Python: Add taint tests for encode/decode functions

2025-12-20 10:46:30 +01:00 · 2020-08-24 14:44:01 +02:00
parent 31b398937a
commit 5125c7a55c
3 changed files with 63 additions and 0 deletions
--- a/python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll
+++ b/python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll
@@ -119,4 +119,7 @@ predicate stringMethods(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
      fmt.getRight() = nodeFrom.getNode()
    )
  )
+  // TODO: Handle encode/decode from base64/quopri
+  // TODO: Handle os.path.join
+  // TODO: Handle functions in https://docs.python.org/3/library/binascii.html
 }