python: remove steps for container constructors

2026-04-18 13:34:02 +02:00 · 2023-05-12 13:29:27 +02:00
parent ac1df4de91
commit 145eaf3947
5 changed files with 14 additions and 21 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
@@ -181,13 +181,6 @@ predicate containerStep(DataFlow::CfgNode nodeFrom, DataFlow::Node nodeTo) {
  // don't provide that right now.
  DataFlowPrivate::comprehensionStoreStep(nodeFrom, _, nodeTo)
  or
-  // constructor call
-  exists(DataFlow::CallCfgNode call | call = nodeTo |
-    call = API::builtin(["list", "set", "frozenset", "dict", "tuple"]).getACall() and
-    call.getArg(0) = nodeFrom
-    // TODO: Properly handle defaultdict/namedtuple
-  )
-  or
  // functions operating on collections
  exists(DataFlow::CallCfgNode call | call = nodeTo |
    call = API::builtin(["sorted", "reversed", "iter", "next"]).getACall() and
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
@@ -28,19 +28,19 @@ def test_construction():
    )

    ensure_tainted(
-        list(tainted_list), # $ tainted
-        list(tainted_tuple), # $ tainted
-        list(tainted_set), # $ tainted
-        list(tainted_dict.values()), # $ tainted
-        list(tainted_dict.items()), # $ tainted
+        list(tainted_list), # $ MISSING: tainted
+        list(tainted_tuple), # $ MISSING: tainted
+        list(tainted_set), # $ MISSING: tainted
+        list(tainted_dict.values()), # $ MISSING: tainted
+        list(tainted_dict.items()), # $ MISSING: tainted

-        tuple(tainted_list), # $ tainted
-        set(tainted_list), # $ tainted
-        frozenset(tainted_list), # $ tainted
-        dict(tainted_dict), # $ tainted
+        tuple(tainted_list), # $ MISSING: tainted
+        set(tainted_list), # $ MISSING: tainted
+        frozenset(tainted_list), # $ MISSING: tainted
+        dict(tainted_dict), # $ MISSING: tainted
        dict(k = tainted_string)["k"], # $ MISSING: tainted
        dict(dict(k = tainted_string))["k"], # $ MISSING: tainted
-        dict(["k", tainted_string]), # $ tainted
+        dict(["k", tainted_string]), # $ MISSING: tainted
    )

    ensure_not_tainted(
--- a/python/ql/test/library-tests/frameworks/aiohttp/taint_test.py
+++ b/python/ql/test/library-tests/frameworks/aiohttp/taint_test.py
@@ -42,7 +42,7 @@ async def test_taint(request: web.Request): # $ requestHandler
        request.cookies.keys(), # $ MISSING: tainted
        request.cookies.values(), # $ tainted
        request.cookies.items(), # $ tainted
-        list(request.cookies), # $ tainted
+        list(request.cookies), # $ MISSING: tainted
        iter(request.cookies), # $ tainted


--- a/python/ql/test/library-tests/frameworks/flask/taint_test.py
+++ b/python/ql/test/library-tests/frameworks/flask/taint_test.py
@@ -112,7 +112,7 @@ def test_taint(name = "World!", number="0", foo="foo"):  # $requestHandler route
        request.headers.popitem()[0], # $ tainted
        request.headers.popitem()[1], # $ tainted
        # two ways to get (k, v) lists
-        list(request.headers), # $ tainted
+        list(request.headers), # $ MISSING: tainted
        request.headers.to_wsgi_list(), # $ tainted

        request.json, # $ tainted
--- a/python/ql/test/library-tests/frameworks/multidict/taint_test.py
+++ b/python/ql/test/library-tests/frameworks/multidict/taint_test.py
@@ -16,7 +16,7 @@ ensure_tainted(
    mdp.values(), # $ tainted
    mdp.items(), # $ tainted
    mdp.copy(), # $ tainted
-    list(mdp), # $ tainted
+    list(mdp), # $ MISSING: tainted
    iter(mdp), # $ tainted
 )

@@ -36,6 +36,6 @@ ensure_tainted(
    ci_mdp.values(), # $ tainted
    ci_mdp.items(), # $ tainted
    ci_mdp.copy(), # $ tainted
-    list(ci_mdp), # $ tainted
+    list(ci_mdp), # $ MISSING: tainted
    iter(ci_mdp), # $ tainted
 )