codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Python: Fix flask request modeling

Open RasmusWL opened this issue 3 years ago • 2 comments
trafficstars

This takes us part of the way. We still get multiple paths for the same alert, but that will be fixed in a different PR.

RasmusWL avatar Sep 29 '22 15:09 RasmusWL

I guess an alternative would be to not have request be a remote flow source in its own right, but only attributes thereof.

I didn't consider this, but I agree it could be a solution :thinking:

RasmusWL avatar Sep 29 '22 16:09 RasmusWL

Another alternative, which may amount to the same thing, is to say that importing the request object is not a case of remote input, but reading from it is. I am not sure if attribute reads is the only way to access it.

yoff avatar Sep 29 '22 18:09 yoff

this PR turned into quite a bit of a mixed bag now :flushed: but everything was connected :shrug:

RasmusWL avatar Oct 04 '22 12:10 RasmusWL