Skip to content

Commit b644891

Browse files
committed
Python: Fix up some typos for bottle and add a few more tests.
1 parent aab0a24 commit b644891

File tree

7 files changed

+17
-6
lines changed

7 files changed

+17
-6
lines changed

python/ql/src/semmle/python/web/bottle/General.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,12 @@ import python
22
import semmle.python.web.Http
33
import semmle.python.types.Extensions
44

5-
/** The flask module */
5+
/** The bottle module */
66
ModuleObject theBottleModule() {
77
result = ModuleObject::named("bottle")
88
}
99

10-
/** The flask app class */
10+
/** The bottle.Bottle class */
1111
ClassObject theBottleClass() {
1212
result = ModuleObject::named("bottle").getAttribute("Bottle")
1313
}

python/ql/src/semmle/python/web/bottle/Response.qll

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ import semmle.python.web.Http
66
import semmle.python.web.bottle.General
77

88

9-
/** A django.http.response.Response object
9+
/** A bottle.Response object
1010
* This isn't really a "taint", but we use the value tracking machinery to
1111
* track the flow of response objects.
1212
*/
@@ -19,7 +19,7 @@ class BottleResponse extends TaintKind {
1919
}
2020

2121
private Object theBottleResponseObject() {
22-
result = theBottleModule().getAttribute("request")
22+
result = theBottleModule().getAttribute("response")
2323
}
2424

2525
class BottleResponseBodyAssignment extends TaintSink {
@@ -32,7 +32,7 @@ class BottleResponseBodyAssignment extends TaintSink {
3232
}
3333

3434
override predicate sinks(TaintKind kind) {
35-
kind instanceof StringKind
35+
kind instanceof UntrustedStringKind
3636
}
3737

3838
}

python/ql/test/library-tests/web/bottle/Routing.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,3 +4,4 @@
44
| /other | test.py:17:1:17:12 | Function other |
55
| /wrong/<where> | test.py:27:1:27:31 | Function unsafe |
66
| /wrong/url | test.py:23:1:23:11 | Function safe |
7+
| /xss | test.py:35:1:35:16 | Function maybe_xss |
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
11
| test.py:9 | BinaryExpr | externally controlled string |
22
| test.py:13 | BinaryExpr | externally controlled string |
33
| test.py:19 | BinaryExpr | externally controlled string |
4+
| test.py:36 | BinaryExpr | externally controlled string |

python/ql/test/library-tests/web/bottle/Sources.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,4 @@
77
| test.py:18 | request | bottle.request |
88
| test.py:27 | where | externally controlled string |
99
| test.py:32 | request | bottle.request |
10+
| test.py:36 | request | bottle.request |

python/ql/test/library-tests/web/bottle/Taint.expected

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,3 +19,7 @@
1919
| test.py:32 | Attribute | bottle.FormsDict |
2020
| test.py:32 | Attribute | externally controlled string |
2121
| test.py:32 | request | bottle.request |
22+
| test.py:36 | Attribute | bottle.FormsDict |
23+
| test.py:36 | Attribute | externally controlled string |
24+
| test.py:36 | BinaryExpr | externally controlled string |
25+
| test.py:36 | request | bottle.request |

python/ql/test/library-tests/web/bottle/test.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11

22

3-
from bottle import Bottle, route, request, redirect
3+
from bottle import Bottle, route, request, redirect, response
44

55
app = Bottle()
66

@@ -30,3 +30,7 @@ def unsafe(where="/right/url"):
3030
@route('/args')
3131
def unsafe2():
3232
redirect(request.query.where, code)
33+
34+
@route('/xss')
35+
def maybe_xss():
36+
response.body = "name is " + request.query.name

0 commit comments

Comments
 (0)