Skip to content

Commit ca7789d

Browse files
sylwia-budzynskasylwia-budzynska
committed
Fix QLdoc
1 parent bed0d56 commit ca7789d

File tree

1 file changed

+12
-5
lines changed

1 file changed

+12
-5
lines changed

python/ql/lib/semmle/python/frameworks/Gradio.qll

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,10 +8,13 @@ import semmle.python.dataflow.new.RemoteFlowSources
88
import semmle.python.dataflow.new.TaintTracking
99
import semmle.python.ApiGraphs
1010

11-
11+
/**
12+
* Provides models for the `gradio` PyPI package.
13+
* See https://pypi.org/project/gradio/.
14+
*/
1215
module Gradio {
1316
/**
14-
* Event handlers in Gradio, which are sources of untrusted data.
17+
* The event handlers in Gradio, which take untrusted data.
1518
*/
1619

1720
class GradioInput extends API::CallNode {
@@ -37,12 +40,16 @@ module Gradio {
3740

3841
}
3942

43+
/**
44+
* The high-level gradio.Interface and gradio.ChatInterface classes, which take untrusted data.
45+
*/
4046
class GradioInterface extends API::CallNode {
4147
GradioInterface() { this = API::moduleImport("gradio").getMember(["Interface", "ChatInterface"]).getACall() }
4248
}
4349

4450
/**
45-
* Track `inputs` parameters in Gradio event handlers, that are lists, back to source, f.ex. `gr.Textbox(...)`. Handle keyword and positional parameters.
51+
* The `inputs` parameters in Gradio event handlers, that are lists and are sources of untrusted data.
52+
* This model allows tracking each element list back to source, f.ex. `gr.Textbox(...)`.
4653
*/
4754
class GradioInputList extends RemoteFlowSource::Range {
4855
GradioInputList() {
@@ -67,7 +74,7 @@ module Gradio {
6774
}
6875

6976
/**
70-
* Track `inputs` parameters in Gradio event handlers, that are not lists. Handle keyword and positional parameters.
77+
* The `inputs` parameters in Gradio event handlers, that are not lists and are sources of untrusted data.
7178
*/
7279
class GradioInputParameter extends RemoteFlowSource::Range {
7380
GradioInputParameter() {
@@ -92,7 +99,7 @@ module Gradio {
9299
}
93100

94101
/**
95-
* Track `inputs` parameters in Gradio decorators to event handlers.
102+
* Track `inputs` parameters in Gradio decorators to event handlers, that are sources of untrusted data.
96103
*/
97104
class GradioInputDecorator extends RemoteFlowSource::Range {
98105
GradioInputDecorator() {

0 commit comments

Comments
 (0)