Python: Add taint test for self.request on django view class

RasmusWL · RasmusWL · commit 9ca738d921d2 · 2021-02-10T17:48:41.000+01:00
diff --git a/python/ql/test/experimental/library-tests/frameworks/django-v2-v3/TestTaint.expected b/python/ql/test/experimental/library-tests/frameworks/django-v2-v3/TestTaint.expected
@@ -1,82 +1,88 @@
-| taint_test.py:7 | ok   | test_taint | bar |
-| taint_test.py:7 | ok   | test_taint | foo |
-| taint_test.py:8 | ok   | test_taint | baz |
-| taint_test.py:14 | ok   | test_taint | request |
-| taint_test.py:16 | ok   | test_taint | request.body |
-| taint_test.py:17 | ok   | test_taint | request.path |
-| taint_test.py:18 | ok   | test_taint | request.path_info |
-| taint_test.py:22 | ok   | test_taint | request.method |
-| taint_test.py:24 | ok   | test_taint | request.encoding |
-| taint_test.py:25 | ok   | test_taint | request.content_type |
-| taint_test.py:28 | ok   | test_taint | request.content_params |
-| taint_test.py:29 | ok   | test_taint | request.content_params["key"] |
-| taint_test.py:30 | ok   | test_taint | request.content_params.get(..) |
-| taint_test.py:34 | ok   | test_taint | request.GET |
-| taint_test.py:35 | ok   | test_taint | request.GET["key"] |
-| taint_test.py:36 | ok   | test_taint | request.GET.get(..) |
-| taint_test.py:37 | fail | test_taint | request.GET.getlist(..) |
-| taint_test.py:38 | fail | test_taint | request.GET.getlist(..)[0] |
-| taint_test.py:39 | ok   | test_taint | request.GET.pop(..) |
-| taint_test.py:40 | ok   | test_taint | request.GET.pop(..)[0] |
-| taint_test.py:41 | ok   | test_taint | request.GET.popitem()[0] |
-| taint_test.py:42 | ok   | test_taint | request.GET.popitem()[1] |
-| taint_test.py:43 | ok   | test_taint | request.GET.popitem()[1][0] |
-| taint_test.py:44 | fail | test_taint | request.GET.dict() |
-| taint_test.py:45 | fail | test_taint | request.GET.dict()["key"] |
-| taint_test.py:46 | fail | test_taint | request.GET.urlencode() |
-| taint_test.py:49 | ok   | test_taint | request.POST |
-| taint_test.py:52 | ok   | test_taint | request.COOKIES |
-| taint_test.py:53 | ok   | test_taint | request.COOKIES["key"] |
-| taint_test.py:54 | ok   | test_taint | request.COOKIES.get(..) |
-| taint_test.py:57 | ok   | test_taint | request.FILES |
-| taint_test.py:58 | ok   | test_taint | request.FILES["key"] |
-| taint_test.py:59 | fail | test_taint | request.FILES["key"].content_type |
-| taint_test.py:60 | fail | test_taint | request.FILES["key"].content_type_extra |
-| taint_test.py:61 | fail | test_taint | request.FILES["key"].content_type_extra["key"] |
-| taint_test.py:62 | fail | test_taint | request.FILES["key"].charset |
-| taint_test.py:63 | fail | test_taint | request.FILES["key"].name |
-| taint_test.py:64 | fail | test_taint | request.FILES["key"].file |
-| taint_test.py:65 | fail | test_taint | request.FILES["key"].file.read() |
-| taint_test.py:67 | ok   | test_taint | request.FILES.get(..) |
-| taint_test.py:68 | fail | test_taint | request.FILES.get(..).name |
-| taint_test.py:69 | fail | test_taint | request.FILES.getlist(..) |
-| taint_test.py:70 | fail | test_taint | request.FILES.getlist(..)[0] |
-| taint_test.py:71 | fail | test_taint | request.FILES.getlist(..)[0].name |
-| taint_test.py:72 | fail | test_taint | request.FILES.dict() |
-| taint_test.py:73 | fail | test_taint | request.FILES.dict()["key"] |
-| taint_test.py:74 | fail | test_taint | request.FILES.dict()["key"].name |
-| taint_test.py:77 | ok   | test_taint | request.META |
-| taint_test.py:78 | ok   | test_taint | request.META["HTTP_USER_AGENT"] |
-| taint_test.py:79 | ok   | test_taint | request.META.get(..) |
-| taint_test.py:82 | ok   | test_taint | request.headers |
-| taint_test.py:83 | ok   | test_taint | request.headers["user-agent"] |
-| taint_test.py:84 | ok   | test_taint | request.headers["USER_AGENT"] |
-| taint_test.py:87 | ok   | test_taint | request.resolver_match |
-| taint_test.py:88 | fail | test_taint | request.resolver_match.args |
-| taint_test.py:89 | fail | test_taint | request.resolver_match.args[0] |
-| taint_test.py:90 | fail | test_taint | request.resolver_match.kwargs |
-| taint_test.py:91 | fail | test_taint | request.resolver_match.kwargs["key"] |
-| taint_test.py:93 | fail | test_taint | request.get_full_path() |
-| taint_test.py:94 | fail | test_taint | request.get_full_path_info() |
-| taint_test.py:98 | fail | test_taint | request.read() |
-| taint_test.py:99 | fail | test_taint | request.readline() |
-| taint_test.py:100 | fail | test_taint | request.readlines() |
-| taint_test.py:101 | fail | test_taint | request.readlines()[0] |
-| taint_test.py:102 | fail | test_taint | ListComp |
-| taint_test.py:108 | ok   | test_taint | args |
-| taint_test.py:109 | ok   | test_taint | args[0] |
-| taint_test.py:110 | ok   | test_taint | kwargs |
-| taint_test.py:111 | ok   | test_taint | kwargs["key"] |
-| taint_test.py:115 | ok   | test_taint | request.current_app |
-| taint_test.py:120 | ok   | test_taint | request.get_host() |
-| taint_test.py:121 | ok   | test_taint | request.get_port() |
-| taint_test.py:128 | fail | test_taint | request.build_absolute_uri() |
-| taint_test.py:129 | fail | test_taint | request.build_absolute_uri(..) |
+| taint_test.py:8 | ok   | test_taint | bar |
+| taint_test.py:8 | ok   | test_taint | foo |
+| taint_test.py:9 | ok   | test_taint | baz |
+| taint_test.py:15 | ok   | test_taint | request |
+| taint_test.py:17 | ok   | test_taint | request.body |
+| taint_test.py:18 | ok   | test_taint | request.path |
+| taint_test.py:19 | ok   | test_taint | request.path_info |
+| taint_test.py:23 | ok   | test_taint | request.method |
+| taint_test.py:25 | ok   | test_taint | request.encoding |
+| taint_test.py:26 | ok   | test_taint | request.content_type |
+| taint_test.py:29 | ok   | test_taint | request.content_params |
+| taint_test.py:30 | ok   | test_taint | request.content_params["key"] |
+| taint_test.py:31 | ok   | test_taint | request.content_params.get(..) |
+| taint_test.py:35 | ok   | test_taint | request.GET |
+| taint_test.py:36 | ok   | test_taint | request.GET["key"] |
+| taint_test.py:37 | ok   | test_taint | request.GET.get(..) |
+| taint_test.py:38 | fail | test_taint | request.GET.getlist(..) |
+| taint_test.py:39 | fail | test_taint | request.GET.getlist(..)[0] |
+| taint_test.py:40 | ok   | test_taint | request.GET.pop(..) |
+| taint_test.py:41 | ok   | test_taint | request.GET.pop(..)[0] |
+| taint_test.py:42 | ok   | test_taint | request.GET.popitem()[0] |
+| taint_test.py:43 | ok   | test_taint | request.GET.popitem()[1] |
+| taint_test.py:44 | ok   | test_taint | request.GET.popitem()[1][0] |
+| taint_test.py:45 | fail | test_taint | request.GET.dict() |
+| taint_test.py:46 | fail | test_taint | request.GET.dict()["key"] |
+| taint_test.py:47 | fail | test_taint | request.GET.urlencode() |
+| taint_test.py:50 | ok   | test_taint | request.POST |
+| taint_test.py:53 | ok   | test_taint | request.COOKIES |
+| taint_test.py:54 | ok   | test_taint | request.COOKIES["key"] |
+| taint_test.py:55 | ok   | test_taint | request.COOKIES.get(..) |
+| taint_test.py:58 | ok   | test_taint | request.FILES |
+| taint_test.py:59 | ok   | test_taint | request.FILES["key"] |
+| taint_test.py:60 | fail | test_taint | request.FILES["key"].content_type |
+| taint_test.py:61 | fail | test_taint | request.FILES["key"].content_type_extra |
+| taint_test.py:62 | fail | test_taint | request.FILES["key"].content_type_extra["key"] |
+| taint_test.py:63 | fail | test_taint | request.FILES["key"].charset |
+| taint_test.py:64 | fail | test_taint | request.FILES["key"].name |
+| taint_test.py:65 | fail | test_taint | request.FILES["key"].file |
+| taint_test.py:66 | fail | test_taint | request.FILES["key"].file.read() |
+| taint_test.py:68 | ok   | test_taint | request.FILES.get(..) |
+| taint_test.py:69 | fail | test_taint | request.FILES.get(..).name |
+| taint_test.py:70 | fail | test_taint | request.FILES.getlist(..) |
+| taint_test.py:71 | fail | test_taint | request.FILES.getlist(..)[0] |
+| taint_test.py:72 | fail | test_taint | request.FILES.getlist(..)[0].name |
+| taint_test.py:73 | fail | test_taint | request.FILES.dict() |
+| taint_test.py:74 | fail | test_taint | request.FILES.dict()["key"] |
+| taint_test.py:75 | fail | test_taint | request.FILES.dict()["key"].name |
+| taint_test.py:78 | ok   | test_taint | request.META |
+| taint_test.py:79 | ok   | test_taint | request.META["HTTP_USER_AGENT"] |
+| taint_test.py:80 | ok   | test_taint | request.META.get(..) |
+| taint_test.py:83 | ok   | test_taint | request.headers |
+| taint_test.py:84 | ok   | test_taint | request.headers["user-agent"] |
+| taint_test.py:85 | ok   | test_taint | request.headers["USER_AGENT"] |
+| taint_test.py:88 | ok   | test_taint | request.resolver_match |
+| taint_test.py:89 | fail | test_taint | request.resolver_match.args |
+| taint_test.py:90 | fail | test_taint | request.resolver_match.args[0] |
+| taint_test.py:91 | fail | test_taint | request.resolver_match.kwargs |
+| taint_test.py:92 | fail | test_taint | request.resolver_match.kwargs["key"] |
+| taint_test.py:94 | fail | test_taint | request.get_full_path() |
+| taint_test.py:95 | fail | test_taint | request.get_full_path_info() |
+| taint_test.py:99 | fail | test_taint | request.read() |
+| taint_test.py:100 | fail | test_taint | request.readline() |
+| taint_test.py:101 | fail | test_taint | request.readlines() |
+| taint_test.py:102 | fail | test_taint | request.readlines()[0] |
+| taint_test.py:103 | fail | test_taint | ListComp |
+| taint_test.py:109 | ok   | test_taint | args |
+| taint_test.py:110 | ok   | test_taint | args[0] |
+| taint_test.py:111 | ok   | test_taint | kwargs |
+| taint_test.py:112 | ok   | test_taint | kwargs["key"] |
+| taint_test.py:116 | ok   | test_taint | request.current_app |
+| taint_test.py:121 | ok   | test_taint | request.get_host() |
+| taint_test.py:122 | ok   | test_taint | request.get_port() |
+| taint_test.py:129 | fail | test_taint | request.build_absolute_uri() |
 | taint_test.py:130 | fail | test_taint | request.build_absolute_uri(..) |
-| taint_test.py:133 | ok   | test_taint | request.build_absolute_uri(..) |
+| taint_test.py:131 | fail | test_taint | request.build_absolute_uri(..) |
 | taint_test.py:134 | ok   | test_taint | request.build_absolute_uri(..) |
-| taint_test.py:142 | ok   | test_taint | request.get_signed_cookie(..) |
+| taint_test.py:135 | ok   | test_taint | request.build_absolute_uri(..) |
 | taint_test.py:143 | ok   | test_taint | request.get_signed_cookie(..) |
 | taint_test.py:144 | ok   | test_taint | request.get_signed_cookie(..) |
-| taint_test.py:148 | fail | test_taint | request.get_signed_cookie(..) |
+| taint_test.py:145 | ok   | test_taint | request.get_signed_cookie(..) |
 | taint_test.py:149 | fail | test_taint | request.get_signed_cookie(..) |
+| taint_test.py:150 | fail | test_taint | request.get_signed_cookie(..) |
+| taint_test.py:157 | fail | some_method | self.request |
+| taint_test.py:158 | fail | some_method | self.request.GET["key"] |
+| taint_test.py:160 | fail | some_method | self.args |
+| taint_test.py:161 | fail | some_method | self.args[0] |
+| taint_test.py:163 | fail | some_method | self.kwargs |
+| taint_test.py:164 | fail | some_method | self.kwargs["key"] |
diff --git a/python/ql/test/experimental/library-tests/frameworks/django-v2-v3/taint_test.py b/python/ql/test/experimental/library-tests/frameworks/django-v2-v3/taint_test.py
@@ -1,6 +1,7 @@
 """testing views for Django 2.x and 3.x"""
 from django.urls import path
 from django.http import HttpRequest
+from django.views import View
 
 
 def test_taint(request: HttpRequest, foo, bar, baz=None):  # $requestHandler routedParameter=foo routedParameter=bar
@@ -150,7 +151,22 @@ def test_taint(request: HttpRequest, foo, bar, baz=None):  # $requestHandler rou
     )
 
 
+class ClassView(View):
+    def some_method(self):
+        ensure_tainted(
+            self.request,
+            self.request.GET["key"],
+
+            self.args,
+            self.args[0],
+
+            self.kwargs,
+            self.kwargs["key"],
+        )
+
+
 # fake setup, you can't actually run this
 urlpatterns = [
-    path("test-taint/<foo>/<bar>", test_taint),  # $routeSetup="test-taint/<foo>/<bar>"
+    path("test-taint/<foo>/<bar>", test_taint),  # $ routeSetup="test-taint/<foo>/<bar>"
+    path("ClassView/", ClassView.as_view()), # $ routeSetup="ClassView/"
 ]
diff --git a/python/ql/test/experimental/library-tests/frameworks/django-v2-v3/testapp/views.py b/python/ql/test/experimental/library-tests/frameworks/django-v2-v3/testapp/views.py
@@ -30,4 +30,5 @@ def post(self, request: HttpRequest): # $ requestHandler
 
 class MyViewHandlerWithCustomInheritance(MyCustomViewBaseClass):
     def get(self, request: HttpRequest): # $ requestHandler
+        print(self.request.GET)
         return HttpResponse("MyViewHandlerWithCustomInheritance: GET") # $ HttpResponse
