Skip to content

Commit b526421

Browse files
committed
Python: Autoformat TurboGears library
1 parent 9ef270f commit b526421

File tree

3 files changed

+7
-39
lines changed

3 files changed

+7
-39
lines changed
Lines changed: 1 addition & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,17 @@
11
import python
22
import semmle.python.security.strings.Untrusted
3-
43
import TurboGears
54

65
private class ValidatedMethodParameter extends Parameter {
7-
86
ValidatedMethodParameter() {
97
exists(string name, TurboGearsControllerMethod method |
108
method.getArgByName(name) = this and
119
method.getValidationDict().getItem(_).(KeyValuePair).getKey().(StrConst).getText() = name
1210
)
1311
}
14-
1512
}
1613

1714
class UnvalidatedControllerMethodParameter extends TaintSource {
18-
1915
UnvalidatedControllerMethodParameter() {
2016
exists(Parameter p |
2117
any(TurboGearsControllerMethod m | not m.getName() = "onerror").getAnArg() = p and
@@ -25,9 +21,5 @@ class UnvalidatedControllerMethodParameter extends TaintSource {
2521
)
2622
}
2723

28-
override predicate isSourceOf(TaintKind kind) {
29-
kind instanceof UntrustedStringKind
30-
}
31-
24+
override predicate isSourceOf(TaintKind kind) { kind instanceof UntrustedStringKind }
3225
}
33-
Lines changed: 2 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,38 +1,27 @@
11
import python
2-
32
import semmle.python.security.TaintTracking
43
import semmle.python.security.strings.Basic
54
import semmle.python.web.Http
65
import TurboGears
76

8-
9-
107
class ControllerMethodReturnValue extends HttpResponseTaintSink {
11-
128
ControllerMethodReturnValue() {
139
exists(TurboGearsControllerMethod m |
1410
m.getAReturnValueFlowNode() = this and
1511
not m.isTemplated()
1612
)
1713
}
1814

19-
override predicate sinks(TaintKind kind) {
20-
kind instanceof StringKind
21-
}
22-
15+
override predicate sinks(TaintKind kind) { kind instanceof StringKind }
2316
}
2417

2518
class ControllerMethodTemplatedReturnValue extends HttpResponseTaintSink {
26-
2719
ControllerMethodTemplatedReturnValue() {
2820
exists(TurboGearsControllerMethod m |
2921
m.getAReturnValueFlowNode() = this and
3022
m.isTemplated()
3123
)
3224
}
3325

34-
override predicate sinks(TaintKind kind) {
35-
kind instanceof StringDictKind
36-
}
37-
26+
override predicate sinks(TaintKind kind) { kind instanceof StringDictKind }
3827
}
Lines changed: 4 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,11 @@
11
import python
2-
32
import semmle.python.security.TaintTracking
43

5-
private ClassValue theTurboGearsControllerClass() {
6-
result = Value::named("tg.TGController")
7-
}
8-
9-
10-
ClassValue aTurboGearsControllerClass() {
11-
result.getABaseType+() = theTurboGearsControllerClass()
12-
}
4+
private ClassValue theTurboGearsControllerClass() { result = Value::named("tg.TGController") }
135

6+
ClassValue aTurboGearsControllerClass() { result.getABaseType+() = theTurboGearsControllerClass() }
147

158
class TurboGearsControllerMethod extends Function {
16-
179
ControlFlowNode decorator;
1810

1911
TurboGearsControllerMethod() {
@@ -27,13 +19,9 @@ class TurboGearsControllerMethod extends Function {
2719
)
2820
}
2921

30-
private ControlFlowNode templateName() {
31-
result = decorator.(CallNode).getArg(0)
32-
}
22+
private ControlFlowNode templateName() { result = decorator.(CallNode).getArg(0) }
3323

34-
predicate isTemplated() {
35-
exists(templateName())
36-
}
24+
predicate isTemplated() { exists(templateName()) }
3725

3826
Dict getValidationDict() {
3927
exists(Call call, Value dict |
@@ -42,5 +30,4 @@ class TurboGearsControllerMethod extends Function {
4230
call.getArg(0).pointsTo(dict, result)
4331
)
4432
}
45-
4633
}

0 commit comments

Comments
 (0)