CodeQL library for Python
codeql/python-all 0.6.5 (changelog, source)
Search

Module External

Import path

import semmle.python.security.strings.External

Imports

Classes

ExternalFileObject

A kind of “taint”, representing an open file-like object from an external source.

ExternalJsonKind

An hierarchical dictionary or list where the entire structure is externally controlled This is typically a parsed JSON object.

ExternalStringDictKind

A kind of “taint”, representing a dictionary mapping keys to tainted strings.

ExternalStringKind

An extensible kind of taint representing an externally controlled string.

ExternalStringSequenceDictKind

A kind of “taint”, representing a dictionary mapping keys to sequences of tainted strings.

ExternalStringSequenceKind

A kind of “taint”, representing a sequence, with a “taint” member

ExternalUrlParseResult

TaintKind for the result of urlparse(tainted_string)

ExternalUrlSplitResult

TaintKind for the result of urlsplit(tainted_string)

UrlsplitUrlparseTempSanitizer

Temporary sanitizer for the tainted result from urlsplit and urlparse. Can be used to reduce FPs until we have better support for namedtuples.