Web Frameworks

PyCgi

The cgi module (deprecated in 3.11, removed in 3.13). cgi.FieldStorage collects form data for CGI scripts — each field value is a source. Any new code should not use cgi.

2 sources
Taint flow2 sources 0 sinks
Sources — untrusted input
.FieldStorage()
.parse()

Sources

.FieldStorage()Source
#
Signature
cgi.FieldStorage(fp=None, headers=None, outerboundary=b'', environ=os.environ, ...) -> FieldStorage

Parses form data. Each field is user-controlled.

tracks:return
.parse()Source
#
Signature
cgi.parse(fp=None, environ=os.environ, keep_blank_values=False, strict_parsing=False, separator='&') -> dict

Parses form data into a dict. Source.

tracks:return

Fully-Qualified Names

FQNField
cgifqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py
from codepathfinder.go_rule import PyCgi