Python: Allow provenance in additional taint steps

2026-04-26 09:15:12 +02:00 · 2024-05-16 14:04:10 +02:00
parent ea3cc51286
commit 20ea9255a1
2 changed files with 5 additions and 1 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
@@ -29,6 +29,8 @@ private module Cached {
    or
    any(AdditionalTaintStep a).step(nodeFrom, nodeTo) and
    model = "AdditionalTaintStep"
+    or
+    any(AdditionalTaintStep a).step(nodeFrom, nodeTo, model)
  }

  /**
--- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPublic.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPublic.qll
@@ -48,5 +48,7 @@ class AdditionalTaintStep extends Unit {
   * Holds if the step from `nodeFrom` to `nodeTo` should be considered a taint
   * step for all configurations.
   */
-  abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
+  predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { none() }
+
+  predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) { none() }
 }