Python: support user defined taint source

2026-05-01 11:45:14 +02:00 · 2021-11-02 14:59:27 +01:00
parent 5d7b09ac67
commit 07d5086b07
2 changed files with 7 additions and 1 deletions
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_async.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_async.py
@@ -45,7 +45,7 @@ async def test_async_for():
    iter = AsyncIter()
    taint(iter)
    async for tainted in iter:
-        ensure_tainted(tainted) # $ MISSING: tainted
+        ensure_tainted(tainted) # $ tainted



--- a/python/ql/test/experimental/meta/InlineTaintTest.qll
+++ b/python/ql/test/experimental/meta/InlineTaintTest.qll
@@ -38,6 +38,12 @@ class TestTaintTrackingConfiguration extends TaintTracking::Configuration {
        "TAINTED_STRING", "TAINTED_BYTES", "TAINTED_LIST", "TAINTED_DICT"
      ]
    or
+    // User defined sources
+    exists(CallNode call |
+      call.getFunction().(NameNode).getId() = "taint" and
+      source.(DataFlow::CfgNode).getNode() = call.getAnArg()
+    )
+    or
    source instanceof RemoteFlowSource
  }