Skip to content

Commit 2cdbae0

Browse files
committed
Python: Don't make duplicate sink for Tornado handler
`self.write(...)` would be treated as *both* TornadoConnectionWrite and TornadoHttpRequestHandlerWrite
1 parent effa454 commit 2cdbae0

File tree

2 files changed

+3
-10
lines changed

2 files changed

+3
-10
lines changed

python/ql/src/semmle/python/web/tornado/Response.qll

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -24,11 +24,8 @@ class TornadoConnectionWrite extends HttpResponseTaintSink {
2424
TornadoConnectionWrite() {
2525
exists(CallNode call, ControlFlowNode conn |
2626
conn = call.getFunction().(AttrNode).getObject("write") and
27-
this = call.getAnArg()
28-
|
27+
this = call.getAnArg() and
2928
exists(TornadoConnection tc | tc.taints(conn))
30-
or
31-
isTornadoRequestHandlerInstance(conn)
3229
)
3330
}
3431

@@ -41,8 +38,8 @@ class TornadoHttpRequestHandlerWrite extends HttpResponseTaintSink {
4138
TornadoHttpRequestHandlerWrite() {
4239
exists(CallNode call, ControlFlowNode node |
4340
node = call.getFunction().(AttrNode).getObject("write") and
44-
isTornadoRequestHandlerInstance(node) and
45-
this = call.getAnArg()
41+
this = call.getAnArg() and
42+
isTornadoRequestHandlerInstance(node)
4643
)
4744
}
4845

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,4 @@
11
| test.py:6:20:6:43 | tornado.HttpRequesHandler.write | externally controlled string |
2-
| test.py:6:20:6:43 | tornado.connection.write | externally controlled string |
32
| test.py:12:20:12:23 | tornado.HttpRequesHandler.write | externally controlled string |
4-
| test.py:12:20:12:23 | tornado.connection.write | externally controlled string |
53
| test.py:20:23:20:25 | tornado.HttpRequesHandler.redirect | externally controlled string |
64
| test.py:26:20:26:48 | tornado.HttpRequesHandler.write | externally controlled string |
7-
| test.py:26:20:26:48 | tornado.connection.write | externally controlled string |
8-
FIXME

0 commit comments

Comments
 (0)