@@ -169,6 +169,50 @@ module Werkzeug {
169169 }
170170 }
171171
172+ /**
173+ * Provides models for the `werkzeug.datastructures.Authorization` class
174+ *
175+ * See https://werkzeug.palletsprojects.com/en/1.0.x/datastructures/#werkzeug.datastructures.Authorization.
176+ */
177+ module Authorization {
178+ /**
179+ * A source of instances of `werkzeug.datastructures.Authorization`, extend this class to model new instances.
180+ *
181+ * This can include instantiations of the class, return values from function
182+ * calls, or a special parameter that will be set when functions are called by an external
183+ * library.
184+ *
185+ * Use the predicate `Authorization::instance()` to get references to instances of `werkzeug.datastructures.Authorization`.
186+ */
187+ abstract class InstanceSource extends DataFlow:: LocalSourceNode { }
188+
189+ /** Gets a reference to an instance of `werkzeug.datastructures.Authorization`. */
190+ private DataFlow:: TypeTrackingNode instance ( DataFlow:: TypeTracker t ) {
191+ t .start ( ) and
192+ result instanceof InstanceSource
193+ or
194+ exists ( DataFlow:: TypeTracker t2 | result = instance ( t2 ) .track ( t2 , t ) )
195+ }
196+
197+ /** Gets a reference to an instance of `werkzeug.datastructures.Authorization`. */
198+ DataFlow:: Node instance ( ) { instance ( DataFlow:: TypeTracker:: end ( ) ) .flowsTo ( result ) }
199+
200+ /**
201+ * Taint propagation for `werkzeug.datastructures.Authorization`.
202+ */
203+ class AuthorizationAdditionalTaintStep extends TaintTracking:: AdditionalTaintStep {
204+ override predicate step ( DataFlow:: Node nodeFrom , DataFlow:: Node nodeTo ) {
205+ // Attributes
206+ nodeFrom = instance ( ) and
207+ nodeTo .( DataFlow:: AttrRead ) .getObject ( ) = nodeFrom and
208+ nodeTo .( DataFlow:: AttrRead ) .getAttributeName ( ) in [
209+ "username" , "password" , "realm" , "nonce" , "uri" , "nc" , "cnonce" , "response" , "opaque" ,
210+ "qop"
211+ ]
212+ }
213+ }
214+ }
215+
172216 import WerkzeugOld
173217}
174218
0 commit comments