Python: Restore rest of experimental files

Author: RasmusWL

python/ql/src/experimental/Security/CWE-074/JinjaBad.py

@@ -0,0 +1,19 @@
+from django.urls import path
+from django.http import HttpResponse
+from jinja2 import Template as Jinja2_Template
+from jinja2 import Environment, DictLoader, escape
+
+
+def a(request):
+    # Load the template
+    template = request.GET['template']
+    t = Jinja2_Template(template)
+    name = request.GET['name']
+    # Render the template with the context data
+    html = t.render(name=escape(name))
+    return HttpResponse(html)
+
+
+urlpatterns = [
+    path('a', a),
+]

python/ql/src/experimental/Security/CWE-074/JinjaGood.py

@@ -0,0 +1,20 @@
+from django.urls import path
+from django.http import HttpResponse
+from jinja2 import Template as Jinja2_Template
+from jinja2 import Environment, DictLoader, escape
+
+
+def a(request):
+    # Load the template
+    template = request.GET['template']
+    env = SandboxedEnvironment(undefined=StrictUndefined)
+    t = env.from_string(template)
+    name = request.GET['name']
+    # Render the template with the context data
+    html = t.render(name=escape(name))
+    return HttpResponse(html)
+
+
+urlpatterns = [
+    path('a', a),
+]

python/ql/test/experimental/semmle/python/templates/Airspeed.py

@@ -0,0 +1,10 @@
+from bottle import Bottle, route, request, redirect, response
+import airspeed
+
+
+app = Bottle()
+
+
+@route('/other')
+def a():
+    return airspeed.Template("sink")

python/ql/test/experimental/semmle/python/templates/AirspeedSSTISinks.expected

@@ -0,0 +1,2 @@
+WARNING: Type SSTISink has been deprecated and may be removed in future (AirspeedSSTISinks.ql:4,6-14)
+| Airspeed.py:10:30:10:35 | argument to airspeed.Template() |

python/ql/test/experimental/semmle/python/templates/AirspeedSSTISinks.ql

@@ -0,0 +1,5 @@
+import python
+import experimental.semmle.python.templates.Airspeed
+
+from SSTISink s
+select s

python/ql/test/experimental/semmle/python/templates/Bottle.py

@@ -0,0 +1,17 @@
+from bottle import Bottle, route, request, redirect, response, SimpleTemplate
+from bottle import template as temp
+
+
+app = Bottle()
+
+
+@route('/other')
+def a():
+    template = "test"
+    tpl = SimpleTemplate(template)
+
+
+@route('/other2')
+def b():
+    template = "test"
+    return temp(template, name='World')

python/ql/test/experimental/semmle/python/templates/BottleSSTISinks.expected

@@ -0,0 +1,3 @@
+WARNING: Type SSTISink has been deprecated and may be removed in future (BottleSSTISinks.ql:4,6-14)
+| Bottle.py:11:26:11:33 | argument to bottle.SimpleTemplate() |
+| Bottle.py:17:17:17:24 | argument to bottle.template() |

python/ql/test/experimental/semmle/python/templates/BottleSSTISinks.ql

@@ -0,0 +1,5 @@
+import python
+import experimental.semmle.python.templates.Bottle
+
+from SSTISink s
+select s

python/ql/test/experimental/semmle/python/templates/Chameleon.py

@@ -0,0 +1,5 @@
+from chameleon import PageTemplate
+
+
+def chameleon():
+    template = PageTemplate("sink")

python/ql/test/experimental/semmle/python/templates/ChameleonSSTISinks.expected

@@ -0,0 +1,2 @@
+WARNING: Type SSTISink has been deprecated and may be removed in future (ChameleonSSTISinks.ql:4,6-14)
+| Chameleon.py:5:29:5:34 | argument to Chameleon.PageTemplate() |