Python: Highlight that any comparison will clear taint

2025-12-17 01:03:14 +01:00 · 2020-01-21 15:02:46 +01:00
parent 80997a3323
commit 1498145415
6 changed files with 36 additions and 0 deletions
--- a/python/ql/test/library-tests/taint/general/TestDefn.expected
+++ b/python/ql/test/library-tests/taint/general/TestDefn.expected
@@ -93,3 +93,6 @@
 | test.py:208 | List | test.py:208 | Taint sequence of simple.test | seq |
 | test.py:209 | For | test.py:209 | Taint simple.test | i |
 | test.py:213 | For | test.py:213 | Taint simple.test | x |
+| test.py:217 | SOURCE | test.py:217 | Taint simple.test | tainted |
+| test.py:223 | SOURCE | test.py:223 | Taint simple.test | tainted |
+| test.py:229 | SOURCE | test.py:229 | Taint simple.test | tainted |
--- a/python/ql/test/library-tests/taint/general/TestSink.expected
+++ b/python/ql/test/library-tests/taint/general/TestSink.expected
@@ -38,3 +38,4 @@
 | simple.test | test.py:195 | 197 | t | simple.test |
 | simple.test | test.py:195 | 199 | t | simple.test |
 | simple.test | test.py:208 | 214 | x | simple.test |
+| simple.test | test.py:217 | 220 | tainted | simple.test |
--- a/python/ql/test/library-tests/taint/general/TestSource.expected
+++ b/python/ql/test/library-tests/taint/general/TestSource.expected
@@ -45,3 +45,6 @@
 | test.py:195 | SOURCE | simple.test |
 | test.py:202 | ITERABLE_SOURCE | iterable.simple |
 | test.py:208 | SOURCE | simple.test |
+| test.py:217 | SOURCE | simple.test |
+| test.py:223 | SOURCE | simple.test |
+| test.py:229 | SOURCE | simple.test |
--- a/python/ql/test/library-tests/taint/general/TestStep.expected
+++ b/python/ql/test/library-tests/taint/general/TestStep.expected
@@ -199,3 +199,7 @@
 | simple.test | test.py:210 | i |  | --> | iterable.simple | test.py:213 | flow_in_generator() |  |
 | simple.test | test.py:210 | i |  | --> | sequence of simple.test | test.py:213 | flow_in_generator() |  |
 | simple.test | test.py:213 | For |  | --> | simple.test | test.py:214 | x |  |
+| simple.test | test.py:217 | SOURCE |  | --> | simple.test | test.py:218 | tainted |  |
+| simple.test | test.py:217 | SOURCE |  | --> | simple.test | test.py:220 | tainted |  |
+| simple.test | test.py:223 | SOURCE |  | --> | simple.test | test.py:224 | tainted |  |
+| simple.test | test.py:229 | SOURCE |  | --> | simple.test | test.py:230 | tainted |  |
--- a/python/ql/test/library-tests/taint/general/TestVar.expected
+++ b/python/ql/test/library-tests/taint/general/TestVar.expected
@@ -193,3 +193,10 @@
 | test.py:213 | x_0 | test.py:213 | Taint simple.test |
 | test.py:213 | x_1 | test.py:213 | Taint simple.test |
 | test.py:214 | x_2 | test.py:214 | Taint simple.test |
+| test.py:217 | tainted_0 | test.py:217 | Taint simple.test |
+| test.py:220 | tainted_3 | test.py:220 | Taint simple.test |
+| test.py:220 | tainted_4 | test.py:220 | Taint simple.test |
+| test.py:220 | tainted_5 | test.py:220 | Taint simple.test |
+| test.py:223 | tainted_0 | test.py:223 | Taint simple.test |
+| test.py:225 | tainted_1 | test.py:225 | Taint simple.test |
+| test.py:229 | tainted_0 | test.py:229 | Taint simple.test |
--- a/python/ql/test/library-tests/taint/general/test.py
+++ b/python/ql/test/library-tests/taint/general/test.py
@@ -213,3 +213,21 @@ def flow_from_generator():
    for x in flow_in_generator():
        SINK(x)

+def const_eq_clears_taint():
+    tainted = SOURCE
+    if tainted == "safe":
+        SINK(tainted) # safe
+    SINK(tainted) # unsafe
+
+def const_eq_clears_taint2():
+    tainted = SOURCE
+    if tainted != "safe":
+        return
+    SINK(tainted) # safe
+
+def non_const_eq_preserves_taint(x):
+    tainted = SOURCE
+    if tainted == tainted:
+        SINK(tainted) # unsafe
+    if tainted == x:
+        SINK(tainted) # unsafe