Skip to content

Commit effa454

Browse files
RasmusWLRasmusWL
committed
Python: Add toString to TurboGears HttpResponseTaintSinks
Naming these were a bit hard, but better than generic "Taint Sink"
1 parent 6b87458 commit effa454

File tree

4 files changed

+9
-19
lines changed

4 files changed

+9
-19
lines changed

python/ql/src/semmle/python/web/turbogears/Response.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@ import semmle.python.web.Http
55
import TurboGears
66

77
class ControllerMethodReturnValue extends HttpResponseTaintSink {
8+
override string toString() { result = "TurboGears ControllerMethodReturnValue" }
9+
810
ControllerMethodReturnValue() {
911
exists(TurboGearsControllerMethod m |
1012
m.getAReturnValueFlowNode() = this and
@@ -16,6 +18,8 @@ class ControllerMethodReturnValue extends HttpResponseTaintSink {
1618
}
1719

1820
class ControllerMethodTemplatedReturnValue extends HttpResponseTaintSink {
21+
override string toString() { result = "TurboGears ControllerMethodTemplatedReturnValue" }
22+
1923
ControllerMethodTemplatedReturnValue() {
2024
exists(TurboGearsControllerMethod m |
2125
m.getAReturnValueFlowNode() = this and

python/ql/test/library-tests/web/turbogears/HttpSinks.expected

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
1-
| test.py:8:16:8:69 | Taint sink | externally controlled string |
2-
| test.py:14:16:14:50 | Taint sink | externally controlled string |
3-
| test.py:19:16:19:50 | Taint sink | externally controlled string |
4-
| test.py:23:16:23:50 | Taint sink | externally controlled string |
5-
| test.py:27:16:27:38 | Taint sink | {externally controlled string} |
6-
FIXME
1+
| test.py:8:16:8:69 | TurboGears ControllerMethodReturnValue | externally controlled string |
2+
| test.py:14:16:14:50 | TurboGears ControllerMethodReturnValue | externally controlled string |
3+
| test.py:19:16:19:50 | TurboGears ControllerMethodReturnValue | externally controlled string |
4+
| test.py:23:16:23:50 | TurboGears ControllerMethodReturnValue | externally controlled string |
5+
| test.py:27:16:27:38 | TurboGears ControllerMethodTemplatedReturnValue | {externally controlled string} |

python/ql/test/library-tests/web/turbogears/Sinks.expected

Lines changed: 0 additions & 5 deletions
This file was deleted.

python/ql/test/library-tests/web/turbogears/Sinks.ql

Lines changed: 0 additions & 8 deletions
This file was deleted.

0 commit comments

Comments
 (0)