def dangerous_source_assignment(self, n):
"""
Look at an the right hand side of an assignment to determine if dangerous.
Right now this only means flask request object represented in a few ways.
"""
# xx = True/False/None, skip em
if isinstance(n, ast.Name):
return False
if isinstance(n, ast.Dict):
# other side is a Dict
return False
if isinstance(n, ast.Subscript):
# xx = request.args['foo']
if hasattr(n, "value") and hasattr(n.value, "value"):
if hasattr(n.value.value, "id") and n.value.value.id == "request":
return True
# xx = dictname[some_var_as_key]
if hasattr(n, "value") and not hasattr(n.value, "value"):
# Lots of work could be done here but it is hard.. punting.
# Need to do more inside-func analysis like with assigns but for dict keys
return False
else:
# Could be rhs here is an object, ex:
# trips_required = fuel_cards_config.trips_required[g.user.flow_type_name.lower()]
return False
#print '\n\n'
#print astpp.dump(n)
#raise Exception("some wonky case nammed in source assignment")
# xx = request.args.get('foo') is an ast.Call()
if isinstance(n, ast.Call):
if hasattr(n.func, "value") and hasattr(n.func.value, "value") and hasattr(n.func.value.value, 'id'):
if n.func.value.value.id == 'request':
return True
# xxx = flask.request.headers.get('Host')
if hasattr(n.func, "value") and hasattr(n.func.value, "value") \
and hasattr(n.func.value.value, "value") \
and hasattr(n.func.value.value.value, 'id') \
and hasattr(n.func.value.value, 'attr'):
if n.func.value.value.value.id == 'flask' and n.func.value.value.attr == 'request':
return True
return False
评论列表
文章目录
