Skip to content

Commit 581e7f5

Browse files
KwstubbsKwstubbs
committed
Bottle
1 parent 326eb69 commit 581e7f5

2 files changed

Lines changed: 9 additions & 42 deletions

File tree

python/ql/lib/semmle/python/frameworks/Bottle.qll

Lines changed: 9 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/**
22
* Provides classes modeling security-relevant aspects of the `bottle` PyPI package.
3-
* See https://www.tornadoweb.org/en/stable/.
3+
* See https://bottlepy.org/docs/dev/.
44
*/
55

66
private import python
@@ -14,28 +14,24 @@ private import semmle.python.frameworks.internal.InstanceTaintStepsHelper
1414
* INTERNAL: Do not use.
1515
*
1616
* Provides models for the `bottle` PyPI package.
17-
* See https://www.tornadoweb.org/en/stable/.
17+
* See https://bottlepy.org/docs/dev/.
1818
*/
1919
module Bottle {
2020
module BottleModule {
2121
API::Node bottle() { result = API::moduleImport("bottle") }
2222

2323
module Response {
24-
API::Node response() {
25-
result = bottle().getMember("response")
26-
//or
27-
//result = ModelOutput::getATypeNode("tornado.web.RequestHandler~Subclass").getASubclass*()
28-
}
24+
API::Node response() { result = bottle().getMember("response") }
2925

3026
/**
31-
* A call to the `bottle.web.RequestHandler.set_header` method.
27+
* A call to the `bottle.web.RequestHandler.set_header` or `bottle.web.RequestHandler.add_header` method.
3228
*
33-
* See https://www.tornadoweb.org/en/stable/web.html#tornado.web.RequestHandler.set_header
29+
* See https://bottlepy.org/docs/dev/api.html#bottle.BaseResponse.set_header
3430
*/
35-
class BottleRequestHandlerSetHeaderCall extends Http::Server::ResponseHeaderWrite::Range,
31+
class BottleResponseHandlerSetHeaderCall extends Http::Server::ResponseHeaderWrite::Range,
3632
DataFlow::MethodCallNode
3733
{
38-
BottleRequestHandlerSetHeaderCall() {
34+
BottleResponseHandlerSetHeaderCall() {
3935
this = response().getMember(["set_header", "add_header"]).getACall()
4036
}
4137

@@ -58,15 +54,13 @@ module Bottle {
5854
private class Request extends RemoteFlowSource::Range {
5955
Request() { this = request().asSource() }
6056

61-
//or
62-
//result = ModelOutput::getATypeNode("tornado.web.RequestHandler~Subclass").getASubclass*()
6357
override string getSourceType() { result = "bottle.request" }
6458
}
6559

6660
/**
6761
* Taint propagation for `bottle.request`.
6862
*
69-
* See https://flask.palletsprojects.com/en/1.1.x/api/#flask.Request
63+
* See https://bottlepy.org/docs/dev/api.html#bottle.request
7064
*/
7165
private class InstanceTaintSteps extends InstanceTaintStepsHelper {
7266
InstanceTaintSteps() { this = "bottle.request" }
@@ -86,11 +80,7 @@ module Bottle {
8680
}
8781

8882
module Header {
89-
API::Node instance() {
90-
result = bottle().getMember("response").getMember("headers")
91-
//or
92-
//result = ModelOutput::getATypeNode("tornado.web.RequestHandler~Subclass").getASubclass*()
93-
}
83+
API::Node instance() { result = bottle().getMember("response").getMember("headers") }
9484

9585
/** A dict-like write to a response header. */
9686
class HeaderWriteSubscript extends Http::Server::ResponseHeaderWrite::Range, DataFlow::Node {
@@ -105,12 +95,10 @@ module Bottle {
10595
)
10696
}
10797

108-
//name = instance().getASubscript().getIndex().asSink()
10998
override DataFlow::Node getNameArg() { result = name.asSink() }
11099

111100
override DataFlow::Node getValueArg() { result = value.asSink() }
112101

113-
// TODO: These checks perhaps could be made more precise.
114102
override predicate nameAllowsNewline() { none() }
115103

116104
override predicate valueAllowsNewline() { none() }

python/ql/lib/semmle/python/frameworks/Tornado.qll

Lines changed: 0 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -605,25 +605,4 @@ module Tornado {
605605

606606
override DataFlow::Node getValueArg() { result in [this.getArg(1), this.getArgByName("value")] }
607607
}
608-
609-
/**
610-
* A call to the `tornado.web.RequestHandler.set_header` method.
611-
*
612-
* See https://www.tornadoweb.org/en/stable/web.html#tornado.web.RequestHandler.set_header
613-
*/
614-
class TornadoRequestHandlerSetHeaderCall extends Http::Server::ResponseHeaderWrite::Range,
615-
DataFlow::MethodCallNode
616-
{
617-
TornadoRequestHandlerSetHeaderCall() {
618-
this.calls(TornadoModule::Web::RequestHandler::instance(), "set_header")
619-
}
620-
621-
override DataFlow::Node getNameArg() { result in [this.getArg(0), this.getArgByName("name")] }
622-
623-
override DataFlow::Node getValueArg() { result in [this.getArg(1), this.getArgByName("value")] }
624-
625-
override predicate nameAllowsNewline() { none() }
626-
627-
override predicate valueAllowsNewline() { none() }
628-
}
629608
}

0 commit comments

Comments
 (0)