We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 6158dd6 commit b0c4986Copy full SHA for b0c4986
python/ql/src/experimental/semmle/python/security/injection/HTTPHeaders.qll
@@ -0,0 +1,15 @@
1
+import python
2
+import experimental.semmle.python.Concepts
3
+import semmle.python.dataflow.new.DataFlow
4
+import semmle.python.dataflow.new.TaintTracking
5
+import semmle.python.dataflow.new.RemoteFlowSources
6
+
7
+class HeaderInjectionFlowConfig extends TaintTracking::Configuration {
8
+ HeaderInjectionFlowConfig() { this = "HeaderInjectionFlowConfig" }
9
10
+ override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
11
12
+ override predicate isSink(DataFlow::Node sink) {
13
+ sink = any(HeaderDeclaration headerDeclaration).getHeaderInputNode()
14
+ }
15
+}
0 commit comments