This code determines which functions have their arguments marked at tainted, for example by default the framework adaptor is Flask, so
@app.route('/')
def ito_en(image):will have arguments marked as tainted, whereas
def tea(request, param):will not. (The --adaptor D option, for Django, would mark the 2nd functions' arguments as tainted and not the first.)
There are currently 4 options for framework route criteria, in the framework_helper.py file:
- is_flask_route_function, the default, looks for a
routedecorator - is_django_view_function,
-a D, looks if the first argument is namedrequest - is_function_without_leading_,
-a P, looks if the function does not start with an underscore - is_function,
-a E, always returns True
FrameworkAdaptor is what __main__.py creates, it takes a framework_route_criteria that is chosen by the --adaptor cli argument. The framework_route_criteria is a function that takes an ast.FunctionDef and returns whether or not it is a route in the selected web framework.
We mark the arguments as tainted by looping through them and making them node type TaintedNode, where we then add them to the list of sources.
This currently is not smart enough to understand class-based views, so you will have to use -a P to mark most functions arguments as tainted, and trim false-positives yourself, this is easier with the --baseline and --json options.