Python: Add taint-steps for MultiDictProxy

2026-05-01 11:45:14 +02:00 · 2021-05-27 10:49:50 +02:00
parent e76f02b016
commit 72e6a1489c
5 changed files with 85 additions and 5 deletions
--- a/python/ql/test/library-tests/frameworks/aiohttp/taint_test.py
+++ b/python/ql/test/library-tests/frameworks/aiohttp/taint_test.py
@@ -32,8 +32,8 @@ async def test_taint(request: web.Request): # $ requestHandler
        request.query, # $ tainted
        request.query["key"], # $ tainted
        request.query.get("key"), # $ tainted
-        request.query.getone("key"), # $ MISSING: tainted
-        request.query.getall("key"), # $ MISSING: tainted
+        request.query.getone("key"), # $ tainted
+        request.query.getall("key"), # $ tainted
        request.query.keys(), # $ MISSING: tainted
        request.query.values(), # $ tainted
        request.query.items(), # $ tainted
@@ -47,7 +47,7 @@ async def test_taint(request: web.Request): # $ requestHandler
        # an instance of the right class, and have the actual taint_test for that in a
        # different file!
        request.headers, # $ tainted
-        request.headers.getone("key"), # $ MISSING: tainted
+        request.headers.getone("key"), # $ tainted

        # https://docs.python.org/3/library/asyncio-protocol.html#asyncio-transport
        # TODO