Python: Taint when using unicode

2025-12-20 02:44:30 +01:00 · 2020-08-25 12:49:36 +02:00
parent 2a29e26687
commit 0439b83c60
3 changed files with 76 additions and 70 deletions
--- a/python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll
+++ b/python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll
@@ -67,11 +67,7 @@ predicate subscriptStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
 predicate stringMethods(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
  // transforming something tainted into a string will make the string tainted
  exists(CallNode call | call = nodeTo.getNode() |
-    (
-      call.getFunction().(NameNode).getId() = "str"
-      or
-      call.getFunction().(NameNode).getId() = "bytes"
-    ) and
+    call.getFunction().(NameNode).getId() in ["str", "bytes", "unicode"] and
    (
      nodeFrom.getNode() = call.getArg(0)
      or