We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 1d00730 commit e309d82Copy full SHA for e309d82
1 file changed
python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
@@ -141,27 +141,3 @@ module ServerSideRequestForgery {
141
}
142
143
144
-
145
-predicate debug(Location loc, DataFlow::MethodCallNode call, string text, DataFlow::Node safe) {
146
- loc = call.getLocation() and
147
- call.getMethodName() = "format" and
148
- text = call.getObject().asExpr().(StrConst).getText() and
149
- exists(string httpPrefixRe |
150
- httpPrefixRe = "^(?i)https?://(?:(\\{\\})|\\{([0-9]+)\\}|\\{([^0-9].*)\\}).*$" and
151
- text.regexpMatch(httpPrefixRe)
152
- |
153
- // `http://{123}...`
154
- exists(int safeArgIndex | safeArgIndex = text.regexpCapture(httpPrefixRe, 2).toInt() |
155
- safe = call.getArg(safeArgIndex)
156
- )
157
- or
158
- // `http://{abc}...`
159
- exists(string safeArgName | safeArgName = text.regexpCapture(httpPrefixRe, 3) |
160
- safe = call.getArgByName(safeArgName)
161
162
163
- // `http://{}...`
164
- exists(text.regexpCapture(httpPrefixRe, 1)) and
165
- safe = call.getArg(0)
166
167
-}
0 commit comments