Python: Improve modeling of Flask jsonify

RasmusWL · RasmusWL · commit 0b2458d065ce · 2023-08-29T11:11:32.000+02:00
I also tested whether `Flask.jsonify` or `Flask().jsonify` worked, but
they do not.
diff --git a/python/ql/lib/semmle/python/frameworks/Flask.qll b/python/ql/lib/semmle/python/frameworks/Flask.qll
@@ -179,7 +179,13 @@ module Flask {
      * - https://flask.palletsprojects.com/en/2.2.x/api/#flask.json.jsonify
      */
     private class FlaskJsonifyCall extends InstanceSource, DataFlow::CallCfgNode {
-      FlaskJsonifyCall() { this = API::moduleImport("flask").getMember("jsonify").getACall() }
+      FlaskJsonifyCall() {
+        this = API::moduleImport("flask").getMember("jsonify").getACall()
+        or
+        this = API::moduleImport("flask").getMember("json").getMember("jsonify").getACall()
+        or
+        this = FlaskApp::instance().getMember("json").getMember("response").getACall()
+      }
 
       override DataFlow::Node getBody() { result in [this.getArg(_), this.getArgByName(_)] }
 
diff --git a/python/ql/test/library-tests/frameworks/flask/response_test.py b/python/ql/test/library-tests/frameworks/flask/response_test.py
@@ -67,6 +67,14 @@ def html8():  # $requestHandler
 @app.route("/jsonify")  # $routeSetup="/jsonify"
 def jsonify_route():  # $requestHandler
     x = "x"; y = "y"; z = "z"
+    if True:
+        import flask.json
+        resp = flask.json.jsonify(x, y, z=z)  # $HttpResponse mimetype=application/json responseBody=x responseBody=y responseBody=z
+        assert resp.mimetype == "application/json"
+
+        resp = app.json.response(x, y, z=z)  # $HttpResponse mimetype=application/json responseBody=x responseBody=y responseBody=z
+        assert resp.mimetype == "application/json"
+
     resp = jsonify(x, y, z=z)  # $ HttpResponse mimetype=application/json responseBody=x responseBody=y responseBody=z
     return resp  # $ SPURIOUS: HttpResponse mimetype=text/html responseBody=resp
 
