Python: Model redirects in twisted

Author: RasmusWL

python/ql/src/semmle/python/frameworks/Twisted.qll

@@ -226,4 +226,33 @@ private module Twisted {
 
     override string getMimetypeDefault() { result = "text/html" }
   }
+
+  /**
+   * A call to the `redirect` function on a twisted request.
+   *
+   * See https://twistedmatrix.com/documents/21.2.0/api/twisted.web.http.Request.html#redirect
+   */
+  class TwistedRequestRedirectCall extends HTTP::Server::HttpRedirectResponse::Range,
+    DataFlow::CallCfgNode {
+    TwistedRequestRedirectCall() {
+      // TODO: When we have tools that make it easy, model these properly to handle
+      // `meth = obj.meth; meth()`. Until then, we'll use this more syntactic approach
+      // (since it allows us to at least capture the most common cases).
+      exists(DataFlow::AttrRead read |
+        this.getFunction() = read and
+        read.getObject() = Request::instance() and
+        read.getAttributeName() = "redirect"
+      )
+    }
+
+    override DataFlow::Node getBody() { none() }
+
+    override DataFlow::Node getRedirectLocation() {
+      result.asCfgNode() in [node.getArg(0), node.getArgByName("url")]
+    }
+
+    override DataFlow::Node getMimetypeOrContentTypeArg() { none() }
+
+    override string getMimetypeDefault() { result = "text/html" }
+  }
 }

python/ql/test/library-tests/frameworks/twisted/response_test.py

@@ -38,7 +38,7 @@ def render(self, request: Request): # $ requestHandler
 
 class Redirect(Resource):
     def render_GET(self, request: Request): # $ requestHandler
-        request.redirect("/new-location") # $ MISSING: HttpRedirectResponse
+        request.redirect("/new-location") # $ HttpRedirectResponse redirectLocation="/new-location" HttpResponse mimetype=text/html
         # By default, this `hello` output is not returned... not even when
         # requested with curl.
         return b"hello" # $ SPURIOUS: HttpResponse mimetype=text/html responseBody=b"hello"