Python: Model taint from re.<func> calls

2026-04-26 01:05:15 +02:00 · 2023-11-08 17:18:40 +01:00
parent 851c30e797
commit 4943fc5a57
2 changed files with 86 additions and 11 deletions
--- a/python/ql/test/library-tests/frameworks/stdlib/test_re.py
+++ b/python/ql/test/library-tests/frameworks/stdlib/test_re.py
@@ -13,29 +13,30 @@ ensure_tainted(
    re.fullmatch(pat, ts), # $ MISSING: tainted

    # other functions not returning Match objects
-    re.split(pat, ts), # $ MISSING: tainted
-    re.split(pat, ts)[0], # $ MISSING: tainted
+    re.split(pat, ts), # $ tainted
+    re.split(pat, ts)[0], # $ tainted

-    re.findall(pat, ts), # $ MISSING: tainted
+    re.findall(pat, ts), # $ tainted
+    re.findall(pat, ts)[0], # $ tainted

    re.finditer(pat, ts), # $ MISSING: tainted
-    [x for x in re.finditer(pat, ts)], # $ MISSING: tainted
+    [x for x in re.finditer(pat, ts)], # $ tainted

-    re.sub(pat, repl="safe", string=ts), # $ MISSING: tainted
-    re.sub(pat, repl=lambda m: ..., string=ts), # $ MISSING: tainted
-    re.sub(pat, repl=ts, string="safe"), # $ MISSING: tainted
-    re.sub(pat, repl=lambda m: ts, string="safe"), # $ MISSING: tainted
+    re.sub(pat, repl="safe", string=ts), # $ tainted
+    re.sub(pat, repl=lambda m: ..., string=ts), # $ tainted
+    re.sub(pat, repl=ts, string="safe"), # $ tainted
+    re.sub(pat, repl=lambda m: ts, string="safe"), # $ tainted

    re.subn(pat, repl="safe", string=ts), # $ MISSING: tainted
-    re.subn(pat, repl="safe", string=ts)[0], # $ MISSING: tainted // the string
+    re.subn(pat, repl="safe", string=ts)[0], # $ tainted // the string

    # same for compiled patterns
    compiled_pat.search(ts), # $ MISSING: tainted
    compiled_pat.match(ts), # $ MISSING: tainted
    compiled_pat.fullmatch(ts), # $ MISSING: tainted

-    compiled_pat.split(ts), # $ MISSING: tainted
-    compiled_pat.split(ts)[0], # $ MISSING: tainted
+    compiled_pat.split(ts), # $ tainted
+    compiled_pat.split(ts)[0], # $ tainted

    # ...