Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f406a45

Browse files
tausbntausbn
committed
Python: Autoformat web.
1 parent 5b121b7 commit f406a45

8 files changed

Lines changed: 56 additions & 100 deletions

File tree

python/ql/src/semmle/python/web/Http.qll

Lines changed: 32 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,13 @@ import semmle.python.security.strings.External
44
import HttpConstants
55

66
/** Generic taint source from a http request */
7-
abstract class HttpRequestTaintSource extends TaintSource {
7+
abstract class HttpRequestTaintSource extends TaintSource { }
88

9-
}
10-
11-
/** Taint kind representing the WSGI environment.
9+
/**
10+
* Taint kind representing the WSGI environment.
1211
* As specified in PEP 3333. https://www.python.org/dev/peps/pep-3333/#environ-variables
1312
*/
1413
class WsgiEnvironment extends TaintKind {
15-
1614
WsgiEnvironment() { this = "wsgi.environment" }
1715

1816
override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) {
@@ -26,122 +24,95 @@ class WsgiEnvironment extends TaintKind {
2624
tonode.(CallNode).getFunction().(AttrNode).getObject("get") = fromnode and
2725
tonode.(CallNode).getArg(0).pointsTo(key)
2826
or
29-
tonode.(SubscriptNode).getObject() = fromnode and tonode.isLoad() and
27+
tonode.(SubscriptNode).getObject() = fromnode and
28+
tonode.isLoad() and
3029
tonode.(SubscriptNode).getIndex().pointsTo(key)
31-
|
32-
key = Value::forString(text) and result instanceof ExternalStringKind and
30+
|
31+
key = Value::forString(text) and
32+
result instanceof ExternalStringKind and
3333
(
3434
text = "QUERY_STRING" or
3535
text = "PATH_INFO" or
3636
text.prefix(5) = "HTTP_"
3737
)
3838
)
3939
}
40-
4140
}
4241

43-
/** A standard morsel object from a HTTP request, a value in a cookie,
44-
* typically an instance of `http.cookies.Morsel` */
42+
/**
43+
* A standard morsel object from a HTTP request, a value in a cookie,
44+
* typically an instance of `http.cookies.Morsel`
45+
*/
4546
class UntrustedMorsel extends TaintKind {
46-
47-
UntrustedMorsel() {
48-
this = "http.Morsel"
49-
}
50-
47+
UntrustedMorsel() { this = "http.Morsel" }
5148

5249
override TaintKind getTaintOfAttribute(string name) {
5350
result instanceof ExternalStringKind and
54-
(
55-
name = "value"
56-
)
51+
name = "value"
5752
}
58-
5953
}
6054

6155
/** A standard cookie object from a HTTP request, typically an instance of `http.cookies.SimpleCookie` */
6256
class UntrustedCookie extends TaintKind {
63-
64-
UntrustedCookie() {
65-
this = "http.Cookie"
66-
}
57+
UntrustedCookie() { this = "http.Cookie" }
6758

6859
override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) {
6960
tonode.(SubscriptNode).getObject() = fromnode and
7061
result instanceof UntrustedMorsel
7162
}
72-
7363
}
7464

7565
abstract class CookieOperation extends @py_flow_node {
76-
7766
abstract string toString();
7867

7968
abstract ControlFlowNode getKey();
8069

8170
abstract ControlFlowNode getValue();
82-
8371
}
8472

85-
abstract class CookieGet extends CookieOperation {}
73+
abstract class CookieGet extends CookieOperation { }
8674

87-
abstract class CookieSet extends CookieOperation {}
75+
abstract class CookieSet extends CookieOperation { }
8876

8977
/** Generic taint sink in a http response */
9078
abstract class HttpResponseTaintSink extends TaintSink {
91-
92-
override predicate sinks(TaintKind kind) {
93-
kind instanceof ExternalStringKind
94-
}
95-
79+
override predicate sinks(TaintKind kind) { kind instanceof ExternalStringKind }
9680
}
9781

9882
abstract class HttpRedirectTaintSink extends TaintSink {
99-
100-
override predicate sinks(TaintKind kind) {
101-
kind instanceof ExternalStringKind
102-
}
103-
83+
override predicate sinks(TaintKind kind) { kind instanceof ExternalStringKind }
10484
}
10585

10686
module Client {
107-
10887
// TODO: user-input in other than URL:
10988
// - `data`, `json` for `requests.post`
11089
// - `body` for `HTTPConnection.request`
11190
// - headers?
112-
11391
// TODO: Add more library support
11492
// - urllib3 https://github.com/urllib3/urllib3
11593
// - httpx https://github.com/encode/httpx
116-
11794
/**
118-
* An outgoing http request
119-
*
120-
* For example:
121-
* conn = HTTPConnection('example.com')
122-
conn.request('GET', '/path')
123-
*/
95+
* An outgoing http request
96+
*
97+
* For example:
98+
* conn = HTTPConnection('example.com')
99+
* conn.request('GET', '/path')
100+
*/
124101
abstract class HttpRequest extends ControlFlowNode {
125-
126-
/** Get any ControlFlowNode that is used to construct the final URL.
127-
*
128-
* In the HTTPConnection example, there is a result for both `'example.com'` and for `'/path'`.
129-
*/
102+
/**
103+
* Get any ControlFlowNode that is used to construct the final URL.
104+
*
105+
* In the HTTPConnection example, there is a result for both `'example.com'` and for `'/path'`.
106+
*/
130107
abstract ControlFlowNode getAUrlPart();
131108

132109
abstract string getMethodUpper();
133110
}
134111

135112
/** Taint sink for the URL-part of an outgoing http request */
136113
class HttpRequestUrlTaintSink extends TaintSink {
114+
HttpRequestUrlTaintSink() { this = any(HttpRequest r).getAUrlPart() }
137115

138-
HttpRequestUrlTaintSink() {
139-
this = any(HttpRequest r).getAUrlPart()
140-
}
141-
142-
override predicate sinks(TaintKind kind) {
143-
kind instanceof ExternalStringKind
144-
}
145-
116+
override predicate sinks(TaintKind kind) { kind instanceof ExternalStringKind }
146117
}
147118
}

python/ql/src/semmle/python/web/HttpConstants.qll

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
1-
21
/** Gets an http verb */
32
string httpVerb() {
4-
result = "GET" or result = "POST" or
5-
result = "PUT" or result = "PATCH" or
6-
result = "DELETE" or result = "OPTIONS" or
3+
result = "GET" or
4+
result = "POST" or
5+
result = "PUT" or
6+
result = "PATCH" or
7+
result = "DELETE" or
8+
result = "OPTIONS" or
79
result = "HEAD"
810
}
911

1012
/** Gets an http verb, in lower case */
11-
string httpVerbLower() {
12-
result = httpVerb().toLowerCase()
13-
}
13+
string httpVerbLower() { result = httpVerb().toLowerCase() }

python/ql/src/semmle/python/web/HttpRedirect.qll

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,5 @@
11
import python
2-
32
import semmle.python.security.strings.Basic
4-
53
import semmle.python.web.django.Redirect
64
import semmle.python.web.flask.Redirect
75
import semmle.python.web.tornado.Redirect

python/ql/src/semmle/python/web/django/General.qll

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,9 @@ class DjangoRoute extends CallNode {
2727
}
2828

2929
/**
30-
* Get the number of positional arguments that will be passed to the view.
31-
* Will only return a result if there are no named arguments.
32-
*/
30+
* Get the number of positional arguments that will be passed to the view.
31+
* Will only return a result if there are no named arguments.
32+
*/
3333
int getNumPositionalArguments() {
3434
exists(DjangoRouteRegex regex |
3535
django_route(this, regex.getAFlowNode(), _) and

python/ql/src/semmle/python/web/django/Request.qll

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -79,14 +79,13 @@ class DjangoClassBasedViewRequestArgument extends DjangoRequestSource {
7979
/** An argument specified in a url routing table */
8080
class DjangoRequestParameter extends HttpRequestTaintSource {
8181
DjangoRequestParameter() {
82-
exists(DjangoRoute route, Function f |
83-
f = route.getViewFunction().getScope() |
82+
exists(DjangoRoute route, Function f | f = route.getViewFunction().getScope() |
8483
this.(ControlFlowNode).getNode() = f.getArgByName(route.getNamedArgument())
8584
or
8685
exists(int i | i >= 0 |
8786
i < route.getNumPositionalArguments() and
8887
// +1 because first argument is always the request
89-
this.(ControlFlowNode).getNode() = f.getArg(i+1)
88+
this.(ControlFlowNode).getNode() = f.getArg(i + 1)
9089
)
9190
)
9291
}

python/ql/src/semmle/python/web/falcon/General.qll

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,8 @@ ClassValue theFalconAPIClass() { result = Value::named("falcon.API") }
66

77
/** Holds if `route` is routed to `resource` */
88
private predicate api_route(CallNode route_call, ControlFlowNode route, ClassValue resource) {
9-
route_call.getFunction().(AttrNode).getObject("add_route").pointsTo().getClass() = theFalconAPIClass() and
9+
route_call.getFunction().(AttrNode).getObject("add_route").pointsTo().getClass() =
10+
theFalconAPIClass() and
1011
route_call.getArg(0) = route and
1112
route_call.getArg(1).pointsTo().getClass() = resource
1213
}

python/ql/src/semmle/python/web/tornado/Tornado.qll

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,11 @@ predicate isTornadoRequestHandlerInstance(ControlFlowNode node) {
1818
node.pointsTo().getClass() = aTornadoRequestHandlerClass()
1919
or
2020
/*
21-
* In some cases, the points-to analysis won't capture all instances we care
22-
* about. For these, we use the following syntactic check. First, that
23-
* `node` appears inside a method of a subclass of
24-
* `tornado.web.RequestHandler`:
25-
*/
21+
* In some cases, the points-to analysis won't capture all instances we care
22+
* about. For these, we use the following syntactic check. First, that
23+
* `node` appears inside a method of a subclass of
24+
* `tornado.web.RequestHandler`:
25+
*/
2626

2727
node.getScope().getEnclosingScope() = aTornadoRequestHandlerClass().getScope() and
2828
/* Secondly, that `node` refers to the `self` argument: */

python/ql/src/semmle/python/web/webob/Request.qll

Lines changed: 5 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,8 @@
11
import python
2-
32
import semmle.python.security.TaintTracking
43
import semmle.python.web.Http
54

65
abstract class BaseWebobRequest extends TaintKind {
7-
86
bindingset[this]
97
BaseWebobRequest() { any() }
108

@@ -17,9 +15,7 @@ abstract class BaseWebobRequest extends TaintKind {
1715
)
1816
or
1917
result instanceof ExternalStringKind and
20-
(
21-
name = "body"
22-
)
18+
name = "body"
2319
}
2420

2521
override TaintKind getTaintOfMethodResult(string name) {
@@ -30,22 +26,13 @@ abstract class BaseWebobRequest extends TaintKind {
3026
name = "copy_body"
3127
)
3228
or
33-
result instanceof ExternalStringKind and
34-
(
35-
name = "as_bytes"
36-
)
29+
result instanceof ExternalStringKind and
30+
name = "as_bytes"
3731
}
38-
3932
}
4033

4134
class WebobRequest extends BaseWebobRequest {
35+
WebobRequest() { this = "webob.Request" }
4236

43-
WebobRequest() {
44-
this = "webob.Request"
45-
}
46-
47-
override ClassValue getType() {
48-
result = Value::named("webob.request.Request")
49-
}
50-
37+
override ClassValue getType() { result = Value::named("webob.request.Request") }
5138
}

0 commit comments

Comments
 (0)