Merge pull request #14 from tonybaloney/fix_unsafe_cast

Fix unsafe cast
tonybaloney · Jan 20, 2020 · 4a09c15 · 4a09c15
2 parents a7a5b71 + c98f97f
commit 4a09c15
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 5 deletions.
diff --git a/HISTORY.md b/HISTORY.md
@@ -1,5 +1,12 @@
 # Release History
 
+## 1.0.13
+
+* Added [Django CSRF Middleware Validator](doc/checks/DJG200.md)
+* Added [Django Clickjack Middleware Validator](doc/checks/DJG201.md)
+* Added Django Middleware Fixer
+* Fixed bug where function references would be unsafely cast to a PyReferenceExpression and cause a fault
+
 ## 1.0.12
 
 * Added [Shell Escape Fixer](doc/fixes/shellescapefixer.md), recommended by [PR100](doc/checks/PR100.md)

diff --git a/build.gradle b/build.gradle
@@ -6,7 +6,7 @@ plugins {
 }
 
 group 'org.tonybaloney.security'
-version '1.0.12'
+version '1.0.13'
 
 repositories {
     mavenCentral()
@@ -33,10 +33,12 @@ intellij {
 
 patchPluginXml {
     changeNotes """
-      <h2>1.0.12</h2>
+      <h2>1.0.13</h2>
       <ul>
-        <li>Added a quick-fix for escaping shell input</li>
-        <li>More scenarios for shell injection detection</li>
+        <li>Added Django CSRF Middleware Validator </li>
+        <li>Added Django Clickjack Middleware Validator </li>
+        <li>Added Django Middleware Fixer </li>
+        <li>Fixed bug where function references would be unsafely cast to a PyReferenceExpression and cause a fault </li>
       </ul>"""
 }
 

diff --git a/src/main/java/security/helpers/QualifiedNames.kt b/src/main/java/security/helpers/QualifiedNames.kt
@@ -11,7 +11,8 @@ object QualifiedNames {
         val markedCallees = callExpression.multiResolveCallee(resolveContext)
         if (markedCallees.isEmpty()) {
             val firstChild = callExpression.firstChild ?: return null
-            val qualifiedName = (firstChild as PyReferenceExpression).asQualifiedName() ?: return null;
+            if (firstChild !is PyReferenceExpression) return null
+            val qualifiedName = (firstChild).asQualifiedName() ?: return null;
             return qualifiedName.toString()
         }
         else

diff --git a/src/test/java/security/helpers/QualifiedNamesTest.kt b/src/test/java/security/helpers/QualifiedNamesTest.kt
@@ -48,6 +48,15 @@ class QualifiedNamesTest: SecurityTestTask() {
         assertEquals(getQualifiedName(code), "math.floor")
     }
 
+    @Test
+    fun `test double brackets reference no arguments`(){
+        var code = """
+            import math
+            math.floor()()
+        """.trimIndent()
+        assertEquals(getQualifiedName(code), "math.floor")
+    }
+
     private fun getQualifiedName(code: String): String?{
         var name: String? = null
         ApplicationManager.getApplication().runReadAction {