Python: Add missing function to flask test stub.

markshannon · markshannon · commit fab2cb5a32ac · 2019-08-01T13:11:41.000+01:00
diff --git a/python/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/python/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
@@ -1,6 +1,7 @@
 edges
 | ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | ../lib/flask/__init__.py:15:19:15:20 | externally controlled string |
 | ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | ../lib/flask/__init__.py:16:25:16:26 | externally controlled string |
+| ../lib/flask/__init__.py:22:12:22:14 | externally controlled string | ../lib/flask/__init__.py:23:26:23:28 | externally controlled string |
 | jinja2_escaping.py:14:12:14:23 | dict of externally controlled string | jinja2_escaping.py:14:12:14:39 | externally controlled string |
 | jinja2_escaping.py:14:12:14:39 | externally controlled string | jinja2_escaping.py:16:47:16:50 | externally controlled string |
 | reflected_xss.py:7:18:7:29 | dict of externally controlled string | reflected_xss.py:7:18:7:45 | externally controlled string |
@@ -9,9 +10,12 @@ edges
 | reflected_xss.py:8:44:8:53 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
 | reflected_xss.py:12:18:12:29 | dict of externally controlled string | reflected_xss.py:12:18:12:45 | externally controlled string |
 | reflected_xss.py:12:18:12:45 | externally controlled string | reflected_xss.py:13:51:13:60 | externally controlled string |
+| reflected_xss.py:13:51:13:60 | externally controlled string | ../lib/flask/__init__.py:22:12:22:14 | externally controlled string |
 parents
 | ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
 | ../lib/flask/__init__.py:15:19:15:20 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
 | ../lib/flask/__init__.py:16:25:16:26 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
+| ../lib/flask/__init__.py:22:12:22:14 | externally controlled string | reflected_xss.py:13:51:13:60 | externally controlled string |
+| ../lib/flask/__init__.py:23:26:23:28 | externally controlled string | reflected_xss.py:13:51:13:60 | externally controlled string |
 #select
 | ../lib/flask/__init__.py:16:25:16:26 | flask.response.argument | reflected_xss.py:7:18:7:29 | dict of externally controlled string | ../lib/flask/__init__.py:16:25:16:26 | externally controlled string | Cross-site scripting vulnerability due to $@. | reflected_xss.py:7:18:7:29 | flask.request.args | user-provided value |
diff --git a/python/ql/test/query-tests/Security/lib/flask/__init__.py b/python/ql/test/query-tests/Security/lib/flask/__init__.py
@@ -18,3 +18,6 @@ def make_response(rv):
         return rv
     else:
         pass
+
+def escape(txt):
+    return Markup.escape(txt)
