Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Python: Add Server-side Request Forgery sinks #8275

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RasmusWL merged 13 commits into from
Mar 8, 2022
Merged

Python: Add Server-side Request Forgery sinks #8275

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
b23e28a
add Server-side Request Forgery sinks
haby0 Feb 28, 2022
be40b54
add test
haby0 Feb 28, 2022
40feb1f
Python: SPURIOUS results for httpx
RasmusWL Mar 4, 2022
56901ea
Python: Make new SSRF sink modules private
RasmusWL Mar 4, 2022
7d6d8be
Python: Fix httpx modeling
RasmusWL Mar 4, 2022
c65839b
Python: improve urllib3 modeling
RasmusWL Mar 4, 2022
02a97b0
Python: Move `urllib` and `urllib2` to be part of stdlib modeling
RasmusWL Mar 4, 2022
866e615
Python: Add PyPI links in qldocs
RasmusWL Mar 4, 2022
75bc532
Python: Avoid `toString` usage :O
RasmusWL Mar 4, 2022
d86284b
Python: Update frameworks.rst
RasmusWL Mar 4, 2022
e47f726
Python: Add change-note
RasmusWL Mar 4, 2022
f620e25
Merge branch 'main' into py/add-ssrf-sinks
RasmusWL Mar 4, 2022
7e6666b
Merge branch 'main' into py/add-ssrf-sinks
haby0 Mar 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Python: Fix httpx modeling
  • Loading branch information
@RasmusWL
RasmusWL committed Mar 4, 2022
commit 7d6d8be1791e4f784ffbd38f9a887dd9645ed672
16 changes: 6 additions & 10 deletions python/ql/lib/semmle/python/frameworks/Httpx.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,9 @@ private module HttpxModel {
override DataFlow::Node getAUrlPart() {
result = this.getArgByName("url")
or
not methodName = "request" and
result = this.getArg(0)
or
methodName in ["request", "stream"] and
result = this.getArg(1)
if methodName in ["request", "stream"]
then result = this.getArg(1)
else result = this.getArg(0)
}

override string getFramework() { result = "httpx" }
Expand Down Expand Up @@ -66,11 +64,9 @@ private module HttpxModel {
override DataFlow::Node getAUrlPart() {
result = this.getArgByName("url")
or
not methodName = "request" and
result = this.getArg(0)
or
methodName in ["request", "stream"] and
result = this.getArg(1)
if methodName in ["request", "stream"]
then result = this.getArg(1)
else result = this.getArg(0)
}

override string getFramework() { result = "httpx.[Async]Client" }
Expand Down
6 changes: 3 additions & 3 deletions python/ql/test/library-tests/frameworks/httpx/test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,20 @@
httpx.patch("url") # $ clientRequestUrlPart="url"
httpx.options("url") # $ clientRequestUrlPart="url"
httpx.request("method", url="url") # $ clientRequestUrlPart="url"
httpx.stream("method", url="url") # $ clientRequestUrlPart="url" SPURIOUS: clientRequestUrlPart="method"
httpx.stream("method", url="url") # $ clientRequestUrlPart="url"

client = httpx.Client()
response = client.get("url") # $ clientRequestUrlPart="url"
response = client.post("url") # $ clientRequestUrlPart="url"
response = client.patch("url") # $ clientRequestUrlPart="url"
response = client.options("url") # $ clientRequestUrlPart="url"
response = client.request("method", url="url") # $ clientRequestUrlPart="url"
response = client.stream("method", url="url") # $ clientRequestUrlPart="url" SPURIOUS: clientRequestUrlPart="method"
response = client.stream("method", url="url") # $ clientRequestUrlPart="url"

client = httpx.AsyncClient()
response = client.get("url") # $ clientRequestUrlPart="url"
response = client.post("url") # $ clientRequestUrlPart="url"
response = client.patch("url") # $ clientRequestUrlPart="url"
response = client.options("url") # $ clientRequestUrlPart="url"
response = client.request("method", url="url") # $ clientRequestUrlPart="url"
response = client.stream("method", url="url") # $ clientRequestUrlPart="url" SPURIOUS: clientRequestUrlPart="method"
response = client.stream("method", url="url") # $ clientRequestUrlPart="url"