@@ -9,133 +9,3 @@ private import semmle.python.dataflow.new.TaintTracking
99private import semmle.python.dataflow.new.RemoteFlowSources
1010private import experimental.semmle.python.Concepts
1111private import semmle.python.ApiGraphs
12-
13- private module Headers {
14- private module Werkzeug {
15- class WerkzeugHeaderCall extends DataFlow:: CallCfgNode , HeaderDeclaration:: Range {
16- WerkzeugHeaderCall ( ) {
17- exists ( DataFlow:: AttrRead addMethod |
18- this .getFunction ( ) = addMethod and
19- addMethod .getObject ( ) .getALocalSource ( ) =
20- API:: moduleImport ( "werkzeug" )
21- .getMember ( "datastructures" )
22- .getMember ( "Headers" )
23- .getACall ( ) and
24- addMethod .getAttributeName ( ) = "add"
25- )
26- }
27-
28- override DataFlow:: Node getHeaderInputNode ( ) { result = this .getArg ( 1 ) }
29- }
30- }
31-
32- private module Flask {
33- class FlaskHeaderCall extends DataFlow:: Node , HeaderDeclaration:: Range {
34- DataFlow:: Node headerInputNode ;
35-
36- FlaskHeaderCall ( ) {
37- exists (
38- DataFlow:: CallCfgNode headerInstance , DataFlow:: AttrRead responseMethod ,
39- AssignStmt sinkDeclaration
40- |
41- headerInstance = API:: moduleImport ( "flask" ) .getMember ( "Response" ) .getACall ( ) and
42- responseMethod .getAttributeName ( ) = "headers" and
43- responseMethod .getObject ( ) .getALocalSource ( ) = headerInstance and
44- sinkDeclaration .getATarget ( ) = responseMethod .asExpr ( ) .getParentNode ( ) and
45- headerInputNode .asExpr ( ) = sinkDeclaration .getValue ( ) and
46- this .asExpr ( ) = sinkDeclaration .getATarget ( )
47- )
48- }
49-
50- override DataFlow:: Node getHeaderInputNode ( ) { result = headerInputNode }
51- }
52-
53- class FlaskMakeResponseCall extends DataFlow:: Node , HeaderDeclaration:: Range {
54- DataFlow:: Node headerInputNode ;
55-
56- FlaskMakeResponseCall ( ) {
57- exists (
58- DataFlow:: CallCfgNode headerInstance , DataFlow:: AttrRead responseMethod ,
59- AssignStmt sinkDeclaration
60- |
61- headerInstance = API:: moduleImport ( "flask" ) .getMember ( "make_response" ) .getACall ( ) and
62- responseMethod .getAttributeName ( ) = "headers" and
63- responseMethod .getObject ( ) .getALocalSource ( ) = headerInstance and
64- sinkDeclaration .getATarget ( ) = responseMethod .asExpr ( ) .getParentNode ( ) and
65- this .asExpr ( ) = sinkDeclaration .getATarget ( ) and
66- headerInputNode .asExpr ( ) = sinkDeclaration .getValue ( )
67- )
68- }
69-
70- override DataFlow:: Node getHeaderInputNode ( ) { result = headerInputNode }
71- }
72-
73- class FlaskMakeResponseExtendCall extends DataFlow:: CallCfgNode , HeaderDeclaration:: Range {
74- DataFlow:: Node headerInputNode ;
75-
76- FlaskMakeResponseExtendCall ( ) {
77- exists (
78- DataFlow:: CallCfgNode headerInstance , DataFlow:: AttrRead responseMethod ,
79- DataFlow:: AttrRead extendMethod
80- |
81- headerInstance = API:: moduleImport ( "flask" ) .getMember ( "make_response" ) .getACall ( ) and
82- responseMethod .getAttributeName ( ) = "headers" and
83- responseMethod .getObject ( ) .getALocalSource ( ) = headerInstance and
84- extendMethod .getAttributeName ( ) = "extend" and
85- extendMethod .getObject ( ) .getALocalSource ( ) = responseMethod and
86- this .getFunction ( ) = extendMethod and
87- headerInputNode = this .getArg ( 0 )
88- )
89- }
90-
91- override DataFlow:: Node getHeaderInputNode ( ) { result = headerInputNode }
92- }
93-
94- class FlaskResponseArg extends DataFlow:: CallCfgNode , HeaderDeclaration:: Range {
95- DataFlow:: Node headerInputNode ;
96-
97- FlaskResponseArg ( ) {
98- this = API:: moduleImport ( "flask" ) .getMember ( "Response" ) .getACall ( ) and
99- headerInputNode = this .getArgByName ( "headers" )
100- }
101-
102- override DataFlow:: Node getHeaderInputNode ( ) { result = headerInputNode }
103- }
104-
105- class DjangoResponseSetItemCall extends DataFlow:: CallCfgNode , HeaderDeclaration:: Range {
106- DjangoResponseSetItemCall ( ) {
107- exists ( DataFlow:: AttrRead setItemMethod |
108- this .getFunction ( ) = setItemMethod and
109- setItemMethod .getObject ( ) .getALocalSource ( ) =
110- API:: moduleImport ( "django" ) .getMember ( "http" ) .getMember ( "HttpResponse" ) .getACall ( ) and
111- setItemMethod .getAttributeName ( ) = "__setitem__"
112- )
113- }
114-
115- override DataFlow:: Node getHeaderInputNode ( ) { result = this .getArg ( 1 ) }
116- }
117- }
118-
119- private module Django {
120- class DjangoResponseAssignCall extends DataFlow:: Node , HeaderDeclaration:: Range {
121- DataFlow:: Node headerInputNode ;
122-
123- DjangoResponseAssignCall ( ) {
124- exists (
125- DataFlow:: CallCfgNode headerInstance , Subscript responseMethod ,
126- DataFlow:: Node responseToNode , AssignStmt sinkDeclaration
127- |
128- headerInstance =
129- API:: moduleImport ( "django" ) .getMember ( "http" ) .getMember ( "HttpResponse" ) .getACall ( ) and
130- responseMethod .getValue ( ) = responseToNode .asExpr ( ) and
131- responseToNode .getALocalSource ( ) .asExpr ( ) = headerInstance .asExpr ( ) and
132- sinkDeclaration .getATarget ( ) = responseMethod and
133- this .asExpr ( ) = sinkDeclaration .getATarget ( ) and
134- headerInputNode .asExpr ( ) = sinkDeclaration .getValue ( )
135- )
136- }
137-
138- override DataFlow:: Node getHeaderInputNode ( ) { result = headerInputNode }
139- }
140- }
141- }
0 commit comments