CodeQL library for Python
codeql/python-all 0.8.2 ( changelog , source )
Index
Search

Module External

Import path

import semmle.python.security.strings.External

Imports

Basic
python

Classes

ExternalFileObject

A kind of “taint”, representing an open file-like object from an external source.
ExternalJsonKind

An hierarchical dictionary or list where the entire structure is externally controlled This is typically a parsed JSON object.
ExternalStringDictKind

A kind of “taint”, representing a dictionary mapping keys to tainted strings.
ExternalStringKind

An extensible kind of taint representing an externally controlled string.
ExternalStringSequenceDictKind

A kind of “taint”, representing a dictionary mapping keys to sequences of tainted strings.
ExternalStringSequenceKind

A kind of “taint”, representing a sequence, with a “taint” member
ExternalUrlParseResult

TaintKind for the result of urlparse(tainted_string)
ExternalUrlSplitResult

TaintKind for the result of urlsplit(tainted_string)
UrlsplitUrlparseTempSanitizer

Temporary sanitizer for the tainted result from urlsplit and urlparse. Can be used to reduce FPs until we have better support for namedtuples.