hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

python: model string property of resultof finditer

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2024-10-09 12:40:47 +02:00
parent 073189ed6b
commit 494b8bd7e1
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
python/ql/lib/semmle/python/frameworks/Stdlib.qll
View File

@@ -3463,6 +3463,14 @@ module StdlibPrivate {
) and
preservesValue = false
)
or
// flow from input string to attribute on match object
exists(int arg | arg = methodName.(RegexExecutionMethod).getStringArgIndex() - offset |
input in ["Argument[" + arg + "]", "Argument[string:]"] and
methodName = "finditer" and
output = "ReturnValue.ListElement.Attribute[string]" and
preservesValue = true
)
)
}
}

4
python/ql/test/library-tests/frameworks/stdlib/test_re.py
View File

@@ -39,8 +39,8 @@ ensure_tainted(
compiled_pat.match(ts).string, # $ tainted
re.compile(ts).match("safe").re.pattern, # $ tainted
list(re.finditer(pat, ts))[0].string, # $ MISSING: tainted
[m.string for m in re.finditer(pat, ts)], # $ MISSING: tainted
list(re.finditer(pat, ts))[0].string, # $ tainted
[m.string for m in re.finditer(pat, ts)], # $ tainted
list(re.finditer(pat, ts))[0].groups()[0], # $ MISSING: tainted
[m.groups()[0] for m in re.finditer(pat, ts)], # $ MISSING: tainted