Web Frameworks

PyWsgiref

The wsgiref module for WSGI utilities. simple_server.make_server is dev-only — production should use gunicorn or waitress. util.request_uri reconstructs the URL from environ and is a source.

1 source1 sink
Taint flow1 source 1 sink
Sources — untrusted input
.request_uri()
taint
Sinks — dangerous call
.make_server()

Sources

.request_uri()Source
#
Signature
wsgiref.util.request_uri(environ, include_query=True) -> str

Reconstructs the request URL. Source when environ reflects real traffic.

tracks:return

Sinks

.make_server()Sink
#
Signature
wsgiref.simple_server.make_server(host, port, app, ...) -> WSGIServer

Creates a development WSGI server. Finding on production use.

Fully-Qualified Names

FQNField
wsgireffqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py
from codepathfinder.go_rule import PyWsgiref