View on GitHub


Test Coverage
Web Frameworks

This code determines which functions have their arguments marked at tainted, for example by default the framework adaptor is Flask, so

.. code-block:: python

    def ito_en(image):

will have arguments marked as tainted, whereas 

.. code-block:: python

    def tea(request, param):

will not. (The ``--adaptor D`` option, for Django, would mark the 2nd functions' arguments as tainted and not the first.)

There are currently 4 options for framework route criteria, in the ``_ file:

- `is_flask_route_function`_, the default, looks for a ``route`` decorator
- `is_django_view_function`_, ``-a D``, looks if the first argument is named ``request``
- `is_function_without_leading_`_, ``-a P``, looks if the function does not start with an underscore
- `is_function`_, ``-a E``, always returns True


.. _is\_django\_view\_function:
.. _is\_flask\_route\_function:
.. _is\_function\_without\_leading\_:
.. _is\_function:

How the Code Works

`FrameworkAdaptor`_ is what ``_ creates, it takes a framework_route_criteria that is chosen by the --adaptor cli argument. The framework_route_criteria is a function that takes an `ast.FunctionDef`_ and returns whether or not it is a route in the selected web framework.

We mark the arguments as tainted by `looping through them`_ and making them node type `TaintedNode`_, where we then `add them to the list of sources`_.

.. _FrameworkAdaptor:
.. _\_\_main\_\
.. _ast.FunctionDef:

.. _looping through them:
.. _TaintedNode:
.. _add them to the list of sources:


This currently is not smart enough to understand `class-based views`_, so you will have to use ``-a P`` to mark most functions arguments as tainted, and trim false-positives yourself, this is easier with the ``--baseline`` and ``--json`` options.

.. _class-based views: