Bottle

github · Sep 3, 2024 · 581e7f5 · 581e7f5
1 parent 326eb69
commit 581e7f5
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 42 deletions.
diff --git a/python/ql/lib/semmle/python/frameworks/Bottle.qll b/python/ql/lib/semmle/python/frameworks/Bottle.qll
@@ -1,6 +1,6 @@
 /**
  * Provides classes modeling security-relevant aspects of the `bottle` PyPI package.
- * See https://www.tornadoweb.org/en/stable/.
+ * See https://bottlepy.org/docs/dev/.
  */
 
 private import python
@@ -14,28 +14,24 @@ private import semmle.python.frameworks.internal.InstanceTaintStepsHelper
  * INTERNAL: Do not use.
  *
  * Provides models for the `bottle` PyPI package.
- * See https://www.tornadoweb.org/en/stable/.
+ * See https://bottlepy.org/docs/dev/.
  */
 module Bottle {
   module BottleModule {
     API::Node bottle() { result = API::moduleImport("bottle") }
 
     module Response {
-      API::Node response() {
-        result = bottle().getMember("response")
-        //or
-        //result = ModelOutput::getATypeNode("tornado.web.RequestHandler~Subclass").getASubclass*()
-      }
+      API::Node response() { result = bottle().getMember("response") }
 
       /**
-       * A call to the `bottle.web.RequestHandler.set_header` method.
+       * A call to the `bottle.web.RequestHandler.set_header` or `bottle.web.RequestHandler.add_header` method.
        *
-       * See https://www.tornadoweb.org/en/stable/web.html#tornado.web.RequestHandler.set_header
+       * See https://bottlepy.org/docs/dev/api.html#bottle.BaseResponse.set_header
        */
-      class BottleRequestHandlerSetHeaderCall extends Http::Server::ResponseHeaderWrite::Range,
+      class BottleResponseHandlerSetHeaderCall extends Http::Server::ResponseHeaderWrite::Range,
         DataFlow::MethodCallNode
       {
-        BottleRequestHandlerSetHeaderCall() {
+        BottleResponseHandlerSetHeaderCall() {
           this = response().getMember(["set_header", "add_header"]).getACall()
         }
 
@@ -58,15 +54,13 @@ module Bottle {
         private class Request extends RemoteFlowSource::Range {
           Request() { this = request().asSource() }
 
-          //or
-          //result = ModelOutput::getATypeNode("tornado.web.RequestHandler~Subclass").getASubclass*()
           override string getSourceType() { result = "bottle.request" }
         }
 
         /**
          * Taint propagation for `bottle.request`.
          *
-         * See https://flask.palletsprojects.com/en/1.1.x/api/#flask.Request
+         * See https://bottlepy.org/docs/dev/api.html#bottle.request
          */
         private class InstanceTaintSteps extends InstanceTaintStepsHelper {
           InstanceTaintSteps() { this = "bottle.request" }
@@ -86,11 +80,7 @@ module Bottle {
       }
 
       module Header {
-        API::Node instance() {
-          result = bottle().getMember("response").getMember("headers")
-          //or
-          //result = ModelOutput::getATypeNode("tornado.web.RequestHandler~Subclass").getASubclass*()
-        }
+        API::Node instance() { result = bottle().getMember("response").getMember("headers") }
 
         /** A dict-like write to a response header. */
         class HeaderWriteSubscript extends Http::Server::ResponseHeaderWrite::Range, DataFlow::Node {
@@ -105,12 +95,10 @@ module Bottle {
             )
           }
 
-          //name = instance().getASubscript().getIndex().asSink()
           override DataFlow::Node getNameArg() { result = name.asSink() }
 
           override DataFlow::Node getValueArg() { result = value.asSink() }
 
-          // TODO: These checks perhaps could be made more precise.
           override predicate nameAllowsNewline() { none() }
 
           override predicate valueAllowsNewline() { none() }

diff --git a/python/ql/lib/semmle/python/frameworks/Tornado.qll b/python/ql/lib/semmle/python/frameworks/Tornado.qll
@@ -605,25 +605,4 @@ module Tornado {
 
     override DataFlow::Node getValueArg() { result in [this.getArg(1), this.getArgByName("value")] }
   }
-
-    /**
-   * A call to the `tornado.web.RequestHandler.set_header` method.
-   *
-   * See https://www.tornadoweb.org/en/stable/web.html#tornado.web.RequestHandler.set_header
-   */
-  class TornadoRequestHandlerSetHeaderCall extends Http::Server::ResponseHeaderWrite::Range,
-    DataFlow::MethodCallNode
-  {
-    TornadoRequestHandlerSetHeaderCall() {
-      this.calls(TornadoModule::Web::RequestHandler::instance(), "set_header")
-    }
-
-    override DataFlow::Node getNameArg() { result in [this.getArg(0), this.getArgByName("name")] }
-
-    override DataFlow::Node getValueArg() { result in [this.getArg(1), this.getArgByName("value")] }
-
-    override predicate nameAllowsNewline() { none() }
-
-    override predicate valueAllowsNewline() { none() }
-  }
 }