find_one({"$where": f"this._id == '${event_id}'"})
33+
cursor = collection.find_one({"$where": f"this._id == '${event_id}'"}) #$ result=BAD
3434

3535

3636
@app.route("/bad3")
@@ -40,7 +40,7 @@ def bad3():
4040
client = MongoClient("localhost", 27017, maxPoolSize=50)
4141
db = client.get_database(name="localhost")
4242
collection = db.get_collection("collection")
43-
cursor = collection.find_one({"$where": f"this._id == '${event_id}'"})
43+
cursor = collection.find_one({"$where": f"this._id == '${event_id}'"}) #$ result=BAD
4444

4545

4646
if __name__ == "__main__":

0 commit comments

Comments
 (0)