vars_visitor.py 文件源码

python
阅读 35 收藏 0 点赞 0 评论 0

项目:pyt 作者: python-security 项目源码 文件源码
def visit_Call(self, node):
        # This will not visit Flask in Flask(__name__) but it will visit request in `request.args.get()
        if not isinstance(node.func, ast.Name):
            self.visit(node.func)
        for arg in itertools.chain(node.args, node.keywords):
            if isinstance(arg, ast.Call):
                if isinstance(arg.func, ast.Name):
                    # We can't just visit because we need to add 'ret_'
                    self.result.append('ret_' + arg.func.id)
                elif isinstance(arg.func, ast.Attribute):
                    # e.g. html.replace('{{ param }}', param)
                    # func.attr is replace
                    # func.value.id is html
                    # We want replace
                    self.result.append('ret_' + arg.func.attr)
                else:
                    # Deal with it when we have code that triggers it.
                    raise
            else:
                self.visit(arg)
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号