Python: Add basic support for stdlib cookie objects.

markshannon · markshannon · commit e933ba28d5ed · 2019-02-28T15:24:36.000Z
diff --git a/python/ql/src/semmle/python/web/Http.qll b/python/ql/src/semmle/python/web/Http.qll
@@ -56,4 +56,36 @@ class WsgiEnvironment extends TaintKind {
 
 }
 
+/** A standard morsel object from a HTTP request, a value in a cookie,
+ * typically an instance of `http.cookies.Morsel` */
+class UntrustedMorsel extends TaintKind {
+
+    UntrustedMorsel() {
+        this = "http.Morsel"
+    }
+
+
+    override TaintKind getTaintOfAttribute(string name) {
+        result instanceof ExternalStringKind and
+        (
+            name = "value"
+        )
+    }
+
+}
+
+/** A standard cookie object from a HTTP request, typically an instance of `http.cookies.SimpleCookie` */
+class UntrustedCookie extends TaintKind {
+
+    UntrustedCookie() {
+        this = "http.Cookie"
+    }
+
+    override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) {
+        tonode.(SubscriptNode).getValue() = fromnode and
+        result instanceof UntrustedMorsel
+    }
+
+}
+
 
