File tree Expand file tree Collapse file tree 1 file changed +10
-3
lines changed
python/ql/src/semmle/python/frameworks Expand file tree Collapse file tree 1 file changed +10
-3
lines changed Original file line number Diff line number Diff line change @@ -2024,8 +2024,15 @@ private module Django {
2024
2024
result = djangoRouteHandlerFunctionTracker ( DataFlow:: TypeTracker:: end ( ) , func )
2025
2025
}
2026
2026
2027
- /** A class that might be a django View class. */
2028
- class PossibleDjangoViewClass extends Class {
2027
+ /**
2028
+ * In order to recognize a class as being a django view class, based on the `as_view`
2029
+ * call, we need to be able to track such calls on _any_ class. This is provided by
2030
+ * the member predicates of this QL class.
2031
+ *
2032
+ * As such, a Python class being part of `DjangoViewClassHelper` doesn't signify that
2033
+ * we model it as a django view class.
2034
+ */
2035
+ class DjangoViewClassHelper extends Class {
2029
2036
/** Gets a reference to this class. */
2030
2037
private DataFlow:: Node getARef ( DataFlow:: TypeTracker t ) {
2031
2038
t .start ( ) and
@@ -2061,7 +2068,7 @@ private module Django {
2061
2068
}
2062
2069
2063
2070
/** A class that we consider a django View class. */
2064
- abstract class DjangoViewClass extends PossibleDjangoViewClass {
2071
+ abstract class DjangoViewClass extends DjangoViewClassHelper {
2065
2072
/** Gets a function that could handle incoming requests, if any. */
2066
2073
Function getARequestHandler ( ) {
2067
2074
// TODO: This doesn't handle attribute assignment. Should be OK, but analysis is not as complete as with
You can’t perform that action at this time.
0 commit comments