hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5159 from tausbn/python-unknown-argument-in-format-string-fp

Browse Source 
Python: Add FP test for unknown argument in string format
This commit is contained in:
Rasmus Wriedt Larsen
2021-02-15 14:39:10 +01:00
committed by GitHub
parent b9a479dd31 2632422783
commit 1961ec6e8d
2 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/test/query-tests/Expressions/Formatting/UnusedNamedArgumentIn3101Format.expected
View File

@@ -6,3 +6,6 @@
| test.py:45:1:45:35 | format() | Surplus named argument for string format. An argument named 'z' is provided, but it is not required by $@. | test.py:39:14:39:18 | Str | any format used. |
| test.py:46:1:46:34 | Attribute() | Surplus named argument for string format. An argument named 'z' is provided, but it is not required by $@. | test.py:37:14:37:18 | Str | any format used. |
| test.py:46:1:46:34 | Attribute() | Surplus named argument for string format. An argument named 'z' is provided, but it is not required by $@. | test.py:39:14:39:18 | Str | any format used. |
| unknown_format_string.py:9:12:9:30 | Attribute() | Surplus named argument for string format. An argument named 'b' is provided, but it is not required by $@. | unknown_format_string.py:8:15:8:19 | Str | format "{a}" |
| unknown_format_string.py:17:12:17:30 | Attribute() | Surplus named argument for string format. An argument named 'b' is provided, but it is not required by $@. | unknown_format_string.py:16:15:16:19 | Str | format "{a}" |
| unknown_format_string.py:25:12:25:30 | Attribute() | Surplus named argument for string format. An argument named 'b' is provided, but it is not required by $@. | unknown_format_string.py:24:15:24:19 | Str | format "{a}" |

25
python/ql/test/query-tests/Expressions/Formatting/unknown_format_string.py Normal file
View File

@@ -0,0 +1,25 @@
# FP Reported in https://github.com/github/codeql/issues/2650
def possibly_unknown_format_string1(x):
user_specified = unknown_function()
if user_specified:
fmt = user_specified
else:
fmt = "{a}"
return fmt.format(a=1,b=2)
def possibly_unknown_format_string2(x):
user_specified = input()
if user_specified:
fmt = user_specified
else:
fmt = "{a}"
return fmt.format(a=1,b=2)
def possibly_unknown_format_string3(x):
if unknown_function():
fmt = input()
else:
fmt = "{a}"
return fmt.format(a=1,b=2)