Skip to content

Python: Make web libs use HttpRequestTaintSource and HttpResponseTaintSink#2603

Merged
tausbn merged 11 commits intogithub:masterfrom
RasmusWL:python-fix-http-source-sink
Feb 12, 2020
Merged

Python: Make web libs use HttpRequestTaintSource and HttpResponseTaintSink#2603
tausbn merged 11 commits intogithub:masterfrom
RasmusWL:python-fix-http-source-sink

Conversation

@RasmusWL
Copy link
Member

@RasmusWL RasmusWL commented Jan 8, 2020

Instead of using TaintSource and TaintSink, so our default queries will also be able to use them 🎉

@RasmusWL RasmusWL added the Python label Jan 8, 2020
@RasmusWL RasmusWL requested a review from a team as a code owner January 8, 2020 13:20
@RasmusWL RasmusWL force-pushed the python-fix-http-source-sink branch from 4f873f6 to e94a15d Compare January 9, 2020 14:49
@RasmusWL
Copy link
Member Author

RasmusWL commented Jan 9, 2020

Forgot to add an .expected file, so here we go again!

Some of the tests currently fail, since they can't reproduce the old tests
results (since the sinks/sources defined in the library code are not
HttpResponseTaintSink/HttpRequestTaintSource)
Naming these were a bit hard, but better than generic "Taint Sink"
`self.write(...)` would be treated as *both* TornadoConnectionWrite and
TornadoHttpRequestHandlerWrite
Since there are also HttpRedirectTaintSink, using HttpSink is confusing
@RasmusWL RasmusWL force-pushed the python-fix-http-source-sink branch from 04d8cfb to c25782d Compare January 28, 2020 12:06
@RasmusWL
Copy link
Member Author

rebased & force-pushed so merge-conflict could be solved

tausbn
tausbn previously approved these changes Feb 5, 2020
@RasmusWL RasmusWL force-pushed the python-fix-http-source-sink branch from e26ed5a to d5c6092 Compare February 6, 2020 10:50
@tausbn tausbn merged commit 12113e9 into github:master Feb 12, 2020
@RasmusWL RasmusWL deleted the python-fix-http-source-sink branch February 12, 2020 13:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants