Merge pull request #15695 from github/tausbn/python-add-copy-method-as-copy-step

Python: Add `.copy()` method call as copy step
2025-12-17 01:03:14 +01:00 · 2024-03-11 09:43:34 +01:00
parent 6485dcc0fc f1392712ee
commit 42acd9c22c
2 changed files with 8 additions and 0 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
@@ -195,6 +195,8 @@ predicate copyStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
    call = API::moduleImport("copy").getMember(["copy", "deepcopy"]).getACall() and
    call.getArg(0) = nodeFrom
  )
+  or
+  nodeTo.(DataFlow::MethodCallNode).calls(nodeFrom, "copy")
 }

 /**
--- a/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.py
+++ b/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.py
@@ -216,3 +216,9 @@ def flow_from_within_deepcopy_fp():
 def flow_through_deepcopy_fp(x=[]):
    y = deepcopy(x)
    y.append(1)
+
+# Use of copy method:
+
+def flow_through_copy_fp(x=[]):
+    y = x.copy()
+    y.append(1)