Skip to content

Commit af7626a

Browse files
tausbntausbn
committed
Python: Fixup CWE-079 tests
1 parent 57b5109 commit af7626a

File tree

5 files changed

+13
-36
lines changed

5 files changed

+13
-36
lines changed

python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-079/ReflectedXss.expected

Lines changed: 0 additions & 7 deletions
This file was deleted.

python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-079/ReflectedXss.qlref

Lines changed: 0 additions & 1 deletion
This file was deleted.

python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-079/reflected_xss.py

Lines changed: 0 additions & 15 deletions
This file was deleted.

python/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,7 @@
11
edges
2-
| reflected_xss.py:7:18:7:29 | dict of externally controlled string | reflected_xss.py:7:18:7:45 | externally controlled string |
3-
| reflected_xss.py:7:18:7:29 | dict of externally controlled string | reflected_xss.py:7:18:7:45 | externally controlled string |
4-
| reflected_xss.py:7:18:7:45 | externally controlled string | reflected_xss.py:8:44:8:53 | externally controlled string |
5-
| reflected_xss.py:7:18:7:45 | externally controlled string | reflected_xss.py:8:44:8:53 | externally controlled string |
6-
| reflected_xss.py:8:44:8:53 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
7-
| reflected_xss.py:8:44:8:53 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
2+
| reflected_xss.py:8:18:8:29 | ControlFlowNode for Attribute | reflected_xss.py:9:26:9:53 | ControlFlowNode for BinaryExpr |
3+
nodes
4+
| reflected_xss.py:8:18:8:29 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
5+
| reflected_xss.py:9:26:9:53 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
86
#select
9-
| reflected_xss.py:8:26:8:53 | BinaryExpr | reflected_xss.py:7:18:7:29 | dict of externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string | Cross-site scripting vulnerability due to $@. | reflected_xss.py:7:18:7:29 | Attribute | a user-provided value |
7+
| reflected_xss.py:9:26:9:53 | ControlFlowNode for BinaryExpr | reflected_xss.py:8:18:8:29 | ControlFlowNode for Attribute | reflected_xss.py:9:26:9:53 | ControlFlowNode for BinaryExpr | Cross-site scripting vulnerability due to $@. | reflected_xss.py:8:18:8:29 | ControlFlowNode for Attribute | a user-provided value |

python/ql/test/query-tests/Security/CWE-079/reflected_xss.py

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,14 @@
22

33
app = Flask(__name__)
44

5-
@app.route('/unsafe')
5+
6+
@app.route("/unsafe")
67
def unsafe():
7-
first_name = request.args.get('name', '')
8-
return make_response("Your name is " + first_name)
8+
first_name = request.args.get("name", "")
9+
return make_response("Your name is " + first_name) # NOT OK
10+
911

10-
@app.route('/safe')
12+
@app.route("/safe")
1113
def safe():
12-
first_name = request.args.get('name', '')
13-
return make_response("Your name is " + escape(first_name))
14+
first_name = request.args.get("name", "")
15+
return make_response("Your name is " + escape(first_name)) # OK

0 commit comments

Comments
 (0)