zulip/stubs/taint/req_lib.pysa

# One of the ways user-controlled data enters the application is through the
# request variables framework. This model teaches Pysa that every instance of
# 'REQ()' in a view function is a source of UserControlled taint.
class zerver.lib.request._REQ(TaintSource[UserControlled]): ...
pysa: Introduce sanitizers, models, and inline marking safe. This commit adds three `.pysa` model files: `false_positives.pysa` for ruling out false positive flows with `Sanitize` annotations, `req_lib.pysa` for educating pysa about Zulip's `REQ()` pattern for extracting user input, and `redirects.pysa` for capturing the risk of open redirects within Zulip code. Additionally, this commit introduces `mark_sanitized`, an identity function which can be used to selectively clear taint in cases where `Sanitize` models will not work. This commit also puts `mark_sanitized` to work removing known false postive flows. 2019-12-20 00:00:45 +01:00			`# One of the ways user-controlled data enters the application is through the`
			`# request variables framework. This model teaches Pysa that every instance of`
			`# 'REQ()' in a view function is a source of UserControlled taint.`
			`class zerver.lib.request._REQ(TaintSource[UserControlled]): ...`