Apply suggestions from code review

porcupineyhairs · RasmusWL · web-flow · commit 8e85dc755a52 · 2020-07-23T19:37:40.000+05:30
Co-authored-by: Rasmus Wriedt Larsen &lt;rasmuswriedtlarsen@gmail.com&gt;
diff --git a/python/ql/src/experimental/semmle/python/templates/Cheetah.qll b/python/ql/src/experimental/semmle/python/templates/Cheetah.qll
@@ -17,7 +17,7 @@ ClassValue theCheetahTemplateClass() { result = Value::named("Cheetah.Template.T
  *    contents = 'Hello World!'
  *  t3 = Template3("sink")
  *
- * This should also detect cases of the following type :
+ * This will also detect cases of the following type :
  *
  *  from Cheetah.Template import Template
  *  t3 = Template("sink")
diff --git a/python/ql/src/experimental/semmle/python/templates/Jinja.qll b/python/ql/src/experimental/semmle/python/templates/Jinja.qll
@@ -17,7 +17,7 @@ Value theJinja2FromStringValue() { result = Value::named("jinja2.from_string") }
  *  template = Template(`sink`)
  */
 class Jinja2TemplateSink extends SSTISink {
-  override string toString() { result = "argument to Jinja2.template()" }
+  override string toString() { result = "argument to jinja2.Template()" }
 
   Jinja2TemplateSink() {
     exists(CallNode call |
@@ -30,13 +30,13 @@ class Jinja2TemplateSink extends SSTISink {
 }
 
 /**
- * Sink representing the `jinja2.Template` class instantiation argument.
+ * Sink representing the `jinja2.from_string` function call argument.
  *
- *  from jinja2 import Template
- *  template = Template(`sink`)
+ *  from jinja2 import from_string
+ *  template = from_string(`sink`)
  */
 class Jinja2FromStringSink extends SSTISink {
-  override string toString() { result = "argument to Jinja2.from_string()" }
+  override string toString() { result = "argument to jinja2.from_string()" }
 
   Jinja2FromStringSink() {
     exists(CallNode call |
diff --git a/python/ql/src/experimental/semmle/python/templates/SSTISink.qll b/python/ql/src/experimental/semmle/python/templates/SSTISink.qll
@@ -2,6 +2,6 @@ import semmle.python.dataflow.TaintTracking
 
 /**
  * A generic taint sink that is vulnerable to template inclusions.
- * The `temp` in `Jinja2.Template(temp)` and similar.
+ * The `temp` in `jinja2.Template(temp)` and similar.
  */
 abstract class SSTISink extends TaintSink { }
diff --git a/python/ql/src/semmle/python/templates/Templates.qll b/python/ql/src/semmle/python/templates/Templates.qll
@@ -1,5 +1,4 @@
 import python
-import semmle.python.dataflow.TaintTracking
 
 abstract class Template extends Module { }
 
diff --git a/python/ql/test/experimental/CWE-074/AirspeedSsti.py b/python/ql/test/experimental/CWE-074/AirspeedSsti.py
@@ -5,9 +5,6 @@
 app = Flask(__name__)
 
 
-@app.route("/")
-
-
 @route('/other')
 def a():
     template = request.args.get('template')
diff --git a/python/ql/test/experimental/CWE-074/FlaskTemplate.py b/python/ql/test/experimental/CWE-074/FlaskTemplate.py
@@ -12,7 +12,7 @@ def home():
 
 
 @app.route("/a")
-def home(): 
+def a(): 
     import flask   
     return flask.render_template_string(request.args.get('template'))
     
diff --git a/python/ql/test/experimental/CWE-074/JinjaSsti.py b/python/ql/test/experimental/CWE-074/JinjaSsti.py
@@ -4,7 +4,7 @@
 from jinja2 import Environment, DictLoader, escape
 
 
-def j(request):
+def a(request):
     # Load the template
     template = request.GET['template']
     t = Jinja2_Template(template)
@@ -13,7 +13,7 @@ def j(request):
     html = t.render(name=escape(name))
     return HttpResponse(html)
 
-def j2(request):
+def b(request):
     import jinja2
     # Load the template
     template = request.GET['template']
@@ -25,6 +25,6 @@ def j2(request):
 
 
 urlpatterns = [
-    path('', jinja),
-    path('', jinja2)
+    path('a', a),
+    path('b', b)
 ]
diff --git a/python/ql/test/experimental/CWE-074/TRender.py b/python/ql/test/experimental/CWE-074/TRender.py
@@ -2,12 +2,11 @@
 from django.http import HttpResponse
 from trender import TRender
 
-urlpatterns = [
-    path('', trender)
-]
-
-
 def trender(request):
     template = request.GET['template']
     compiled = TRender(template)
     return HttpResponse(compiled)
+    
+urlpatterns = [
+    path('', trender)
+]

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ ClassValue theCheetahTemplateClass() { result = Value::named("Cheetah.Template.T`
`17`	`17`	`* contents = 'Hello World!'`
`18`	`18`	`* t3 = Template3("sink")`
`19`	`19`	`*`
`20`		`- * This should also detect cases of the following type :`
	`20`	`+ * This will also detect cases of the following type :`
`21`	`21`	`*`
`22`	`22`	`* from Cheetah.Template import Template`
`23`	`23`	`* t3 = Template("sink")`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,4 @@`
`1`	`1`	`import python`
`2`		`-import semmle.python.dataflow.TaintTracking`
`3`	`2`
`4`	`3`	`abstract class Template extends Module { }`
`5`	`4`