Python: Model CookieWrite for tornado

RasmusWL · RasmusWL · commit 65c526df86c5 · 2021-06-24T17:34:43.000+02:00
diff --git a/python/ql/src/semmle/python/frameworks/Tornado.qll b/python/ql/src/semmle/python/frameworks/Tornado.qll
@@ -422,7 +422,7 @@ private module Tornado {
   /**
    * A call to the `tornado.web.RequestHandler.redirect` method.
    *
-   * See https://www.tornadoweb.org/en/stable/web.html?highlight=write#tornado.web.RequestHandler.redirect
+   * See https://www.tornadoweb.org/en/stable/web.html#tornado.web.RequestHandler.redirect
    */
   private class TornadoRequestHandlerRedirectCall extends HTTP::Server::HttpRedirectResponse::Range,
     DataFlow::CallCfgNode {
@@ -444,7 +444,7 @@ private module Tornado {
   /**
    * A call to the `tornado.web.RequestHandler.write` method.
    *
-   * See https://www.tornadoweb.org/en/stable/web.html?highlight=write#tornado.web.RequestHandler.write
+   * See https://www.tornadoweb.org/en/stable/web.html#tornado.web.RequestHandler.write
    */
   private class TornadoRequestHandlerWriteCall extends HTTP::Server::HttpResponse::Range,
     DataFlow::CallCfgNode {
@@ -458,4 +458,22 @@ private module Tornado {
 
     override DataFlow::Node getMimetypeOrContentTypeArg() { none() }
   }
+
+  /**
+   * A call to the `tornado.web.RequestHandler.set_cookie` method.
+   *
+   * See https://www.tornadoweb.org/en/stable/web.html#tornado.web.RequestHandler.set_cookie
+   */
+  class TornadoRequestHandlerSetCookieCall extends HTTP::Server::CookieWrite::Range,
+    DataFlow::MethodCallNode {
+    TornadoRequestHandlerSetCookieCall() {
+      this.calls(tornado::web::RequestHandler::instance(), "set_cookie")
+    }
+
+    override DataFlow::Node getHeaderArg() { none() }
+
+    override DataFlow::Node getNameArg() { result in [this.getArg(0), this.getArgByName("name")] }
+
+    override DataFlow::Node getValueArg() { result in [this.getArg(1), this.getArgByName("value")] }
+  }
 }
diff --git a/python/ql/test/library-tests/frameworks/tornado/response_test.py b/python/ql/test/library-tests/frameworks/tornado/response_test.py
@@ -65,8 +65,8 @@ def get(self, stream=False): # $ requestHandler routedParameter=stream
 class CookieWriting(tornado.web.RequestHandler):
     def get(self):  # $ requestHandler
         self.write("foo") # $ HttpResponse mimetype=text/html responseBody="foo"
-        self.set_cookie("key", "value") # $ MISSING: CookieWrite CookieName="key" CookieValue="value"
-        self.set_cookie(name="key", value="value") # $ MISSING: CookieWrite CookieName="key" CookieValue="value"
+        self.set_cookie("key", "value") # $ CookieWrite CookieName="key" CookieValue="value"
+        self.set_cookie(name="key", value="value") # $ CookieWrite CookieName="key" CookieValue="value"
         self.set_header("Set-Cookie", "key2=value2") # $ MISSING: CookieWrite CookieRawHeader="key2=value2"
 
 
