Last active
June 15, 2022 03:03
-
-
Save lostsnow/bc1e98581e54eb5e5a1c815ba77bc8b0 to your computer and use it in GitHub Desktop.
contrast-python.log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [, http_request { | |
| uuid: "139904951675056" | |
| timestamp_ms: 1654831387786 | |
| sender { | |
| ip: "172.22.22.1" | |
| } | |
| receiver { | |
| host: "172.22.22.11" | |
| port: 5000 | |
| } | |
| protocol: "http" | |
| version: "1.1" | |
| method: "GET" | |
| raw: "/demo/urllib_ssrf?url=https://myip.ipip.net" | |
| normalized_request_params { | |
| key: "url" | |
| value { | |
| key: "url" | |
| values: "https://myip.ipip.net" | |
| } | |
| } | |
| request_headers { | |
| key: "Accept" | |
| value: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8" | |
| } | |
| request_headers { | |
| key: "Accept-Encoding" | |
| value: "gzip, deflate" | |
| } | |
| request_headers { | |
| key: "Accept-Language" | |
| value: "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2" | |
| } | |
| request_headers { | |
| key: "Connection" | |
| value: "keep-alive" | |
| } | |
| request_headers { | |
| key: "Cookie" | |
| value: "csrftoken=4uabafC589VXL5KkMP8NaNfWl67jns1mHIiFCySVdzcfDPFfHbDea3jKf1Ons1bD; djangoDemo-csrf=Wxuyne1SGxSI1D9q3x3C11ExbLOd2c9gdEbJMIaI9ZlHKecPW9m3MC9ow4yupP6X; locale=ZH_CN; nsid=e7e0be96aa2b968e87b513b644548c30; Secure=true; SameSite=None; nh=172.22.22.11:9669; nu=root; np=nebula; django_language=zh; session=.eJwlj8EOwjAMQ_-lZw5NmibrfmZK2kQgJJC2cUL8O0WcLB_8bL_TFrsf17Se-8svabuNtCayYg5LbWjeGhuB1IyVs9tADUJnCM3E6iRssfTpDLKpt14qVLYiWEWFoRsNHJ4JFLwwt2g5RGf-p2BMWCc-fhBAkQzS0iX1Y4_tfN79Mfdg5i4DQQYvMQuJdClUBFyH1N6xzHmoNnOvw_f_CUifL2zXPhA.FFAhlw.35sP3HmELoZlY3PoWAxL1tkND0g; loginToken=Bearer%20eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImNyZWF0ZWQiOjE2NTI2OTM5MDkyODUsImV4cCI6MTY1MzI5ODcwOX0.OHRs5ihD6pDD1pnThK9t-7edJ0QuZCQvVT7BS31OXQUHhBTqi1uUkuZKzdhnRyZKe6lY7W42dwsMkSpZ-gvREw; DTCsrfToken=Ic9tOHQC9KTwBPKMuvv18HhFWdSFyNAPytistgYTTGnxESRF6RrPl3akADkO5GT9" | |
| } | |
| request_headers { | |
| key: "Dnt" | |
| value: "1" | |
| } | |
| request_headers { | |
| key: "Host" | |
| value: "172.22.22.11:5000" | |
| } | |
| request_headers { | |
| key: "Upgrade-Insecure-Requests" | |
| value: "1" | |
| } | |
| request_headers { | |
| key: "User-Agent" | |
| value: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0" | |
| } | |
| parsed_request_headers: true | |
| normalized_cookies { | |
| key: "DTCsrfToken" | |
| value { | |
| key: "DTCsrfToken" | |
| values: "Ic9tOHQC9KTwBPKMuvv18HhFWdSFyNAPytistgYTTGnxESRF6RrPl3akADkO5GT9" | |
| } | |
| } | |
| normalized_cookies { | |
| key: "csrftoken" | |
| value { | |
| key: "csrftoken" | |
| values: "4uabafC589VXL5KkMP8NaNfWl67jns1mHIiFCySVdzcfDPFfHbDea3jKf1Ons1bD" | |
| } | |
| } | |
| normalized_cookies { | |
| key: "djangoDemo-csrf" | |
| value { | |
| key: "djangoDemo-csrf" | |
| values: "Wxuyne1SGxSI1D9q3x3C11ExbLOd2c9gdEbJMIaI9ZlHKecPW9m3MC9ow4yupP6X" | |
| } | |
| } | |
| normalized_cookies { | |
| key: "django_language" | |
| value { | |
| key: "django_language" | |
| values: "zh" | |
| } | |
| } | |
| normalized_cookies { | |
| key: "locale" | |
| value { | |
| key: "locale" | |
| values: "ZH_CN" | |
| } | |
| } | |
| normalized_cookies { | |
| key: "loginToken" | |
| value { | |
| key: "loginToken" | |
| values: "Bearer%20eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImNyZWF0ZWQiOjE2NTI2OTM5MDkyODUsImV4cCI6MTY1MzI5ODcwOX0.OHRs5ihD6pDD1pnThK9t-7edJ0QuZCQvVT7BS31OXQUHhBTqi1uUkuZKzdhnRyZKe6lY7W42dwsMkSpZ-gvREw" | |
| } | |
| } | |
| normalized_cookies { | |
| key: "nh" | |
| value { | |
| key: "nh" | |
| values: "172.22.22.11:9669" | |
| } | |
| } | |
| normalized_cookies { | |
| key: "np" | |
| value { | |
| key: "np" | |
| values: "nebula" | |
| } | |
| } | |
| normalized_cookies { | |
| key: "nsid" | |
| value { | |
| key: "nsid" | |
| values: "e7e0be96aa2b968e87b513b644548c30" | |
| } | |
| } | |
| normalized_cookies { | |
| key: "nu" | |
| value { | |
| key: "nu" | |
| values: "root" | |
| } | |
| } | |
| normalized_cookies { | |
| key: "session" | |
| value { | |
| key: "session" | |
| values: ".eJwlj8EOwjAMQ_-lZw5NmibrfmZK2kQgJJC2cUL8O0WcLB_8bL_TFrsf17Se-8svabuNtCayYg5LbWjeGhuB1IyVs9tADUJnCM3E6iRssfTpDLKpt14qVLYiWEWFoRsNHJ4JFLwwt2g5RGf-p2BMWCc-fhBAkQzS0iX1Y4_tfN79Mfdg5i4DQQYvMQuJdClUBFyH1N6xzHmoNnOvw_f_CUifL2zXPhA.FFAhlw.35sP3HmELoZlY3PoWAxL1tkND0g" | |
| } | |
| } | |
| parsed_request_body: true | |
| } | |
| http_response { | |
| response_code: 200 | |
| normalized_response_headers { | |
| key: "CONTENT_LENGTH" | |
| value { | |
| key: "content-length" | |
| values: "157" | |
| } | |
| } | |
| normalized_response_headers { | |
| key: "CONTENT_TYPE" | |
| value { | |
| key: "content-type" | |
| values: "application/json" | |
| } | |
| } | |
| response_body_binary: "{\"data\":[\"\\u5f53\\u524d IP\\uff1a222.128.6.204 \\u6765\\u81ea\\u4e8e\\uff1a\\u4e2d\\u56fd \\u5317\\u4eac \\u5317\\u4eac \\u8054\\u901a\\n\"],\"msg\":\"success\",\"status\":201}\n" | |
| } | |
| findings { | |
| hash_code: "756488251" | |
| rule_id: "ssrf" | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1654831387885 | |
| thread: "139904951531264" | |
| signature { | |
| return_type: "str" | |
| class_name: "werkzeug.datastructures.TypeConversionDict" | |
| method_name: "get" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| field_name: "url" | |
| object { | |
| value: "SW1tdXRhYmxlTXVsdGlEaWN0KFsoJ3VybCcsICdodHRwczovL215aXAuaXBpcC5uZXQnKV0p" | |
| } | |
| ret { | |
| tracked: true | |
| value: "aHR0cHM6Ly9teWlwLmlwaXAubmV0" | |
| } | |
| args { | |
| value: "dXJs" | |
| } | |
| args { | |
| value: "aHR0cHM6Ly93d3cuYmFpZHUuY29t" | |
| } | |
| stack { | |
| declaring_class: "flasksrc.demo.ssrf.ssrf_fun.py" | |
| method_name: "urllib_ssrf" | |
| file_name: "flasksrc.demo.ssrf.ssrf_fun.py" | |
| line_number: 11 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "dispatch_request" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 1502 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "full_dispatch_request" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 1516 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "wsgi_app" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 2073 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "__call__" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 2091 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.cli.py" | |
| method_name: "__call__" | |
| file_name: "venv.lib.python3.8.site-packages.flask.cli.py" | |
| line_number: 357 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| method_name: "execute" | |
| file_name: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| line_number: 308 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| method_name: "run_wsgi" | |
| file_name: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| line_number: 319 | |
| } | |
| event_sources { | |
| type: "PARAMETER" | |
| name: "url" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:21" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:21" | |
| } | |
| object_id: 59 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1654831387897 | |
| thread: "139904951531264" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "rpartition" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "aHR0cHM6Ly9teWlwLmlwaXAubmV0" | |
| } | |
| ret { | |
| tracked: true | |
| value: "aHR0cHM6Ly9teWlwLmlwaXAubmV0" | |
| } | |
| args { | |
| value: "Iw==" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "_splittag" | |
| file_name: "urllib.parse.py" | |
| line_number: 1155 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "full_url" | |
| file_name: "urllib.request.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "__init__" | |
| file_name: "urllib.request.py" | |
| line_number: 328 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "open" | |
| file_name: "urllib.request.py" | |
| line_number: 509 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "urlopen" | |
| file_name: "urllib.request.py" | |
| line_number: 222 | |
| } | |
| stack { | |
| declaring_class: "flasksrc.demo.ssrf.ssrf_fun.py" | |
| method_name: "urllib_ssrf" | |
| file_name: "flasksrc.demo.ssrf.ssrf_fun.py" | |
| line_number: 13 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "dispatch_request" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 1502 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "full_dispatch_request" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 1516 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "wsgi_app" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 2073 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "__call__" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 2091 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.cli.py" | |
| method_name: "__call__" | |
| file_name: "venv.lib.python3.8.site-packages.flask.cli.py" | |
| line_number: 357 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| method_name: "execute" | |
| file_name: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| line_number: 308 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| method_name: "run_wsgi" | |
| file_name: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| line_number: 319 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:21" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:21" | |
| } | |
| object_id: 61 | |
| parent_object_ids { | |
| id: 59 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1654831387909 | |
| thread: "139904951531264" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groups" | |
| } | |
| object { | |
| value: "aHR0cHM6Ly9teWlwLmlwaXAubmV0" | |
| } | |
| ret { | |
| tracked: true | |
| value: "Ly9teWlwLmlwaXAubmV0" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "_splittype" | |
| file_name: "urllib.parse.py" | |
| line_number: 1030 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "_parse" | |
| file_name: "urllib.request.py" | |
| line_number: 381 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "full_url" | |
| file_name: "urllib.request.py" | |
| line_number: 354 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "__init__" | |
| file_name: "urllib.request.py" | |
| line_number: 328 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "open" | |
| file_name: "urllib.request.py" | |
| line_number: 509 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "urlopen" | |
| file_name: "urllib.request.py" | |
| line_number: 222 | |
| } | |
| stack { | |
| declaring_class: "flasksrc.demo.ssrf.ssrf_fun.py" | |
| method_name: "urllib_ssrf" | |
| file_name: "flasksrc.demo.ssrf.ssrf_fun.py" | |
| line_number: 13 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "dispatch_request" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 1502 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "full_dispatch_request" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 1516 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "wsgi_app" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 2073 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "__call__" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 2091 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.cli.py" | |
| method_name: "__call__" | |
| file_name: "venv.lib.python3.8.site-packages.flask.cli.py" | |
| line_number: 357 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| method_name: "execute" | |
| file_name: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| line_number: 308 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| method_name: "run_wsgi" | |
| file_name: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| line_number: 319 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:15" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:15" | |
| } | |
| object_id: 63 | |
| parent_object_ids { | |
| id: 61 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1654831387918 | |
| thread: "139904951531264" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groups" | |
| } | |
| object { | |
| value: "Ly9teWlwLmlwaXAubmV0" | |
| } | |
| ret { | |
| tracked: true | |
| value: "bXlpcC5pcGlwLm5ldA==" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "_splithost" | |
| file_name: "urllib.parse.py" | |
| line_number: 1051 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "_parse" | |
| file_name: "urllib.request.py" | |
| line_number: 384 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "full_url" | |
| file_name: "urllib.request.py" | |
| line_number: 354 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py"3 | |
| method_name: "__init__" | |
| file_name: "urllib.request.py" | |
| line_number: 328 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "open" | |
| file_name: "urllib.request.py" | |
| line_number: 509 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "urlopen" | |
| file_name: "urllib.request.py" | |
| line_number: 222 | |
| } | |
| stack { | |
| declaring_class: "flasksrc.demo.ssrf.ssrf_fun.py" | |
| method_name: "urllib_ssrf" | |
| file_name: "flasksrc.demo.ssrf.ssrf_fun.py" | |
| line_number: 13 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "dispatch_request" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 1502 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "full_dispatch_request" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 1516 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "wsgi_app" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 2073 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "__call__" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 2091 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.cli.py" | |
| method_name: "__call__" | |
| file_name: "venv.lib.python3.8.site-packages.flask.cli.py" | |
| line_number: 357 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| method_name: "execute" | |
| file_name: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| line_number: 308 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| method_name: "run_wsgi" | |
| file_name: "venv.lib.python3.8.site-packages.werkzeug.serving.py" | |
| line_number: 319 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:13" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:13" | |
| } | |
| object_id: 65 | |
| parent_object_ids { | |
| id: 63 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1654831387922 | |
| thread: "139904951531264" | |
| signature { | |
| return_type: "str" | |
| class_name: "urllib.parse" | |
| method_name: "unquote" | |
| arg_types: "str" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "bXlpcC5pcGlwLm5ldA==" | |
| } | |
| args { | |
| value: "bXlpcC5pcGlwLm5ldA==" | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "_parse" | |
| file_name: "urllib.request.py" | |
| line_number: 386 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "full_url" | |
| file_name: "urllib.request.py" | |
| line_number: 354 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "__init__" | |
| file_name: "urllib.request.py" | |
| line_number: 328 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "open" | |
| file_name: "urllib.request.py" | |
| line_number: 509 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "urlopen" | |
| file_name: "urllib.request.py" | |
| line_number: 222 | |
| } | |
| stack { | |
| declaring_class: "flasksrc.demo.ssrf.ssrf_fun.py" | |
| method_name: "urllib_ssrf" | |
| file_name: "flasksrc.demo.ssrf.ssrf_fun.py" | |
| line_number: 13 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "dispatch_request" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 1502 | |
| } | |
| source: "P0,KWARG:string" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:13" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:13" | |
| } | |
| object_id: 66 | |
| parent_object_ids { | |
| id: 65 | |
| } | |
| } | |
| events { | |
| action: TRIGGER | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1654831387939 | |
| thread: "139904951531264" | |
| signature { | |
| return_type: "HTTPSConnection" | |
| class_name: "http.client.HTTPConnection" | |
| method_name: "__init__" | |
| arg_types: "str" | |
| arg_types: "None" | |
| arg_types: "object" | |
| arg_types: "None" | |
| arg_types: "dict" | |
| constructor: true | |
| } | |
| object { | |
| value: "PGh0dHAuY2xpZW50LkhUVFBTQ29ubmVjdGlvbiBvYmplY3QgYXQgMHg3ZjNlMjg1NDBlNTA+" | |
| } | |
| ret { | |
| value: "PGh0dHAuY2xpZW50LkhUVFBTQ29ubmVjdGlvbiBvYmplY3QgYXQgMHg3ZjNlMjg1NDBlNTA+" | |
| } | |
| args { | |
| tracked: true | |
| value: "bXlpcC5pcGlwLm5ldA==" | |
| } | |
| args { | |
| value: "Tm9uZQ==" | |
| } | |
| args { | |
| value: "PG9iamVjdCBvYmplY3QgYXQgMHg3ZjNlMzQ5NTQwNjA+" | |
| } | |
| args { | |
| value: "Tm9uZQ==" | |
| } | |
| args { | |
| value: "eydibG9ja3NpemUnOiA4MTkyfQ==" | |
| } | |
| stack { | |
| declaring_class: "http.client.py" | |
| method_name: "__init__" | |
| file_name: "http.client.py" | |
| line_number: 1383 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "do_open" | |
| file_name: "urllib.request.py" | |
| line_number: 1323 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "https_open" | |
| file_name: "urllib.request.py" | |
| line_number: 1397 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "_call_chain" | |
| file_name: "urllib.request.py" | |
| line_number: 502 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "_open" | |
| file_name: "urllib.request.py" | |
| line_number: 542 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "open" | |
| file_name: "urllib.request.py" | |
| line_number: 525 | |
| } | |
| stack { | |
| declaring_class: "urllib.request.py" | |
| method_name: "urlopen" | |
| file_name: "urllib.request.py" | |
| line_number: 222 | |
| } | |
| stack { | |
| declaring_class: "flasksrc.demo.ssrf.ssrf_fun.py" | |
| method_name: "urllib_ssrf" | |
| file_name: "flasksrc.demo.ssrf.ssrf_fun.py" | |
| line_number: 13 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "dispatch_request" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 1502 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "full_dispatch_request" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 1516 | |
| } | |
| stack { | |
| declaring_class: "venv.lib.python3.8.site-packages.flask.app.py" | |
| method_name: "wsgi_app" | |
| file_name: "venv.lib.python3.8.site-packages.flask.app.py" | |
| line_number: 2073 | |
| } | |
| source: "P0,KWARG:host" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:13" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:13" | |
| } | |
| object_id: 76 | |
| parent_object_ids { | |
| id: 66 | |
| } | |
| } | |
| preflight: "ssrf,756488251" | |
| version: 4 | |
| routes { | |
| verb: "GET" | |
| url: "/demo/urllib_ssrf" | |
| route: "urllib_ssrf()" | |
| } | |
| } | |
| , signature: "urllib_ssrf()" | |
| url: "/demo/urllib_ssrf" | |
| verb: "GET" | |
| sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| sources { | |
| type: "QUERYSTRING" | |
| name: "QUERY_STRING" | |
| } | |
| sources { | |
| type: "HEADER" | |
| name: "HTTP_HOST" | |
| } | |
| sources { | |
| type: "HEADER" | |
| name: "HTTP_CONNECTION" | |
| } | |
| sources { | |
| type: "PARAMETER" | |
| name: "url" | |
| } | |
| ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [hash_code: "1947874553" | |
| rule_id: "redos" | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499413 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "HTTP_HOST" | |
| flags: 8 | |
| } | |
| field_name: "HTTP_HOST" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "MTcyLjIyLjIyLjExOjgwMDA=" | |
| } | |
| event_sources { | |
| type: "HEADER" | |
| name: "HTTP_HOST" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "NO_NEWLINES" | |
| range: "0:17" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:17" | |
| } | |
| object_id: 18 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499459 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "lower" | |
| } | |
| object { | |
| value: "MTcyLjIyLjIyLjExOjgwMDA=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "MTcyLjIyLjIyLjExOjgwMDA=" | |
| } | |
| stack { | |
| declaring_class: "django.http.request.py" | |
| method_name: "split_domain_port" | |
| file_name: "django.http.request.py" | |
| line_number: 581 | |
| } | |
| stack { | |
| declaring_class: "django.http.request.py" | |
| method_name: "get_host" | |
| file_name: "django.http.request.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.middleware.common.py" | |
| method_name: "process_request" | |
| file_name: "django.middleware.common.py" | |
| line_number: 48 | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 75 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 133 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "NO_NEWLINES" | |
| range: "0:17" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:17" | |
| } | |
| object_id: 62 | |
| parent_object_ids { | |
| id: 18 | |
| } | |
| } | |
| events { | |
| action: TRIGGER | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499460 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "Match" | |
| class_name: "re.Pattern" | |
| method_name: "match" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| value: "PHJlLk1hdGNoIG9iamVjdDsgc3Bhbj0oMCwgMTcpLCBtYXRjaD0nMTcyLjIyLjIyLjExOjgwMDAnPg==" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnXihbYS16MC05Li1dK3xcXFtbYS1mMC05XSo6W2EtZjAtOVxcLjpdK1xcXSkoOlxcZCspPyQnKQ==" | |
| } | |
| args { | |
| tracked: true | |
| value: "MTcyLjIyLjIyLjExOjgwMDA=" | |
| } | |
| stack { | |
| declaring_class: "django.http.request.py" | |
| method_name: "split_domain_port" | |
| file_name: "django.http.request.py" | |
| line_number: 583 | |
| } | |
| stack { | |
| declaring_class: "django.http.request.py" | |
| method_name: "get_host" | |
| file_name: "django.http.request.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.middleware.common.py" | |
| method_name: "process_request" | |
| file_name: "django.middleware.common.py" | |
| line_number: 48 | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 75 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 133 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| source: "P1,KWARG:string,KWARG:pattern" | |
| taint_ranges { | |
| tag: "NO_NEWLINES" | |
| range: "0:17" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:17" | |
| } | |
| object_id: 63 | |
| parent_object_ids { | |
| id: 62 | |
| } | |
| } | |
| preflight: "redos,1947874553" | |
| version: 4 | |
| routes { | |
| verb: "GET" | |
| url: "{injector_str}s/" | |
| route: "polls.views.inject(request, injector_str)" | |
| } | |
| , hash_code: "608135912" | |
| rule_id: "reflected-xss" | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499534 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "replace" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "XA==" | |
| } | |
| args { | |
| value: "Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P1" | |
| target: "RETURN" | |
| object_id: 95 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499536 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| args { | |
| value: "c3RyaWN0" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "quote" | |
| file_name: "urllib.parse.py" | |
| line_number: 845 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| object_id: 96 | |
| parent_object_ids { | |
| id: 95 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499536 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "quote_from_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 885 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "quote" | |
| file_name: "urllib.parse.py" | |
| line_number: 851 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "0:15" | |
| } | |
| object_id: 97 | |
| parent_object_ids { | |
| id: 96 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499534 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "replace" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "XA==" | |
| } | |
| args { | |
| value: "Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| source: "OBJ,P1" | |
| target: "RETURN" | |
| object_id: 95 | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499537 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "urllib.parse" | |
| method_name: "quote" | |
| arg_types: "str" | |
| arg_types: "dict" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "eydzYWZlJzogIi9+ISooKScifQ==" | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| source: "P0,KWARG:string" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "0:15" | |
| } | |
| object_id: 98 | |
| parent_object_ids { | |
| id: 95 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499538 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "split" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHM=" | |
| } | |
| args { | |
| value: "Lw==" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "urljoin" | |
| file_name: "urllib.parse.py" | |
| line_number: 544 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 335 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "0:5" | |
| } | |
| object_id: 100 | |
| parent_object_ids { | |
| id: 98 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499534 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "replace" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "XA==" | |
| } | |
| args { | |
| value: "Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P1" | |
| target: "RETURN" | |
| object_id: 95 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499536 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| args { | |
| value: "c3RyaWN0" | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "quote" | |
| file_name: "urllib.parse.py" | |
| line_number: 845 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| object_id: 96 | |
| parent_object_ids { | |
| id: 95 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499536 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "quote" | |
| file_name: "urllib.parse.py" | |
| line_number: 851 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "quote_from_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 885 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "0:15" | |
| } | |
| object_id: 97 | |
| parent_object_ids { | |
| id: 96 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499534 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "replace" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "XA==" | |
| } | |
| args { | |
| value: "Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| source: "OBJ,P1" | |
| target: "RETURN" | |
| object_id: 95 | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499537 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "urllib.parse" | |
| method_name: "quote" | |
| arg_types: "str" | |
| arg_types: "dict" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "eydzYWZlJzogIi9+ISooKScifQ==" | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| source: "P0,KWARG:string" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "0:15" | |
| } | |
| object_id: 98 | |
| parent_object_ids { | |
| id: 95 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499538 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "split" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "c3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "Lw==" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "urljoin" | |
| file_name: "urllib.parse.py" | |
| line_number: 544 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 335 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "0:9" | |
| } | |
| object_id: 101 | |
| parent_object_ids { | |
| id: 98 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499539 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| value: "Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3N0YXRpYy9wb2xscy9zdHlsZS5jc3M=" | |
| } | |
| args { | |
| value: "WycnLCAnc3RhdGljJywgJ3BvbGxzJywgJ3N0eWxlLmNzcydd" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "urljoin" | |
| file_name: "urllib.parse.py" | |
| line_number: 569 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 335 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "8:13" | |
| } | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "14:23" | |
| } | |
| taint_ranges { | |
| tag: "HTML_ENCODED" | |
| range: "0:23" | |
| } | |
| object_id: 102 | |
| parent_object_ids { | |
| id: 100 | |
| } | |
| parent_object_ids { | |
| id: 101 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499539 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "html" | |
| method_name: "escape" | |
| arg_types: "str" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3N0YXRpYy9wb2xscy9zdHlsZS5jc3M=" | |
| } | |
| args { | |
| value: "L3N0YXRpYy9wb2xscy9zdHlsZS5jc3M=" | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 40 | |
| } | |
| stack { | |
| declaring_class: "django.utils.functional.py" | |
| method_name: "wrapper" | |
| file_name: "django.utils.functional.py" | |
| line_number: 206 | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "conditional_escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 101 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 108 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| source: "P0,KWARG:s" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "8:13" | |
| } | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "14:23" | |
| } | |
| taint_ranges { | |
| tag: "HTML_ENCODED" | |
| range: "0:23" | |
| } | |
| object_id: 103 | |
| parent_object_ids { | |
| id: 102 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499534 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "replace" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "XA==" | |
| } | |
| args { | |
| value: "Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P1" | |
| target: "RETURN" | |
| object_id: 95 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499536 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| args { | |
| value: "c3RyaWN0" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "quote" | |
| file_name: "urllib.parse.py" | |
| line_number: 845 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| object_id: 96 | |
| parent_object_ids { | |
| id: 95 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499536 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "quote_from_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 885 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "quote" | |
| file_name: "urllib.parse.py" | |
| line_number: 851 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "0:15" | |
| } | |
| object_id: 97 | |
| parent_object_ids { | |
| id: 96 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499534 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "replace" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "XA==" | |
| } | |
| args { | |
| value: "Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| source: "OBJ,P1" | |
| target: "RETURN" | |
| object_id: 95 | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499537 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "urllib.parse" | |
| method_name: "quote" | |
| arg_types: "str" | |
| arg_types: "dict" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "eydzYWZlJzogIi9+ISooKScifQ==" | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| source: "P0,KWARG:string" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "0:15" | |
| } | |
| object_id: 98 | |
| parent_object_ids { | |
| id: 95 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499538 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "split" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHM=" | |
| } | |
| args { | |
| value: "Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 335 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "urljoin" | |
| file_name: "urllib.parse.py" | |
| line_number: 544 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "0:5" | |
| } | |
| object_id: 100 | |
| parent_object_ids { | |
| id: 98 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499534 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "replace" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "XA==" | |
| } | |
| args { | |
| value: "Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P1" | |
| target: "RETURN" | |
| object_id: 95 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499536 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| args { | |
| value: "c3RyaWN0" | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "quote" | |
| file_name: "urllib.parse.py" | |
| line_number: 845 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| object_id: 96 | |
| parent_object_ids { | |
| id: 95 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499536 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "quote" | |
| file_name: "urllib.parse.py" | |
| line_number: 851 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "quote_from_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 885 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "0:15" | |
| } | |
| object_id: 97 | |
| parent_object_ids { | |
| id: 96 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499534 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "replace" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "XA==" | |
| } | |
| args { | |
| value: "Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| source: "OBJ,P1" | |
| target: "RETURN" | |
| object_id: 95 | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499537 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "urllib.parse" | |
| method_name: "quote" | |
| arg_types: "str" | |
| arg_types: "dict" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "eydzYWZlJzogIi9+ISooKScifQ==" | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 332 | |
| } | |
| stack { | |
| declaring_class: "django.utils.encoding.py" | |
| method_name: "filepath_to_uri" | |
| file_name: "django.utils.encoding.py" | |
| line_number: 256 | |
| } | |
| source: "P0,KWARG:string" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "0:15" | |
| } | |
| object_id: 98 | |
| parent_object_ids { | |
| id: 95 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499538 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "split" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cG9sbHMvc3R5bGUuY3Nz" | |
| } | |
| ret { | |
| tracked: true | |
| value: "c3R5bGUuY3Nz" | |
| } | |
| args { | |
| value: "Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 335 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "urljoin" | |
| file_name: "urllib.parse.py" | |
| line_number: 544 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "0:9" | |
| } | |
| object_id: 101 | |
| parent_object_ids { | |
| id: 98 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499539 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| value: "Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3N0YXRpYy9wb2xscy9zdHlsZS5jc3M=" | |
| } | |
| args { | |
| value: "WycnLCAnc3RhdGljJywgJ3BvbGxzJywgJ3N0eWxlLmNzcydd" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 106 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "url" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 103 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "handle_simple" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 118 | |
| } | |
| stack { | |
| declaring_class: "django.core.files.storage.py" | |
| method_name: "url" | |
| file_name: "django.core.files.storage.py" | |
| line_number: 335 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "urljoin" | |
| file_name: "urllib.parse.py" | |
| line_number: 569 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "8:13" | |
| } | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "14:23" | |
| } | |
| taint_ranges { | |
| tag: "HTML_ENCODED" | |
| range: "0:23" | |
| } | |
| object_id: 102 | |
| parent_object_ids { | |
| id: 100 | |
| } | |
| parent_object_ids { | |
| id: 101 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499539 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "html" | |
| method_name: "escape" | |
| arg_types: "str" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3N0YXRpYy9wb2xscy9zdHlsZS5jc3M=" | |
| } | |
| args { | |
| value: "L3N0YXRpYy9wb2xscy9zdHlsZS5jc3M=" | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 108 | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "conditional_escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 101 | |
| } | |
| stack { | |
| declaring_class: "django.utils.functional.py" | |
| method_name: "wrapper" | |
| file_name: "django.utils.functional.py" | |
| line_number: 206 | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 40 | |
| } | |
| source: "P0,KWARG:s" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "8:13" | |
| } | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "14:23" | |
| } | |
| taint_ranges { | |
| tag: "HTML_ENCODED" | |
| range: "0:23" | |
| } | |
| object_id: 103 | |
| parent_object_ids { | |
| id: 102 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499540 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "SafeString" | |
| class_name: "django.utils.html" | |
| method_name: "escape" | |
| arg_types: "str" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3N0YXRpYy9wb2xscy9zdHlsZS5jc3M=" | |
| } | |
| args { | |
| value: "L3N0YXRpYy9wb2xscy9zdHlsZS5jc3M=" | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "conditional_escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 101 | |
| } | |
| stack { | |
| declaring_class: "django.templatetags.static.py" | |
| method_name: "render" | |
| file_name: "django.templatetags.static.py" | |
| line_number: 108 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| source: "P0,KWARG:text" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "8:13" | |
| } | |
| taint_ranges { | |
| tag: "URL_ENCODED" | |
| range: "14:23" | |
| } | |
| taint_ranges { | |
| tag: "HTML_ENCODED" | |
| range: "0:23" | |
| } | |
| object_id: 104 | |
| parent_object_ids { | |
| id: 103 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499541 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "T2hoIGhleSE=" | |
| } | |
| args { | |
| value: "WydPaGggaGV5ISdd" | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 940 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| object_id: 105 | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499615 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "SafeString" | |
| class_name: "django.utils.html" | |
| method_name: "escape" | |
| arg_types: "str" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzL3NlYXJjaC8=" | |
| } | |
| args { | |
| value: "L3BvbGxzL3NlYXJjaC8=" | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "conditional_escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 101 | |
| } | |
| stack { | |
| declaring_class: "django.template.defaulttags.py" | |
| method_name: "render" | |
| file_name: "django.template.defaulttags.py" | |
| line_number: 453 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 173 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 188 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| source: "P0,KWARG:text" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "HTML_ENCODED" | |
| range: "0:14" | |
| } | |
| object_id: 111 | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499616 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "CgoKICA8bmF2IGNsYXNzPSJuYXZiYXIgbmF2YmFyLWV4cGFuZC1sZyBuYXZiYXItbGkuLi4gcGxhY2Vob2xkZXI9IlNlYXJjaCIgYXJpYS1sYWJlbD0iU2VhcmNoIiBhY3Rpb249Ii9wb2xscy9zZWFyY2gvIiBtZXRob2Q9InBvc3QiPgogICAgICAgICAgICA8aW5wdXQgY2xhc3M9ImZvcm0tY28uLi5hcmNoPC9idXR0b24+CiAgICAgICAgPC9mb3JtPgogICAgPC9kaXY+CiAgPC9uYXY+Cg==" | |
| } | |
| args { | |
| value: "WydcblxuXG4gIDxuYXYgY2xhc3M9Im5hdmJhciBuYXZiYXItZXhwYW5kLWxnIG5hdmIuLi5idXR0b24+XG4gICAgICAgIDwvZm9ybT5cbiAgICA8L2Rpdj5cbiAgPC9uYXY+XG4nXQ==" | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 940 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 173 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 188 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "103:117" | |
| } | |
| object_id: 112 | |
| parent_object_ids { | |
| id: 111 | |
| } | |
| } | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499408 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "PATH_INFO" | |
| flags: 8 | |
| } | |
| field_name: "PATH_INFO" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| event_sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 8 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499424 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| args { | |
| value: "aXNvLTg4NTktMQ==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_bytes_from_wsgi" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 200 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 154 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 25 | |
| parent_object_ids { | |
| id: 8 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499426 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 156 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 27 | |
| parent_object_ids { | |
| id: 25 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499480 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoMSwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 164 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:45" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:45" | |
| } | |
| object_id: 77 | |
| parent_object_ids { | |
| id: 27 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499483 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoNiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 267 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:39" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:39" | |
| } | |
| object_id: 78 | |
| parent_object_ids { | |
| id: 77 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499489 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groupdict" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 260 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 79 | |
| parent_object_ids { | |
| id: 78 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499491 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Pattern" | |
| method_name: "split" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 643 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "P0,KWARG:string,KWARG:source" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 80 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499492 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 601 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 81 | |
| parent_object_ids { | |
| id: 80 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499492 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "split" | |
| arg_types: "bytes" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPA==" | |
| } | |
| args { | |
| value: "JQ==" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 602 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:28" | |
| } | |
| object_id: 82 | |
| parent_object_ids { | |
| id: 81 | |
| } | |
| } | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499408 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "PATH_INFO" | |
| flags: 8 | |
| } | |
| field_name: "PATH_INFO" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| event_sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 8 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499424 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| args { | |
| value: "aXNvLTg4NTktMQ==" | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 154 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_bytes_from_wsgi" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 200 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 25 | |
| parent_object_ids { | |
| id: 8 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499426 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 156 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 27 | |
| parent_object_ids { | |
| id: 25 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499480 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoMSwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 164 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:45" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:45" | |
| } | |
| object_id: 77 | |
| parent_object_ids { | |
| id: 27 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499483 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoNiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 267 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:39" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:39" | |
| } | |
| object_id: 78 | |
| parent_object_ids { | |
| id: 77 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499489 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groupdict" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 260 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 79 | |
| parent_object_ids { | |
| id: 78 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499491 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Pattern" | |
| method_name: "split" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 643 | |
| } | |
| source: "P0,KWARG:string,KWARG:source" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 80 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499492 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 601 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 81 | |
| parent_object_ids { | |
| id: 80 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499493 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "split" | |
| arg_types: "bytes" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "MkZzY3JpcHQ+" | |
| } | |
| args { | |
| value: "JQ==" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 602 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:9" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:9" | |
| } | |
| object_id: 83 | |
| parent_object_ids { | |
| id: 81 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499493 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "MkZzY3JpcHQ+" | |
| } | |
| ret { | |
| tracked: true | |
| value: "c2NyaXB0Pg==" | |
| } | |
| args { | |
| value: "c2xpY2UoMiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 616 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:7" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:7" | |
| } | |
| object_id: 85 | |
| parent_object_ids { | |
| id: 83 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499494 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "W2InPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCcsIGInLycsIGInc2NyaXB0Pidd" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 620 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "29:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "29:36" | |
| } | |
| object_id: 86 | |
| parent_object_ids { | |
| id: 82 | |
| } | |
| parent_object_ids { | |
| id: 85 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499494 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| args { | |
| value: "cmVwbGFjZQ==" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "29:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "29:36" | |
| } | |
| object_id: 87 | |
| parent_object_ids { | |
| id: 86 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499495 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "WycnLCAnPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+JywgJydd" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 649 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:36" | |
| } | |
| object_id: 88 | |
| parent_object_ids { | |
| id: 87 | |
| } | |
| } | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499408 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "PATH_INFO" | |
| flags: 8 | |
| } | |
| field_name: "PATH_INFO" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| event_sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 8 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499424 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| args { | |
| value: "aXNvLTg4NTktMQ==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_bytes_from_wsgi" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 200 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 154 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 25 | |
| parent_object_ids { | |
| id: 8 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499426 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 156 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 27 | |
| parent_object_ids { | |
| id: 25 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499480 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoMSwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 164 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:45" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:45" | |
| } | |
| object_id: 77 | |
| parent_object_ids { | |
| id: 27 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499483 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoNiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 267 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:39" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:39" | |
| } | |
| object_id: 78 | |
| parent_object_ids { | |
| id: 77 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499489 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groupdict" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 260 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 79 | |
| parent_object_ids { | |
| id: 78 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499491 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Pattern" | |
| method_name: "split" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 643 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "P0,KWARG:string,KWARG:source" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 80 | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499495 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "urllib.parse" | |
| method_name: "unquote" | |
| arg_types: "str" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "P0,KWARG:string" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:36" | |
| } | |
| object_id: 89 | |
| parent_object_ids { | |
| id: 80 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499616 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "replace" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| ret { | |
| tracked: true | |
| value: "Jmx0O3NjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpJmx0Oy9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "PA==" | |
| } | |
| args { | |
| value: "Jmx0Ow==" | |
| } | |
| stack { | |
| declaring_class: "html.__init__.py" | |
| method_name: "escape" | |
| file_name: "html.__init__.py" | |
| line_number: 20 | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 40 | |
| } | |
| stack { | |
| declaring_class: "django.utils.functional.py" | |
| method_name: "wrapper" | |
| file_name: "django.utils.functional.py" | |
| line_number: 206 | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "conditional_escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 101 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_value_in_context" | |
| file_name: "django.template.base.py" | |
| line_number: 972 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 992 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| source: "OBJ,P1" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "4:30" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "34:42" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "4:30" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "34:42" | |
| } | |
| object_id: 113 | |
| parent_object_ids { | |
| id: 89 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499617 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "replace" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "Jmx0O3NjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpJmx0Oy9zY3JpcHQ+" | |
| } | |
| ret { | |
| tracked: true | |
| value: "Jmx0O3NjcmlwdCZndDthbGVydCgyMjIyMjIyMjIyMjIpJmx0Oy9zY3JpcHQmZ3Q7" | |
| } | |
| args { | |
| value: "Pg==" | |
| } | |
| args { | |
| value: "Jmd0Ow==" | |
| } | |
| stack { | |
| declaring_class: "html.__init__.py" | |
| method_name: "escape" | |
| file_name: "html.__init__.py" | |
| line_number: 21 | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 40 | |
| } | |
| stack { | |
| declaring_class: "django.utils.functional.py" | |
| method_name: "wrapper" | |
| file_name: "django.utils.functional.py" | |
| line_number: 206 | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "conditional_escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 101 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_value_in_context" | |
| file_name: "django.template.base.py" | |
| line_number: 972 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 992 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| source: "OBJ,P1" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:48" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:48" | |
| } | |
| taint_ranges { | |
| tag: "HTML_ENCODED" | |
| range: "0:48" | |
| } | |
| object_id: 114 | |
| parent_object_ids { | |
| id: 113 | |
| } | |
| } | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499408 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "PATH_INFO" | |
| flags: 8 | |
| } | |
| field_name: "PATH_INFO" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| event_sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 8 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499424 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| args { | |
| value: "aXNvLTg4NTktMQ==" | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 154 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_bytes_from_wsgi" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 200 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 25 | |
| parent_object_ids { | |
| id: 8 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499426 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 156 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 27 | |
| parent_object_ids { | |
| id: 25 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499480 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoMSwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 164 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:45" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:45" | |
| } | |
| object_id: 77 | |
| parent_object_ids { | |
| id: 27 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499483 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoNiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 267 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:39" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:39" | |
| } | |
| object_id: 78 | |
| parent_object_ids { | |
| id: 77 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499489 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groupdict" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 260 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 79 | |
| parent_object_ids { | |
| id: 78 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499491 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Pattern" | |
| method_name: "split" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 643 | |
| } | |
| source: "P0,KWARG:string,KWARG:source" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 80 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499492 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 601 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 81 | |
| parent_object_ids { | |
| id: 80 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499492 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "split" | |
| arg_types: "bytes" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPA==" | |
| } | |
| args { | |
| value: "JQ==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 602 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:28" | |
| } | |
| object_id: 82 | |
| parent_object_ids { | |
| id: 81 | |
| } | |
| } | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499408 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "PATH_INFO" | |
| flags: 8 | |
| } | |
| field_name: "PATH_INFO" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| event_sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 8 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499424 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| args { | |
| value: "aXNvLTg4NTktMQ==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_bytes_from_wsgi" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 200 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 154 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 25 | |
| parent_object_ids { | |
| id: 8 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499426 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 156 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 27 | |
| parent_object_ids { | |
| id: 25 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499480 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoMSwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 164 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:45" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:45" | |
| } | |
| object_id: 77 | |
| parent_object_ids { | |
| id: 27 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499483 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoNiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 267 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:39" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:39" | |
| } | |
| object_id: 78 | |
| parent_object_ids { | |
| id: 77 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499489 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groupdict" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 260 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 79 | |
| parent_object_ids { | |
| id: 78 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499491 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Pattern" | |
| method_name: "split" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 643 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "P0,KWARG:string,KWARG:source" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 80 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499492 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 601 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 81 | |
| parent_object_ids { | |
| id: 80 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499493 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "split" | |
| arg_types: "bytes" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "MkZzY3JpcHQ+" | |
| } | |
| args { | |
| value: "JQ==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 602 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:9" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:9" | |
| } | |
| object_id: 83 | |
| parent_object_ids { | |
| id: 81 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499493 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "MkZzY3JpcHQ+" | |
| } | |
| ret { | |
| tracked: true | |
| value: "c2NyaXB0Pg==" | |
| } | |
| args { | |
| value: "c2xpY2UoMiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 616 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:7" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:7" | |
| } | |
| object_id: 85 | |
| parent_object_ids { | |
| id: 83 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499494 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "W2InPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCcsIGInLycsIGInc2NyaXB0Pidd" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 620 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "29:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "29:36" | |
| } | |
| object_id: 86 | |
| parent_object_ids { | |
| id: 82 | |
| } | |
| parent_object_ids { | |
| id: 85 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499494 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| args { | |
| value: "cmVwbGFjZQ==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "29:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "29:36" | |
| } | |
| object_id: 87 | |
| parent_object_ids { | |
| id: 86 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499495 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "WycnLCAnPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+JywgJydd" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 649 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:36" | |
| } | |
| object_id: 88 | |
| parent_object_ids { | |
| id: 87 | |
| } | |
| } | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499408 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "PATH_INFO" | |
| flags: 8 | |
| } | |
| field_name: "PATH_INFO" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| event_sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 8 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499424 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| args { | |
| value: "aXNvLTg4NTktMQ==" | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 154 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_bytes_from_wsgi" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 200 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 25 | |
| parent_object_ids { | |
| id: 8 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499426 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 156 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 27 | |
| parent_object_ids { | |
| id: 25 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499480 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoMSwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 164 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:45" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:45" | |
| } | |
| object_id: 77 | |
| parent_object_ids { | |
| id: 27 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499483 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoNiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 267 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:39" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:39" | |
| } | |
| object_id: 78 | |
| parent_object_ids { | |
| id: 77 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499489 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groupdict" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 260 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 79 | |
| parent_object_ids { | |
| id: 78 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499491 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Pattern" | |
| method_name: "split" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 643 | |
| } | |
| source: "P0,KWARG:string,KWARG:source" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 80 | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499495 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "urllib.parse" | |
| method_name: "unquote" | |
| arg_types: "str" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| source: "P0,KWARG:string" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:36" | |
| } | |
| object_id: 89 | |
| parent_object_ids { | |
| id: 80 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499617 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "html" | |
| method_name: "escape" | |
| arg_types: "str" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "Jmx0O3NjcmlwdCZndDthbGVydCgyMjIyMjIyMjIyMjIpJmx0Oy9zY3JpcHQmZ3Q7" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 40 | |
| } | |
| stack { | |
| declaring_class: "django.utils.functional.py" | |
| method_name: "wrapper" | |
| file_name: "django.utils.functional.py" | |
| line_number: 206 | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "conditional_escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 101 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_value_in_context" | |
| file_name: "django.template.base.py" | |
| line_number: 972 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 992 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| source: "P0,KWARG:s" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:48" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:48" | |
| } | |
| taint_ranges { | |
| tag: "HTML_ENCODED" | |
| range: "0:48" | |
| } | |
| object_id: 115 | |
| parent_object_ids { | |
| id: 89 | |
| } | |
| } | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499408 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "PATH_INFO" | |
| flags: 8 | |
| } | |
| field_name: "PATH_INFO" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| event_sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 8 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499424 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| args { | |
| value: "aXNvLTg4NTktMQ==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_bytes_from_wsgi" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 200 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 154 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 25 | |
| parent_object_ids { | |
| id: 8 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499426 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 156 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 27 | |
| parent_object_ids { | |
| id: 25 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499480 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoMSwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 164 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:45" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:45" | |
| } | |
| object_id: 77 | |
| parent_object_ids { | |
| id: 27 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499483 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoNiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 267 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:39" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:39" | |
| } | |
| object_id: 78 | |
| parent_object_ids { | |
| id: 77 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499489 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groupdict" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 260 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 79 | |
| parent_object_ids { | |
| id: 78 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499491 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Pattern" | |
| method_name: "split" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 643 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "P0,KWARG:string,KWARG:source" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 80 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499492 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 601 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 81 | |
| parent_object_ids { | |
| id: 80 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499492 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "split" | |
| arg_types: "bytes" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPA==" | |
| } | |
| args { | |
| value: "JQ==" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 602 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:28" | |
| } | |
| object_id: 82 | |
| parent_object_ids { | |
| id: 81 | |
| } | |
| } | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499408 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "PATH_INFO" | |
| flags: 8 | |
| } | |
| field_name: "PATH_INFO" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| event_sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 8 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499424 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| args { | |
| value: "aXNvLTg4NTktMQ==" | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 154 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_bytes_from_wsgi" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 200 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 25 | |
| parent_object_ids { | |
| id: 8 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499426 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 156 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 27 | |
| parent_object_ids { | |
| id: 25 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499480 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoMSwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 164 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:45" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:45" | |
| } | |
| object_id: 77 | |
| parent_object_ids { | |
| id: 27 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499483 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoNiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 267 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:39" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:39" | |
| } | |
| object_id: 78 | |
| parent_object_ids { | |
| id: 77 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499489 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groupdict" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 260 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 79 | |
| parent_object_ids { | |
| id: 78 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499491 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Pattern" | |
| method_name: "split" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 643 | |
| } | |
| source: "P0,KWARG:string,KWARG:source" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 80 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499492 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 601 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 81 | |
| parent_object_ids { | |
| id: 80 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499493 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "split" | |
| arg_types: "bytes" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "MkZzY3JpcHQ+" | |
| } | |
| args { | |
| value: "JQ==" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 602 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:9" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:9" | |
| } | |
| object_id: 83 | |
| parent_object_ids { | |
| id: 81 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499493 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "MkZzY3JpcHQ+" | |
| } | |
| ret { | |
| tracked: true | |
| value: "c2NyaXB0Pg==" | |
| } | |
| args { | |
| value: "c2xpY2UoMiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 616 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:7" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:7" | |
| } | |
| object_id: 85 | |
| parent_object_ids { | |
| id: 83 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499494 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "W2InPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCcsIGInLycsIGInc2NyaXB0Pidd" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 620 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "29:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "29:36" | |
| } | |
| object_id: 86 | |
| parent_object_ids { | |
| id: 82 | |
| } | |
| parent_object_ids { | |
| id: 85 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499494 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| args { | |
| value: "cmVwbGFjZQ==" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "29:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "29:36" | |
| } | |
| object_id: 87 | |
| parent_object_ids { | |
| id: 86 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499495 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "WycnLCAnPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+JywgJydd" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 649 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:36" | |
| } | |
| object_id: 88 | |
| parent_object_ids { | |
| id: 87 | |
| } | |
| } | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499408 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "PATH_INFO" | |
| flags: 8 | |
| } | |
| field_name: "PATH_INFO" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| event_sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 8 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499424 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| args { | |
| value: "aXNvLTg4NTktMQ==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_bytes_from_wsgi" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 200 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 154 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 25 | |
| parent_object_ids { | |
| id: 8 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499426 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 156 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 27 | |
| parent_object_ids { | |
| id: 25 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499480 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoMSwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 164 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:45" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:45" | |
| } | |
| object_id: 77 | |
| parent_object_ids { | |
| id: 27 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499483 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoNiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 267 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:39" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:39" | |
| } | |
| object_id: 78 | |
| parent_object_ids { | |
| id: 77 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499489 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groupdict" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 260 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 79 | |
| parent_object_ids { | |
| id: 78 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499491 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Pattern" | |
| method_name: "split" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 643 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "P0,KWARG:string,KWARG:source" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 80 | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499495 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "urllib.parse" | |
| method_name: "unquote" | |
| arg_types: "str" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "P0,KWARG:string" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:36" | |
| } | |
| object_id: 89 | |
| parent_object_ids { | |
| id: 80 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499618 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "SafeString" | |
| class_name: "django.utils.html" | |
| method_name: "escape" | |
| arg_types: "str" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "Jmx0O3NjcmlwdCZndDthbGVydCgyMjIyMjIyMjIyMjIpJmx0Oy9zY3JpcHQmZ3Q7" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| stack { | |
| declaring_class: "django.utils.html.py" | |
| method_name: "conditional_escape" | |
| file_name: "django.utils.html.py" | |
| line_number: 101 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_value_in_context" | |
| file_name: "django.template.base.py" | |
| line_number: 972 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 992 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| source: "P0,KWARG:text" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:48" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:48" | |
| } | |
| taint_ranges { | |
| tag: "HTML_ENCODED" | |
| range: "0:48" | |
| } | |
| object_id: 116 | |
| parent_object_ids { | |
| id: 89 | |
| } | |
| } | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499408 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "PATH_INFO" | |
| flags: 8 | |
| } | |
| field_name: "PATH_INFO" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| event_sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 8 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499424 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| args { | |
| value: "aXNvLTg4NTktMQ==" | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 154 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_bytes_from_wsgi" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 200 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 25 | |
| parent_object_ids { | |
| id: 8 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499426 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 156 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 27 | |
| parent_object_ids { | |
| id: 25 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499480 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoMSwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 164 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:45" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:45" | |
| } | |
| object_id: 77 | |
| parent_object_ids { | |
| id: 27 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499483 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoNiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 267 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:39" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:39" | |
| } | |
| object_id: 78 | |
| parent_object_ids { | |
| id: 77 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499489 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groupdict" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 260 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 79 | |
| parent_object_ids { | |
| id: 78 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499491 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Pattern" | |
| method_name: "split" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 643 | |
| } | |
| source: "P0,KWARG:string,KWARG:source" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 80 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499492 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 601 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 81 | |
| parent_object_ids { | |
| id: 80 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499492 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "split" | |
| arg_types: "bytes" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPA==" | |
| } | |
| args { | |
| value: "JQ==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 602 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:28" | |
| } | |
| object_id: 82 | |
| parent_object_ids { | |
| id: 81 | |
| } | |
| } | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499408 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "PATH_INFO" | |
| flags: 8 | |
| } | |
| field_name: "PATH_INFO" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| event_sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 8 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499424 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| args { | |
| value: "aXNvLTg4NTktMQ==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_bytes_from_wsgi" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 200 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 154 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 25 | |
| parent_object_ids { | |
| id: 8 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499426 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 156 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 27 | |
| parent_object_ids { | |
| id: 25 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499480 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoMSwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 164 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:45" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:45" | |
| } | |
| object_id: 77 | |
| parent_object_ids { | |
| id: 27 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499483 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoNiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 267 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:39" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:39" | |
| } | |
| object_id: 78 | |
| parent_object_ids { | |
| id: 77 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499489 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groupdict" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 260 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 79 | |
| parent_object_ids { | |
| id: 78 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499491 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Pattern" | |
| method_name: "split" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 643 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "P0,KWARG:string,KWARG:source" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 80 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499492 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 601 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 81 | |
| parent_object_ids { | |
| id: 80 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499493 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "split" | |
| arg_types: "bytes" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| ret { | |
| tracked: true | |
| value: "MkZzY3JpcHQ+" | |
| } | |
| args { | |
| value: "JQ==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 602 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:9" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:9" | |
| } | |
| object_id: 83 | |
| parent_object_ids { | |
| id: 81 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499493 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "MkZzY3JpcHQ+" | |
| } | |
| ret { | |
| tracked: true | |
| value: "c2NyaXB0Pg==" | |
| } | |
| args { | |
| value: "c2xpY2UoMiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 616 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:7" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:7" | |
| } | |
| object_id: 85 | |
| parent_object_ids { | |
| id: 83 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499494 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "W2InPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCcsIGInLycsIGInc2NyaXB0Pidd" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote_to_bytes" | |
| file_name: "urllib.parse.py" | |
| line_number: 620 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "29:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "29:36" | |
| } | |
| object_id: 86 | |
| parent_object_ids { | |
| id: 82 | |
| } | |
| parent_object_ids { | |
| id: 85 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499494 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| arg_types: "str" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| args { | |
| value: "cmVwbGFjZQ==" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 647 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "29:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:28" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "29:36" | |
| } | |
| object_id: 87 | |
| parent_object_ids { | |
| id: 86 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499495 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "WycnLCAnPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+JywgJydd" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 649 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:36" | |
| } | |
| object_id: 88 | |
| parent_object_ids { | |
| id: 87 | |
| } | |
| } | |
| events { | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499408 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "wsgi.environ" | |
| method_name: "PATH_INFO" | |
| flags: 8 | |
| } | |
| field_name: "PATH_INFO" | |
| object { | |
| value: "eydQQVRIJzogJy9ob21lL3d3dy92ZW52L3Z1bG5fZGphbmdvX3BsYXkvYmluOi9ob20uLi50aWwuRmlsZVdyYXBwZXInPiwgJ3dlYm9iLmlzX2JvZHlfc2Vla2FibGUnOiBUcnVlfQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| event_sources { | |
| type: "URI" | |
| name: "PATH_INFO" | |
| } | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 8 | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499424 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| args { | |
| value: "aXNvLTg4NTktMQ==" | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 154 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_bytes_from_wsgi" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 200 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 25 | |
| parent_object_ids { | |
| id: 8 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499426 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "decode" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 132 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__init__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 69 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "get_path_info" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 156 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:46" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:46" | |
| } | |
| object_id: 27 | |
| parent_object_ids { | |
| id: 25 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499480 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "L3BvbGxzLzxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwlMkZzY3JpcHQ+Lw==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoMSwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 164 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:45" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:45" | |
| } | |
| object_id: 77 | |
| parent_object_ids { | |
| id: 27 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499483 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "subscript" | |
| arg_types: "slice" | |
| } | |
| object { | |
| value: "cG9sbHMvPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| args { | |
| value: "c2xpY2UoNiwgTm9uZSwgTm9uZSk=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 541 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 267 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:39" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:39" | |
| } | |
| object_id: 78 | |
| parent_object_ids { | |
| id: 77 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499489 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Match" | |
| method_name: "groupdict" | |
| } | |
| object { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4v" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 100 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 546 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "resolve" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 353 | |
| } | |
| stack { | |
| declaring_class: "django.urls.resolvers.py" | |
| method_name: "match" | |
| file_name: "django.urls.resolvers.py" | |
| line_number: 260 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 79 | |
| parent_object_ids { | |
| id: 78 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499491 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "re.Pattern" | |
| method_name: "split" | |
| arg_types: "Pattern" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| args { | |
| value: "cmUuY29tcGlsZSgnKFtceDAwLVx4N2ZdKyknKQ==" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| stack { | |
| declaring_class: "urllib.parse.py" | |
| method_name: "unquote" | |
| file_name: "urllib.parse.py" | |
| line_number: 643 | |
| } | |
| source: "P0,KWARG:string,KWARG:source" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:38" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:38" | |
| } | |
| object_id: 80 | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499495 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "urllib.parse" | |
| method_name: "unquote" | |
| arg_types: "str" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+" | |
| } | |
| args { | |
| value: "PHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPCUyRnNjcmlwdD4=" | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 89 | |
| } | |
| source: "P0,KWARG:string" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "0:36" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "0:36" | |
| } | |
| object_id: 89 | |
| parent_object_ids { | |
| id: 80 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499618 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "CgogICAgSSBnYXZlIHlvdSBiYWNrIDxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwvc2NyaXB0Pi4gSGFwcHkgYmlydGhkYXkuCgogICAg" | |
| } | |
| args { | |
| value: "WydcblxuICAgIEkgZ2F2ZSB5b3UgYmFjayAnLCAnPHNjcmlwdD5hbGVydCgyMjIyMjIyMjIyMjIpPC9zY3JpcHQ+JywgJy4gSGFwcHkgYmlydGhkYXkuXG5cbiAgICAnXQ==" | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 940 | |
| } | |
| stack { | |
| declaring_class: "django.template.defaulttags.py" | |
| method_name: "render" | |
| file_name: "django.template.defaulttags.py" | |
| line_number: 37 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "CROSS_SITE" | |
| range: "22:58" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "22:58" | |
| } | |
| object_id: 117 | |
| parent_object_ids { | |
| id: 89 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499620 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "CjxkaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIj48aDE+VGhpcyBwYWcuLi5pdiBjbGFzcz0icm93Ij4KICA8ZGl2IGNsYXNzPSJjb2wiPGxpPllvdSBzZW50IG1lICZsdDtzY3JpcHQmZ3Q7YWxlcnQoMjIyMjIyMjIyMjIyKSZsdDsvc2NyaXB0Jmd0Oy48L2xpPjwvZGl2Pgo8L2Rpdj4KPGRpdiBjbGFzcz0icm93Ij4KICA8ZGl2IGNsYXNzPSJjb2wiPgogICAgCgogICAgSSBnYXZlIHlvdSBiYWNrIDxzY3JpcHQ+YWxlcnQoMjIyMjIyMjIyMjIyKTwvc2NyaXB0Pi4gSGFwcHkgYmlydGhkYXkuCgogICAgCiAgPC9kaXY+CjwvZGl2Pgo=" | |
| } | |
| args { | |
| value: "WydcbjxkaXYgY2xhc3M9InJvdyI+XG4gIDxkaXYgY2xhc3M9ImNvbCI+PGgxPlRoaXMuLi4gSGFwcHkgYmlydGhkYXkuXG5cbiAgICAnLCAnXG4gIDwvZGl2PlxuPC9kaXY+XG4nXQ==" | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 940 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "103:151" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "235:271" | |
| } | |
| object_id: 118 | |
| parent_object_ids { | |
| id: 116 | |
| } | |
| parent_object_ids { | |
| id: 117 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499621 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "CjwhZG9jdHlwZSBodG1sPgo8aHRtbCBsYW5nPSJlbiI+CiAgPGhlYWQ+CiAgICA8IS0uLi5uayByZWw9InN0eWxlc2hlZXQiIHR5cGU9InRleHQvY3NzIiBocmVmPSIvc3RhdGljL3BvbGxzL3N0eWxlLmNzcyI+CiAgICA8dGl0bGU+VGhlIENvb2xlc3QgRGphbmdvIEFwcCBFdmVyLSBPaGggaGV5Li4uIHBsYWNlaG9sZGVyPSJTZWFyY2giIGFyaWEtbGFiZWw9IlNlYXJjaCIgYWN0aW9uPSIvcG9sbHMvc2VhcmNoLyIgbWV0aG9kPSJwb3N0Ij4KICAgICAgICAgICAgPGlucHV0IGNsYXNzPSJmb3JtLWNvLi4uaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIjxsaT5Zb3Ugc2VudCBtZSAmbHQ7c2NyaXB0Jmd0O2FsZXJ0KDIyMjIyMjIyMjIyMikmbHQ7L3NjcmlwdCZndDsuPC9saT48L2Rpdj4KPC9kaXY+CjxkaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIj4KICAgIAoKICAgIEkgZ2F2ZSB5b3UgYmFjayA8c2NyaXB0PmFsZXJ0KDIyMjIyMjIyMjIyMik8L3NjcmlwdD4uIEhhcHB5IGJpcnRoZGF5LgoKICAgIAogIDwvZGl2Pgo8L2Rpdj4KCgogICAgPC9kaS4uLiJhbm9ueW1vdXMiPjwvc2NyaXB0PgogIDwvZm9vdGVyPgo8L2JvZHk+CjwvaHRtbD4K" | |
| } | |
| args { | |
| value: "WycnLCAnXG48IWRvY3R5cGUgaHRtbD5cbjxodG1sIGxhbmc9ImVuIj5cbiAgPGhlYWQuLi5tb3VzIj48L3NjcmlwdD5cbiAgPC9mb290ZXI+XG48L2JvZHk+XG48L2h0bWw+XG4nXQ==" | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 940 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader_tags.py" | |
| method_name: "render" | |
| file_name: "django.template.loader_tags.py" | |
| line_number: 150 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render_annotated" | |
| file_name: "django.template.base.py" | |
| line_number: 903 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 936 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "103:108" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "109:118" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "221:235" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "338:386" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "470:506" | |
| } | |
| object_id: 119 | |
| parent_object_ids { | |
| id: 104 | |
| } | |
| parent_object_ids { | |
| id: 105 | |
| } | |
| parent_object_ids { | |
| id: 112 | |
| } | |
| parent_object_ids { | |
| id: 118 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499622 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "str" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "CjwhZG9jdHlwZSBodG1sPgo8aHRtbCBsYW5nPSJlbiI+CiAgPGhlYWQ+CiAgICA8IS0uLi5uayByZWw9InN0eWxlc2hlZXQiIHR5cGU9InRleHQvY3NzIiBocmVmPSIvc3RhdGljL3BvbGxzL3N0eWxlLmNzcyI+CiAgICA8dGl0bGU+VGhlIENvb2xlc3QgRGphbmdvIEFwcCBFdmVyLSBPaGggaGV5Li4uIHBsYWNlaG9sZGVyPSJTZWFyY2giIGFyaWEtbGFiZWw9IlNlYXJjaCIgYWN0aW9uPSIvcG9sbHMvc2VhcmNoLyIgbWV0aG9kPSJwb3N0Ij4KICAgICAgICAgICAgPGlucHV0IGNsYXNzPSJmb3JtLWNvLi4uaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIjxsaT5Zb3Ugc2VudCBtZSAmbHQ7c2NyaXB0Jmd0O2FsZXJ0KDIyMjIyMjIyMjIyMikmbHQ7L3NjcmlwdCZndDsuPC9saT48L2Rpdj4KPC9kaXY+CjxkaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIj4KICAgIAoKICAgIEkgZ2F2ZSB5b3UgYmFjayA8c2NyaXB0PmFsZXJ0KDIyMjIyMjIyMjIyMik8L3NjcmlwdD4uIEhhcHB5IGJpcnRoZGF5LgoKICAgIAogIDwvZGl2Pgo8L2Rpdj4KCgogICAgPC9kaS4uLiJhbm9ueW1vdXMiPjwvc2NyaXB0PgogIDwvZm9vdGVyPgo8L2JvZHk+CjwvaHRtbD4K" | |
| } | |
| args { | |
| value: "WydcbjwhZG9jdHlwZSBodG1sPlxuPGh0bWwgbGFuZz0iZW4iPlxuICA8aGVhZD5cbiAuLi5tb3VzIj48L3NjcmlwdD5cbiAgPC9mb290ZXI+XG48L2JvZHk+XG48L2h0bWw+XG4nXQ==" | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 940 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "_render" | |
| file_name: "django.template.base.py" | |
| line_number: 163 | |
| } | |
| stack { | |
| declaring_class: "django.template.base.py" | |
| method_name: "render" | |
| file_name: "django.template.base.py" | |
| line_number: 171 | |
| } | |
| stack { | |
| declaring_class: "django.template.backends.django.py" | |
| method_name: "render" | |
| file_name: "django.template.backends.django.py" | |
| line_number: 61 | |
| } | |
| stack { | |
| declaring_class: "django.template.loader.py" | |
| method_name: "render_to_string" | |
| file_name: "django.template.loader.py" | |
| line_number: 62 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 19 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "103:108" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "109:118" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "221:235" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "338:386" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "470:506" | |
| } | |
| object_id: 120 | |
| parent_object_ids { | |
| id: 119 | |
| } | |
| } | |
| events { | |
| action: O2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499625 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "encode" | |
| arg_types: "str" | |
| } | |
| object { | |
| value: "CjwhZG9jdHlwZSBodG1sPgo8aHRtbCBsYW5nPSJlbiI+CiAgPGhlYWQ+CiAgICA8IS0uLi4iYW5vbnltb3VzIj48L3NjcmlwdD4KICA8L2Zvb3Rlcj4KPC9ib2R5Pgo8L2h0bWw+Cg==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "CjwhZG9jdHlwZSBodG1sPgo8aHRtbCBsYW5nPSJlbiI+CiAgPGhlYWQ+CiAgICA8IS0uLi5uayByZWw9InN0eWxlc2hlZXQiIHR5cGU9InRleHQvY3NzIiBocmVmPSIvc3RhdGljL3BvbGxzL3N0eWxlLmNzcyI+CiAgICA8dGl0bGU+VGhlIENvb2xlc3QgRGphbmdvIEFwcCBFdmVyLSBPaGggaGV5Li4uIHBsYWNlaG9sZGVyPSJTZWFyY2giIGFyaWEtbGFiZWw9IlNlYXJjaCIgYWN0aW9uPSIvcG9sbHMvc2VhcmNoLyIgbWV0aG9kPSJwb3N0Ij4KICAgICAgICAgICAgPGlucHV0IGNsYXNzPSJmb3JtLWNvLi4uaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIjxsaT5Zb3Ugc2VudCBtZSAmbHQ7c2NyaXB0Jmd0O2FsZXJ0KDIyMjIyMjIyMjIyMikmbHQ7L3NjcmlwdCZndDsuPC9saT48L2Rpdj4KPC9kaXY+CjxkaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIj4KICAgIAoKICAgIEkgZ2F2ZSB5b3UgYmFjayA8c2NyaXB0PmFsZXJ0KDIyMjIyMjIyMjIyMik8L3NjcmlwdD4uIEhhcHB5IGJpcnRoZGF5LgoKICAgIAogIDwvZGl2Pgo8L2Rpdj4KCgogICAgPC9kaS4uLiJhbm9ueW1vdXMiPjwvc2NyaXB0PgogIDwvZm9vdGVyPgo8L2JvZHk+CjwvaHRtbD4K" | |
| } | |
| args { | |
| value: "dXRmLTg=" | |
| } | |
| stack { | |
| declaring_class: "django.http.response.py" | |
| method_name: "make_bytes" | |
| file_name: "django.http.response.py" | |
| line_number: 235 | |
| } | |
| stack { | |
| declaring_class: "django.http.response.py" | |
| method_name: "content" | |
| file_name: "django.http.response.py" | |
| line_number: 322 | |
| } | |
| stack { | |
| declaring_class: "django.http.response.py" | |
| method_name: "__init__" | |
| file_name: "django.http.response.py" | |
| line_number: 292 | |
| } | |
| stack { | |
| declaring_class: "django.shortcuts.py" | |
| method_name: "render" | |
| file_name: "django.shortcuts.py" | |
| line_number: 20 | |
| } | |
| stack { | |
| declaring_class: "polls.views.py" | |
| method_name: "inject" | |
| file_name: "polls.views.py" | |
| line_number: 88 | |
| } | |
| stack { | |
| declaring_class: "django.views.decorators.csrf.py" | |
| method_name: "wrapped_view" | |
| file_name: "django.views.decorators.csrf.py" | |
| line_number: 54 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "_get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 113 | |
| } | |
| source: "OBJ" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "103:108" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "109:118" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "221:235" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "338:386" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "470:506" | |
| } | |
| object_id: 121 | |
| parent_object_ids { | |
| id: 120 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499626 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "CjwhZG9jdHlwZSBodG1sPgo8aHRtbCBsYW5nPSJlbiI+CiAgPGhlYWQ+CiAgICA8IS0uLi5uayByZWw9InN0eWxlc2hlZXQiIHR5cGU9InRleHQvY3NzIiBocmVmPSIvc3RhdGljL3BvbGxzL3N0eWxlLmNzcyI+CiAgICA8dGl0bGU+VGhlIENvb2xlc3QgRGphbmdvIEFwcCBFdmVyLSBPaGggaGV5Li4uIHBsYWNlaG9sZGVyPSJTZWFyY2giIGFyaWEtbGFiZWw9IlNlYXJjaCIgYWN0aW9uPSIvcG9sbHMvc2VhcmNoLyIgbWV0aG9kPSJwb3N0Ij4KICAgICAgICAgICAgPGlucHV0IGNsYXNzPSJmb3JtLWNvLi4uaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIjxsaT5Zb3Ugc2VudCBtZSAmbHQ7c2NyaXB0Jmd0O2FsZXJ0KDIyMjIyMjIyMjIyMikmbHQ7L3NjcmlwdCZndDsuPC9saT48L2Rpdj4KPC9kaXY+CjxkaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIj4KICAgIAoKICAgIEkgZ2F2ZSB5b3UgYmFjayA8c2NyaXB0PmFsZXJ0KDIyMjIyMjIyMjIyMik8L3NjcmlwdD4uIEhhcHB5IGJpcnRoZGF5LgoKICAgIAogIDwvZGl2Pgo8L2Rpdj4KCgogICAgPC9kaS4uLiJhbm9ueW1vdXMiPjwvc2NyaXB0PgogIDwvZm9vdGVyPgo8L2JvZHk+CjwvaHRtbD4K" | |
| } | |
| args { | |
| value: "W2InXG48IWRvY3R5cGUgaHRtbD5cbjxodG1sIGxhbmc9ImVuIj5cbiAgPGhlYWQ+XG4uLi5tb3VzIj48L3NjcmlwdD5cbiAgPC9mb290ZXI+XG48L2JvZHk+XG48L2h0bWw+XG4nXQ==" | |
| } | |
| stack { | |
| declaring_class: "django.http.response.py" | |
| method_name: "content" | |
| file_name: "django.http.response.py" | |
| line_number: 309 | |
| } | |
| stack { | |
| declaring_class: "django.middleware.common.py" | |
| method_name: "process_response" | |
| file_name: "django.middleware.common.py" | |
| line_number: 113 | |
| } | |
| stack { | |
| declaring_class: "request_logging.middleware.py" | |
| method_name: "__call__" | |
| file_name: "request_logging.middleware.py" | |
| line_number: 104 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.base.py" | |
| method_name: "get_response" | |
| file_name: "django.core.handlers.base.py" | |
| line_number: 75 | |
| } | |
| stack { | |
| declaring_class: "django.core.handlers.wsgi.py" | |
| method_name: "__call__" | |
| file_name: "django.core.handlers.wsgi.py" | |
| line_number: 133 | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "103:108" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "109:118" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "221:235" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "338:386" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "470:506" | |
| } | |
| object_id: 122 | |
| parent_object_ids { | |
| id: 121 | |
| } | |
| } | |
| events { | |
| action: A2R | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499650 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "str" | |
| method_name: "join" | |
| arg_types: "list" | |
| } | |
| object { | |
| } | |
| ret { | |
| tracked: true | |
| value: "CjwhZG9jdHlwZSBodG1sPgo8aHRtbCBsYW5nPSJlbiI+CiAgPGhlYWQ+CiAgICA8IS0uLi5uayByZWw9InN0eWxlc2hlZXQiIHR5cGU9InRleHQvY3NzIiBocmVmPSIvc3RhdGljL3BvbGxzL3N0eWxlLmNzcyI+CiAgICA8dGl0bGU+VGhlIENvb2xlc3QgRGphbmdvIEFwcCBFdmVyLSBPaGggaGV5Li4uIHBsYWNlaG9sZGVyPSJTZWFyY2giIGFyaWEtbGFiZWw9IlNlYXJjaCIgYWN0aW9uPSIvcG9sbHMvc2VhcmNoLyIgbWV0aG9kPSJwb3N0Ij4KICAgICAgICAgICAgPGlucHV0IGNsYXNzPSJmb3JtLWNvLi4uaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIjxsaT5Zb3Ugc2VudCBtZSAmbHQ7c2NyaXB0Jmd0O2FsZXJ0KDIyMjIyMjIyMjIyMikmbHQ7L3NjcmlwdCZndDsuPC9saT48L2Rpdj4KPC9kaXY+CjxkaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIj4KICAgIAoKICAgIEkgZ2F2ZSB5b3UgYmFjayA8c2NyaXB0PmFsZXJ0KDIyMjIyMjIyMjIyMik8L3NjcmlwdD4uIEhhcHB5IGJpcnRoZGF5LgoKICAgIAogIDwvZGl2Pgo8L2Rpdj4KCgogICAgPC9kaS4uLiJhbm9ueW1vdXMiPjwvc2NyaXB0PgogIDwvZm9vdGVyPgo8L2JvZHk+CjwvaHRtbD4K" | |
| } | |
| args { | |
| value: "W2InXG48IWRvY3R5cGUgaHRtbD5cbjxodG1sIGxhbmc9ImVuIj5cbiAgPGhlYWQ+XG4uLi5tb3VzIj48L3NjcmlwdD5cbiAgPC9mb290ZXI+XG48L2JvZHk+XG48L2h0bWw+XG4nXQ==" | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "OBJ,P0" | |
| target: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "103:108" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "109:118" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "221:235" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "338:386" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "470:506" | |
| } | |
| object_id: 136 | |
| parent_object_ids { | |
| id: 122 | |
| } | |
| } | |
| events { | |
| action: TRIGGER | |
| type: TYPE_PROPAGATION | |
| timestamp_ms: 1637230499682 | |
| thread: "140106952505088" | |
| signature { | |
| return_type: "bytes" | |
| class_name: "django.core.handlers.wsgi" | |
| method_name: "vuln_django" | |
| flags: 8 | |
| } | |
| object { | |
| value: "Tm9uZQ==" | |
| } | |
| ret { | |
| tracked: true | |
| value: "CjwhZG9jdHlwZSBodG1sPgo8aHRtbCBsYW5nPSJlbiI+CiAgPGhlYWQ+CiAgICA8IS0uLi5uayByZWw9InN0eWxlc2hlZXQiIHR5cGU9InRleHQvY3NzIiBocmVmPSIvc3RhdGljL3BvbGxzL3N0eWxlLmNzcyI+CiAgICA8dGl0bGU+VGhlIENvb2xlc3QgRGphbmdvIEFwcCBFdmVyLSBPaGggaGV5Li4uIHBsYWNlaG9sZGVyPSJTZWFyY2giIGFyaWEtbGFiZWw9IlNlYXJjaCIgYWN0aW9uPSIvcG9sbHMvc2VhcmNoLyIgbWV0aG9kPSJwb3N0Ij4KICAgICAgICAgICAgPGlucHV0IGNsYXNzPSJmb3JtLWNvLi4uaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIjxsaT5Zb3Ugc2VudCBtZSAmbHQ7c2NyaXB0Jmd0O2FsZXJ0KDIyMjIyMjIyMjIyMikmbHQ7L3NjcmlwdCZndDsuPC9saT48L2Rpdj4KPC9kaXY+CjxkaXYgY2xhc3M9InJvdyI+CiAgPGRpdiBjbGFzcz0iY29sIj4KICAgIAoKICAgIEkgZ2F2ZSB5b3UgYmFjayA8c2NyaXB0PmFsZXJ0KDIyMjIyMjIyMjIyMik8L3NjcmlwdD4uIEhhcHB5IGJpcnRoZGF5LgoKICAgIAogIDwvZGl2Pgo8L2Rpdj4KCgogICAgPC9kaS4uLiJhbm9ueW1vdXMiPjwvc2NyaXB0PgogIDwvZm9vdGVyPgo8L2JvZHk+CjwvaHRtbD4K" | |
| } | |
| stack { | |
| declaring_class: "wsgiref.handlers.py" | |
| method_name: "run" | |
| file_name: "wsgiref.handlers.py" | |
| line_number: 137 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle_one_request" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 197 | |
| } | |
| stack { | |
| declaring_class: "django.core.servers.basehttp.py" | |
| method_name: "handle" | |
| file_name: "django.core.servers.basehttp.py" | |
| line_number: 172 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "__init__" | |
| file_name: "socketserver.py" | |
| line_number: 747 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "finish_request" | |
| file_name: "socketserver.py" | |
| line_number: 360 | |
| } | |
| stack { | |
| declaring_class: "socketserver.py" | |
| method_name: "process_request_thread" | |
| file_name: "socketserver.py" | |
| line_number: 683 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "run" | |
| file_name: "threading.py" | |
| line_number: 870 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap_inner" | |
| file_name: "threading.py" | |
| line_number: 932 | |
| } | |
| stack { | |
| declaring_class: "threading.py" | |
| method_name: "_bootstrap" | |
| file_name: "threading.py" | |
| line_number: 890 | |
| } | |
| source: "RETURN" | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "103:108" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "109:118" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "221:235" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "338:386" | |
| } | |
| taint_ranges { | |
| tag: "UNTRUSTED" | |
| range: "470:506" | |
| } | |
| object_id: 137 | |
| parent_object_ids { | |
| id: 136 | |
| } | |
| } | |
| preflight: "reflected-xss,608135912" | |
| version: 4 | |
| routes { | |
| verb: "GET" | |
| url: "{injector_str}s/" | |
| route: "polls.views.inject(request, injector_str)" | |
| } | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment