Skip to content

Python: Make web libs use HttpRequestTaintSource and HttpResponseTaintSink#2603

Merged
tausbn merged 11 commits intogithub:masterfrom
RasmusWL:python-fix-http-source-sink
Feb 12, 2020
Merged

Python: Make web libs use HttpRequestTaintSource and HttpResponseTaintSink#2603
tausbn merged 11 commits intogithub:masterfrom
RasmusWL:python-fix-http-source-sink

Conversation

@RasmusWL
Copy link
Member

@RasmusWL RasmusWL commented Jan 8, 2020

Instead of using TaintSource and TaintSink, so our default queries will also be able to use them 🎉

@RasmusWL RasmusWL added the Python label Jan 8, 2020
@RasmusWL RasmusWL requested a review from a team as a code owner January 8, 2020 13:20
@RasmusWL RasmusWL force-pushed the python-fix-http-source-sink branch from 4f873f6 to e94a15d Compare January 9, 2020 14:49
@RasmusWL
Copy link
Member Author

RasmusWL commented Jan 9, 2020

Forgot to add an .expected file, so here we go again!

RasmusWL added 10 commits January 28, 2020 13:05
@RasmusWL
Python: Autoformat web tests QL files
0a1c91f
@RasmusWL
Python: Remove unused variable from exists expression
b36a6aa
@RasmusWL
Python: Add explicit tests for HttpSources and HttpSinks
6b87458 
Some of the tests currently fail, since they can't reproduce the old tests
results (since the sinks/sources defined in the library code are not
HttpResponseTaintSink/HttpRequestTaintSource)
@RasmusWL
Python: Add toString to TurboGears HttpResponseTaintSinks
effa454 
Naming these were a bit hard, but better than generic "Taint Sink"
@RasmusWL
Python: Don't make duplicate sink for Tornado handler
2cdbae0 
`self.write(...)` would be treated as *both* TornadoConnectionWrite and
TornadoHttpRequestHandlerWrite
@RasmusWL
Python: Update web libraries to use HttpSources and HttpSinks
9b2ca0c
@RasmusWL
Python: Temporarily disable falcon HttpSinks test
9bc7245 
I will fix this in an other PR
@RasmusWL
Python: Fix typo (reques => request)
ee382bb
@RasmusWL
Python: Fix tornado lib: a redirect is not a http response
46f4b74
@RasmusWL
Python: For web tests, use more precise name HttpResponseSinks
c25782d 
Since there are also HttpRedirectTaintSink, using HttpSink is confusing
@RasmusWL RasmusWL force-pushed the python-fix-http-source-sink branch from 04d8cfb to c25782d Compare January 28, 2020 12:06
@RasmusWL
Copy link
Member Author

RasmusWL commented Jan 28, 2020

rebased & force-pushed so merge-conflict could be solved

tausbn
tausbn previously approved these changes Feb 5, 2020
View reviewed changes
tausbn
tausbn reviewed Feb 5, 2020
View reviewed changes
@RasmusWL RasmusWL force-pushed the python-fix-http-source-sink branch from e26ed5a to d5c6092 Compare February 6, 2020 10:50
@tausbn tausbn merged commit 12113e9 into github:master Feb 12, 2020
@RasmusWL RasmusWL deleted the python-fix-http-source-sink branch February 12, 2020 13:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tausbn tausbn tausbn approved these changes

Assignees

No one assigned

Labels

Python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RasmusWL @tausbn