You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This example is a bit more advanced, involving both a call-back function and a class constructor.
143
-
The Django web framework allows you to specify a function that determines the path where uploaded files are stored (see https://docs.djangoproject.com/en/5.0/ref/models/fields/#django.db.models.FileField.upload_to).
142
+
This example is a bit more advanced, involving both a callback function and a class constructor.
143
+
The Django web framework allows you to specify a function that determines the path where uploaded files are stored (see the `Django documentation <https://docs.djangoproject.com/en/5.0/ref/models/fields/#django.db.models.FileField.upload_to>`_).
144
144
This function is passed as an argument to the **FileField** constructor.
145
145
The function is called with two arguments: the instance of the model and the filename of the uploaded file.
146
-
This filename is what we want to marks as a taint source. An example use looks as follows:
146
+
This filename is what we want to mark as a taint source. An example use looks as follows:
147
147
148
148
.. code-block:: python
149
149
@@ -178,7 +178,7 @@ Note that this source is already known by the CodeQL Python analysis, but for th
178
178
179
179
- The second column is an access path that is evaluated from left to right, starting at the values that were identified by the first column.
180
180
181
-
- **Call** selects calls to the class, that is constructor calls.
181
+
- **Call** selects calls to the class. That is, constructor calls.
182
182
- **Argument[upload_to:]** selects the named argument named **upload_to**. Note that the colon at the end of the argument name indicates that we are looking for a named argument.
183
183
- **Parameter[1,filename:]** selects parameters of the callback function. We provide two parameters to search for, namely the second positional parameter and the named parameter **filename**.
184
184
@@ -276,7 +276,7 @@ We might also provide a summary stating that the elements of the input list are
276
276
"value",
277
277
]
278
278
279
-
The tracking of list elements is imprecise in that the analysis does not know, where in the list the tracked value is found.
279
+
The tracking of list elements is imprecise in that the analysis does not know where in the list the tracked value is found.
280
280
So this summary simply states that if the value is found somewhere in the input list, it will also be found somewhere in the output list, unchanged.
281
281
282
282
Reference material
@@ -406,7 +406,7 @@ The following components are supported:
406
406
- **ReturnValue** selects the return value of a function or call.
407
407
- **Member[**\ `name`\ **]** selects the function/method/class/value with the given name.
408
408
- **Instance** selects instances of a class, including instances of its subclasses.
409
-
- **Attribut[**\ `name`\ **]** selects the attribute with the given name.
409
+
- **Attribute[**\ `name`\ **]** selects the attribute with the given name.
410
410
- **ListElement** selects an element of a list.
411
411
- **SetElement** selects an element of a set.
412
412
- **TupleElement[**\ `number`\ **]** selects the subscript at the given index.
@@ -439,7 +439,7 @@ Unlike sources, sinks tend to be highly query-specific, rarely affecting more th
439
439
- **html-injection**: A sink that can be used for HTML injection, such as a server response body.
440
440
- **js-injection**: A sink that can be used for JS injection, such as a server response body.
441
441
- **url-redirection**: A sink that can be used to redirect the user to a malicious URL.
442
-
- **unsafe-deserialization**: A deserialization sink that can lead to code execution or other unsafe behaviour, such as an unsafe YAML parser.
442
+
- **unsafe-deserialization**: A deserialization sink that can lead to code execution or other unsafe behavior, such as an unsafe YAML parser.
443
443
- **log-injection**: A sink that can be used for log injection, such as in a **logging.info** call.
0 commit comments