sdk/python/Web Frameworks/PyCgi

PyCgi

The cgi module (deprecated in 3.11, removed in 3.13). cgi.FieldStorage collects form data for CGI scripts — each field value is a source. Any new code should not use cgi.

2 sources

Taint flow2 sources → 0 sinks

Sources — untrusted input

.FieldStorage()Parses form data

.parse()Parses form data into a dict

Sources

— user-controlled input enters here

.FieldStorage()Source

Signature

cgi.FieldStorage(fp=None, headers=None, outerboundary=b'', environ=os.environ, ...) -> FieldStorage

Parses form data. Each field is user-controlled.

tracks:return

.parse()Source

Signature

cgi.parse(fp=None, environ=os.environ, keep_blank_values=False, strict_parsing=False, separator='&') -> dict

Parses form data into a dict. Source.

tracks:return

Fully-Qualified Names

FQN	Field
cgi	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py

from codepathfinder.go_rule import PyCgi

← PreviousPyCelery

Next →PyCgitb