hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Move tests of collection-taint to own dir

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-01-20 13:37:34 +01:00
parent df8be438bb
commit 772538ff46
10 changed files with 301 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
python/ql/test/library-tests/taint/collections/Taint.qll Normal file
View File

@@ -0,0 +1,46 @@
import python
import semmle.python.security.TaintTracking
import semmle.python.security.strings.Untrusted
class SimpleSource extends TaintSource {
SimpleSource() { this.(NameNode).getId() = "TAINTED_STRING" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof ExternalStringKind
}
override string toString() {
result = "taint source"
}
}
class ListSource extends TaintSource {
ListSource() { this.(NameNode).getId() = "TAINTED_LIST" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof ExternalStringSequenceKind
}
override string toString() {
result = "list taint source"
}
}
class DictSource extends TaintSource {
DictSource() { this.(NameNode).getId() = "TAINTED_DICT" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof ExternalStringDictKind
}
override string toString() {
result = "dict taint source"
}
}

53
python/ql/test/library-tests/taint/collections/TestNode.expected Normal file
View File

@@ -0,0 +1,53 @@
| Taint [externally controlled string] | test.py:5 | test.py:5:20:5:35 | List | |
| Taint [externally controlled string] | test.py:6 | test.py:6:22:6:36 | Tuple | |
| Taint [externally controlled string] | test.py:10 | test.py:10:9:10:26 | list() | |
| Taint [externally controlled string] | test.py:10 | test.py:10:14:10:25 | tainted_list | |
| Taint [externally controlled string] | test.py:11 | test.py:11:9:11:27 | list() | |
| Taint [externally controlled string] | test.py:11 | test.py:11:14:11:26 | tainted_tuple | |
| Taint [externally controlled string] | test.py:13 | test.py:13:9:13:35 | list() | |
| Taint [externally controlled string] | test.py:13 | test.py:13:14:13:34 | Attribute() | |
| Taint [externally controlled string] | test.py:16 | test.py:16:9:16:27 | tuple() | |
| Taint [externally controlled string] | test.py:16 | test.py:16:15:16:26 | tainted_list | |
| Taint [externally controlled string] | test.py:17 | test.py:17:9:17:25 | set() | |
| Taint [externally controlled string] | test.py:17 | test.py:17:13:17:24 | tainted_list | |
| Taint [externally controlled string] | test.py:18 | test.py:18:19:18:30 | tainted_list | |
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | |
| Taint [externally controlled string] | test.py:22 | test.py:22:9:22:20 | tainted_list | |
| Taint [externally controlled string] | test.py:23 | test.py:23:9:23:20 | tainted_list | |
| Taint [externally controlled string] | test.py:24 | test.py:24:9:24:20 | tainted_list | |
| Taint [externally controlled string] | test.py:24 | test.py:24:9:24:25 | Subscript | |
| Taint [externally controlled string] | test.py:25 | test.py:25:9:25:20 | tainted_list | |
| Taint [externally controlled string] | test.py:25 | test.py:25:9:25:27 | Attribute() | |
| Taint [externally controlled string] | test.py:26 | test.py:26:15:26:26 | tainted_list | |
| Taint [externally controlled string] | test.py:27 | test.py:27:14:27:25 | tainted_list | |
| Taint [externally controlled string] | test.py:29 | test.py:29:14:29:35 | reversed() | |
| Taint [externally controlled string] | test.py:29 | test.py:29:23:29:34 | tainted_list | |
| Taint [externally controlled string] | test.py:37 | test.py:37:14:37:34 | Attribute() | |
| Taint externally controlled string | test.py:4 | test.py:4:22:4:35 | TAINTED_STRING | |
| Taint externally controlled string | test.py:5 | test.py:5:21:5:34 | tainted_string | |
| Taint externally controlled string | test.py:6 | test.py:6:22:6:35 | tainted_string | |
| Taint externally controlled string | test.py:7 | test.py:7:20:7:33 | tainted_string | |
| Taint externally controlled string | test.py:8 | test.py:8:28:8:41 | tainted_string | |
| Taint externally controlled string | test.py:22 | test.py:22:9:22:23 | Subscript | |
| Taint externally controlled string | test.py:23 | test.py:23:9:23:23 | Subscript | |
| Taint externally controlled string | test.py:27 | test.py:27:5:27:26 | For | |
| Taint externally controlled string | test.py:28 | test.py:28:9:28:9 | h | |
| Taint externally controlled string | test.py:29 | test.py:29:5:29:36 | For | |
| Taint externally controlled string | test.py:30 | test.py:30:9:30:9 | i | |
| Taint externally controlled string | test.py:34 | test.py:34:9:34:28 | Subscript | |
| Taint externally controlled string | test.py:35 | test.py:35:9:35:23 | Subscript | |
| Taint externally controlled string | test.py:37 | test.py:37:5:37:35 | For | |
| Taint externally controlled string | test.py:38 | test.py:38:9:38:9 | d | |
| Taint externally controlled string | test.py:44 | test.py:44:19:44:32 | TAINTED_STRING | |
| Taint externally controlled string | test.py:54 | test.py:54:5:54:47 | BinaryExpr | |
| Taint externally controlled string | test.py:54 | test.py:54:34:54:47 | TAINTED_STRING | |
| Taint {externally controlled string} | test.py:8 | test.py:8:20:8:42 | Dict | |
| Taint {externally controlled string} | test.py:13 | test.py:13:14:13:25 | tainted_dict | |
| Taint {externally controlled string} | test.py:14 | test.py:14:14:14:25 | tainted_dict | |
| Taint {externally controlled string} | test.py:33 | test.py:33:20:33:31 | TAINTED_DICT | |
| Taint {externally controlled string} | test.py:34 | test.py:34:9:34:20 | tainted_dict | |
| Taint {externally controlled string} | test.py:35 | test.py:35:9:35:20 | tainted_dict | |
| Taint {externally controlled string} | test.py:36 | test.py:36:9:36:20 | tainted_dict | |
| Taint {externally controlled string} | test.py:36 | test.py:36:9:36:27 | Attribute() | |
| Taint {externally controlled string} | test.py:37 | test.py:37:14:37:25 | tainted_dict | |
| Taint {externally controlled string} | test.py:39 | test.py:39:17:39:28 | tainted_dict | |

9
python/ql/test/library-tests/taint/collections/TestNode.ql Normal file
View File

@@ -0,0 +1,9 @@
import python
import semmle.python.security.TaintTracking
import Taint
from TaintedNode n
where n.getLocation().getFile().getName().matches("%test.py")
select "Taint " + n.getTaintKind(), n.getLocation().toString(), n.getCfgNode().getNode(), n.getContext()

48
python/ql/test/library-tests/taint/collections/TestStep.expected Normal file
View File

@@ -0,0 +1,48 @@
| Taint [externally controlled string] | test.py:5 | test.py:5:20:5:35 | List | | --> | Taint [externally controlled string] | test.py:10 | test.py:10:14:10:25 | tainted_list | |
| Taint [externally controlled string] | test.py:5 | test.py:5:20:5:35 | List | | --> | Taint [externally controlled string] | test.py:16 | test.py:16:15:16:26 | tainted_list | |
| Taint [externally controlled string] | test.py:5 | test.py:5:20:5:35 | List | | --> | Taint [externally controlled string] | test.py:17 | test.py:17:13:17:24 | tainted_list | |
| Taint [externally controlled string] | test.py:5 | test.py:5:20:5:35 | List | | --> | Taint [externally controlled string] | test.py:18 | test.py:18:19:18:30 | tainted_list | |
| Taint [externally controlled string] | test.py:6 | test.py:6:22:6:36 | Tuple | | --> | Taint [externally controlled string] | test.py:11 | test.py:11:14:11:26 | tainted_tuple | |
| Taint [externally controlled string] | test.py:10 | test.py:10:14:10:25 | tainted_list | | --> | Taint [externally controlled string] | test.py:10 | test.py:10:9:10:26 | list() | |
| Taint [externally controlled string] | test.py:11 | test.py:11:14:11:26 | tainted_tuple | | --> | Taint [externally controlled string] | test.py:11 | test.py:11:9:11:27 | list() | |
| Taint [externally controlled string] | test.py:13 | test.py:13:14:13:34 | Attribute() | | --> | Taint [externally controlled string] | test.py:13 | test.py:13:9:13:35 | list() | |
| Taint [externally controlled string] | test.py:16 | test.py:16:15:16:26 | tainted_list | | --> | Taint [externally controlled string] | test.py:16 | test.py:16:9:16:27 | tuple() | |
| Taint [externally controlled string] | test.py:17 | test.py:17:13:17:24 | tainted_list | | --> | Taint [externally controlled string] | test.py:17 | test.py:17:9:17:25 | set() | |
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:22 | test.py:22:9:22:20 | tainted_list | |
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:23 | test.py:23:9:23:20 | tainted_list | |
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:24 | test.py:24:9:24:20 | tainted_list | |
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:25 | test.py:25:9:25:20 | tainted_list | |
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:26 | test.py:26:15:26:26 | tainted_list | |
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:27 | test.py:27:14:27:25 | tainted_list | |
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:29 | test.py:29:23:29:34 | tainted_list | |
| Taint [externally controlled string] | test.py:22 | test.py:22:9:22:20 | tainted_list | | --> | Taint externally controlled string | test.py:22 | test.py:22:9:22:23 | Subscript | |
| Taint [externally controlled string] | test.py:23 | test.py:23:9:23:20 | tainted_list | | --> | Taint externally controlled string | test.py:23 | test.py:23:9:23:23 | Subscript | |
| Taint [externally controlled string] | test.py:24 | test.py:24:9:24:20 | tainted_list | | --> | Taint [externally controlled string] | test.py:24 | test.py:24:9:24:25 | Subscript | |
| Taint [externally controlled string] | test.py:25 | test.py:25:9:25:20 | tainted_list | | --> | Taint [externally controlled string] | test.py:25 | test.py:25:9:25:27 | Attribute() | |
| Taint [externally controlled string] | test.py:27 | test.py:27:14:27:25 | tainted_list | | --> | Taint externally controlled string | test.py:27 | test.py:27:5:27:26 | For | |
| Taint [externally controlled string] | test.py:29 | test.py:29:14:29:35 | reversed() | | --> | Taint externally controlled string | test.py:29 | test.py:29:5:29:36 | For | |
| Taint [externally controlled string] | test.py:29 | test.py:29:23:29:34 | tainted_list | | --> | Taint [externally controlled string] | test.py:29 | test.py:29:14:29:35 | reversed() | |
| Taint [externally controlled string] | test.py:37 | test.py:37:14:37:34 | Attribute() | | --> | Taint externally controlled string | test.py:37 | test.py:37:5:37:35 | For | |
| Taint externally controlled string | test.py:4 | test.py:4:22:4:35 | TAINTED_STRING | | --> | Taint externally controlled string | test.py:5 | test.py:5:21:5:34 | tainted_string | |
| Taint externally controlled string | test.py:4 | test.py:4:22:4:35 | TAINTED_STRING | | --> | Taint externally controlled string | test.py:6 | test.py:6:22:6:35 | tainted_string | |
| Taint externally controlled string | test.py:4 | test.py:4:22:4:35 | TAINTED_STRING | | --> | Taint externally controlled string | test.py:7 | test.py:7:20:7:33 | tainted_string | |
| Taint externally controlled string | test.py:4 | test.py:4:22:4:35 | TAINTED_STRING | | --> | Taint externally controlled string | test.py:8 | test.py:8:28:8:41 | tainted_string | |
| Taint externally controlled string | test.py:5 | test.py:5:21:5:34 | tainted_string | | --> | Taint [externally controlled string] | test.py:5 | test.py:5:20:5:35 | List | |
| Taint externally controlled string | test.py:6 | test.py:6:22:6:35 | tainted_string | | --> | Taint [externally controlled string] | test.py:6 | test.py:6:22:6:36 | Tuple | |
| Taint externally controlled string | test.py:8 | test.py:8:28:8:41 | tainted_string | | --> | Taint {externally controlled string} | test.py:8 | test.py:8:20:8:42 | Dict | |
| Taint externally controlled string | test.py:27 | test.py:27:5:27:26 | For | | --> | Taint externally controlled string | test.py:28 | test.py:28:9:28:9 | h | |
| Taint externally controlled string | test.py:29 | test.py:29:5:29:36 | For | | --> | Taint externally controlled string | test.py:30 | test.py:30:9:30:9 | i | |
| Taint externally controlled string | test.py:37 | test.py:37:5:37:35 | For | | --> | Taint externally controlled string | test.py:38 | test.py:38:9:38:9 | d | |
| Taint externally controlled string | test.py:54 | test.py:54:34:54:47 | TAINTED_STRING | | --> | Taint externally controlled string | test.py:54 | test.py:54:5:54:47 | BinaryExpr | |
| Taint {externally controlled string} | test.py:8 | test.py:8:20:8:42 | Dict | | --> | Taint {externally controlled string} | test.py:13 | test.py:13:14:13:25 | tainted_dict | |
| Taint {externally controlled string} | test.py:8 | test.py:8:20:8:42 | Dict | | --> | Taint {externally controlled string} | test.py:14 | test.py:14:14:14:25 | tainted_dict | |
| Taint {externally controlled string} | test.py:13 | test.py:13:14:13:25 | tainted_dict | | --> | Taint [externally controlled string] | test.py:13 | test.py:13:14:13:34 | Attribute() | |
| Taint {externally controlled string} | test.py:33 | test.py:33:20:33:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:34 | test.py:34:9:34:20 | tainted_dict | |
| Taint {externally controlled string} | test.py:33 | test.py:33:20:33:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:35 | test.py:35:9:35:20 | tainted_dict | |
| Taint {externally controlled string} | test.py:33 | test.py:33:20:33:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:36 | test.py:36:9:36:20 | tainted_dict | |
| Taint {externally controlled string} | test.py:33 | test.py:33:20:33:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:37 | test.py:37:14:37:25 | tainted_dict | |
| Taint {externally controlled string} | test.py:33 | test.py:33:20:33:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:39 | test.py:39:17:39:28 | tainted_dict | |
| Taint {externally controlled string} | test.py:34 | test.py:34:9:34:20 | tainted_dict | | --> | Taint externally controlled string | test.py:34 | test.py:34:9:34:28 | Subscript | |
| Taint {externally controlled string} | test.py:35 | test.py:35:9:35:20 | tainted_dict | | --> | Taint externally controlled string | test.py:35 | test.py:35:9:35:23 | Subscript | |
| Taint {externally controlled string} | test.py:36 | test.py:36:9:36:20 | tainted_dict | | --> | Taint {externally controlled string} | test.py:36 | test.py:36:9:36:27 | Attribute() | |
| Taint {externally controlled string} | test.py:37 | test.py:37:14:37:25 | tainted_dict | | --> | Taint [externally controlled string] | test.py:37 | test.py:37:14:37:34 | Attribute() | |

13
python/ql/test/library-tests/taint/collections/TestStep.ql Normal file
View File

@@ -0,0 +1,13 @@
import python
import semmle.python.security.TaintTracking
import Taint
from TaintedNode n, TaintedNode s
where n.getLocation().getFile().getName().matches("%test.py") and
s.getLocation().getFile().getName().matches("%test.py") and
s = n.getASuccessor()
select
"Taint " + n.getTaintKind(), n.getLocation().toString(), n.getAstNode(), n.getContext(),
" --> ",
"Taint " + s.getTaintKind(), s.getLocation().toString(), s.getAstNode(), s.getContext()

62
python/ql/test/library-tests/taint/collections/test.py Normal file
View File

@@ -0,0 +1,62 @@
from collections import defaultdict, namedtuple
def test_construction():
tainted_string = TAINTED_STRING
tainted_list = [tainted_string]
tainted_tuple = (tainted_string,)
tainted_set = {tainted_string} # TODO: set currently not handled
tainted_dict = {'key': tainted_string}
a = list(tainted_list)
b = list(tainted_tuple)
c = list(tainted_set) # TODO: set currently not handled
d = list(tainted_dict.values())
e = list(tainted_dict.items()) # TODO: dict.items() currently not handled
f = tuple(tainted_list)
g = set(tainted_list)
h = frozenset(tainted_list) # TODO: frozenset constructor currently not handled
def test_access():
tainted_list = TAINTED_LIST
a = tainted_list[0]
b = tainted_list[x]
c = tainted_list[y:z]
d = tainted_list.copy()
e, f, g = tainted_list # TODO: currently not handled
for h in tainted_list:
h
for i in reversed(tainted_list):
i
def test_dict_access(x):
tainted_dict = TAINTED_DICT
a = tainted_dict["name"]
b = tainted_dict[x]
c = tainted_dict.copy()
for d in tainted_dict.values():
d
for _, e in tainted_dict.items(): # TODO: dict.items() currently not handled
e
def test_named_tuple(): # TODO: namedtuple currently not handled
Point = namedtuple('Point', ['x', 'y'])
point = Point(TAINTED_STRING, 'const')
a = point[0]
b = point.x
c = point[1]
d = point.y
e, f = point
def test_defaultdict(key, x): # TODO: defaultdict currently not handled
tainted_default_dict = defaultdict(str)
tainted_default_dict[key] += TAINTED_STRING
a = tainted_dict["name"]
b = tainted_dict[x]
c = tainted_dict.copy()
for d in tainted_dict.values():
d
for _, e in tainted_dict.items():
e

32
python/ql/test/library-tests/taint/strings/DistinctStringKinds.expected
View File

@@ -1,16 +1,16 @@
| Taint exception.info | test.py:63 | test.py:63:22:63:26 | taint | p1 = exception.info |
| Taint exception.info | test.py:64 | test.py:64:12:64:22 | func() | p1 = exception.info |
| Taint exception.info | test.py:64 | test.py:64:17:64:21 | taint | p1 = exception.info |
| Taint exception.info | test.py:67 | test.py:67:12:67:33 | TAINTED_EXCEPTION_INFO | |
| Taint exception.info | test.py:68 | test.py:68:11:68:41 | cross_over() | |
| Taint exception.info | test.py:68 | test.py:68:37:68:40 | info | |
| Taint exception.info | test.py:70 | test.py:70:19:70:21 | arg | p0 = exception.info |
| Taint exception.info | test.py:71 | test.py:71:12:71:14 | arg | p0 = exception.info |
| Taint externally controlled string | test.py:63 | test.py:63:22:63:26 | taint | p1 = externally controlled string |
| Taint externally controlled string | test.py:64 | test.py:64:12:64:22 | func() | p1 = externally controlled string |
| Taint externally controlled string | test.py:64 | test.py:64:17:64:21 | taint | p1 = externally controlled string |
| Taint externally controlled string | test.py:70 | test.py:70:19:70:21 | arg | p0 = externally controlled string |
| Taint externally controlled string | test.py:71 | test.py:71:12:71:14 | arg | p0 = externally controlled string |
| Taint externally controlled string | test.py:74 | test.py:74:11:74:33 | TAINTED_EXTERNAL_STRING | |
| Taint externally controlled string | test.py:75 | test.py:75:11:75:41 | cross_over() | |
| Taint externally controlled string | test.py:75 | test.py:75:38:75:40 | ext | |
| Taint exception.info | test.py:41 | test.py:41:22:41:26 | taint | p1 = exception.info |
| Taint exception.info | test.py:42 | test.py:42:12:42:22 | func() | p1 = exception.info |
| Taint exception.info | test.py:42 | test.py:42:17:42:21 | taint | p1 = exception.info |
| Taint exception.info | test.py:45 | test.py:45:12:45:33 | TAINTED_EXCEPTION_INFO | |
| Taint exception.info | test.py:46 | test.py:46:11:46:41 | cross_over() | |
| Taint exception.info | test.py:46 | test.py:46:37:46:40 | info | |
| Taint exception.info | test.py:48 | test.py:48:19:48:21 | arg | p0 = exception.info |
| Taint exception.info | test.py:49 | test.py:49:12:49:14 | arg | p0 = exception.info |
| Taint externally controlled string | test.py:41 | test.py:41:22:41:26 | taint | p1 = externally controlled string |
| Taint externally controlled string | test.py:42 | test.py:42:12:42:22 | func() | p1 = externally controlled string |
| Taint externally controlled string | test.py:42 | test.py:42:17:42:21 | taint | p1 = externally controlled string |
| Taint externally controlled string | test.py:48 | test.py:48:19:48:21 | arg | p0 = externally controlled string |
| Taint externally controlled string | test.py:49 | test.py:49:12:49:14 | arg | p0 = externally controlled string |
| Taint externally controlled string | test.py:52 | test.py:52:11:52:33 | TAINTED_EXTERNAL_STRING | |
| Taint externally controlled string | test.py:53 | test.py:53:11:53:41 | cross_over() | |
| Taint externally controlled string | test.py:53 | test.py:53:38:53:40 | ext | |

86
python/ql/test/library-tests/taint/strings/TestNode.expected
View File

@@ -1,14 +1,3 @@
| Taint [externally controlled string] | test.py:12 | test.py:12:20:12:31 | TAINTED_LIST | |
| Taint [externally controlled string] | test.py:13 | test.py:13:9:13:20 | tainted_list | |
| Taint [externally controlled string] | test.py:14 | test.py:14:9:14:20 | tainted_list | |
| Taint [externally controlled string] | test.py:15 | test.py:15:9:15:20 | tainted_list | |
| Taint [externally controlled string] | test.py:15 | test.py:15:9:15:25 | Subscript | |
| Taint [externally controlled string] | test.py:16 | test.py:16:9:16:20 | tainted_list | |
| Taint [externally controlled string] | test.py:16 | test.py:16:9:16:27 | Attribute() | |
| Taint [externally controlled string] | test.py:17 | test.py:17:15:17:26 | tainted_list | |
| Taint [externally controlled string] | test.py:24 | test.py:24:14:24:34 | Attribute() | |
| Taint [externally controlled string] | test.py:39 | test.py:39:20:39:35 | List | |
| Taint [externally controlled string] | test.py:40 | test.py:40:22:40:36 | Tuple | |
| Taint externally controlled string | test.py:5 | test.py:5:22:5:28 | TAINTED | |
| Taint externally controlled string | test.py:6 | test.py:6:31:6:44 | tainted_string | |
| Taint externally controlled string | test.py:7 | test.py:7:9:7:25 | Subscript | |
@@ -16,44 +5,35 @@
| Taint externally controlled string | test.py:8 | test.py:8:9:8:18 | Attribute() | |
| Taint externally controlled string | test.py:9 | test.py:9:9:9:9 | b | |
| Taint externally controlled string | test.py:9 | test.py:9:9:9:14 | Subscript | |
| Taint externally controlled string | test.py:13 | test.py:13:9:13:23 | Subscript | |
| Taint externally controlled string | test.py:14 | test.py:14:9:14:23 | Subscript | |
| Taint externally controlled string | test.py:21 | test.py:21:9:21:28 | Subscript | |
| Taint externally controlled string | test.py:22 | test.py:22:9:22:23 | Subscript | |
| Taint externally controlled string | test.py:24 | test.py:24:5:24:35 | For | |
| Taint externally controlled string | test.py:25 | test.py:25:9:25:9 | d | |
| Taint externally controlled string | test.py:31 | test.py:31:22:31:28 | TAINTED | |
| Taint externally controlled string | test.py:32 | test.py:32:9:32:22 | tainted_string | |
| Taint externally controlled string | test.py:32 | test.py:32:9:32:31 | Attribute() | |
| Taint externally controlled string | test.py:33 | test.py:33:9:33:22 | tainted_string | |
| Taint externally controlled string | test.py:33 | test.py:33:9:33:29 | Attribute() | |
| Taint externally controlled string | test.py:34 | test.py:34:9:34:22 | tainted_string | |
| Taint externally controlled string | test.py:34 | test.py:34:9:34:25 | Subscript | |
| Taint externally controlled string | test.py:35 | test.py:35:9:35:22 | tainted_string | |
| Taint externally controlled string | test.py:35 | test.py:35:9:35:27 | Subscript | |
| Taint externally controlled string | test.py:36 | test.py:36:9:36:32 | reversed() | |
| Taint externally controlled string | test.py:36 | test.py:36:18:36:31 | tainted_string | |
| Taint externally controlled string | test.py:37 | test.py:37:9:37:28 | copy() | |
| Taint externally controlled string | test.py:37 | test.py:37:14:37:27 | tainted_string | |
| Taint externally controlled string | test.py:38 | test.py:38:9:38:22 | tainted_string | |
| Taint externally controlled string | test.py:38 | test.py:38:9:38:30 | Attribute() | |
| Taint externally controlled string | test.py:39 | test.py:39:21:39:34 | tainted_string | |
| Taint externally controlled string | test.py:40 | test.py:40:22:40:35 | tainted_string | |
| Taint externally controlled string | test.py:41 | test.py:41:28:41:41 | tainted_string | |
| Taint externally controlled string | test.py:44 | test.py:44:22:44:28 | TAINTED | |
| Taint externally controlled string | test.py:45 | test.py:45:8:45:21 | tainted_string | |
| Taint externally controlled string | test.py:48 | test.py:48:23:48:36 | tainted_string | |
| Taint externally controlled string | test.py:51 | test.py:51:22:51:28 | TAINTED | |
| Taint externally controlled string | test.py:52 | test.py:52:8:52:21 | tainted_string | |
| Taint externally controlled string | test.py:52 | test.py:52:34:52:47 | tainted_string | |
| Taint externally controlled string | test.py:55 | test.py:55:23:55:36 | tainted_string | |
| Taint externally controlled string | test.py:58 | test.py:58:22:58:28 | TAINTED | |
| Taint externally controlled string | test.py:59 | test.py:59:9:59:27 | str() | |
| Taint externally controlled string | test.py:59 | test.py:59:13:59:26 | tainted_string | |
| Taint externally controlled string | test.py:60 | test.py:60:9:60:29 | bytes() | |
| Taint externally controlled string | test.py:60 | test.py:60:15:60:28 | tainted_string | |
| Taint externally controlled string | test.py:61 | test.py:61:9:61:46 | bytes() | |
| Taint externally controlled string | test.py:61 | test.py:61:15:61:28 | tainted_string | |
| Taint externally controlled string | test.py:12 | test.py:12:22:12:28 | TAINTED | |
| Taint externally controlled string | test.py:13 | test.py:13:9:13:22 | tainted_string | |
| Taint externally controlled string | test.py:13 | test.py:13:9:13:31 | Attribute() | |
| Taint externally controlled string | test.py:14 | test.py:14:9:14:22 | tainted_string | |
| Taint externally controlled string | test.py:14 | test.py:14:9:14:29 | Attribute() | |
| Taint externally controlled string | test.py:15 | test.py:15:9:15:22 | tainted_string | |
| Taint externally controlled string | test.py:15 | test.py:15:9:15:25 | Subscript | |
| Taint externally controlled string | test.py:16 | test.py:16:9:16:22 | tainted_string | |
| Taint externally controlled string | test.py:16 | test.py:16:9:16:27 | Subscript | |
| Taint externally controlled string | test.py:17 | test.py:17:9:17:32 | reversed() | |
| Taint externally controlled string | test.py:17 | test.py:17:18:17:31 | tainted_string | |
| Taint externally controlled string | test.py:18 | test.py:18:9:18:28 | copy() | |
| Taint externally controlled string | test.py:18 | test.py:18:14:18:27 | tainted_string | |
| Taint externally controlled string | test.py:19 | test.py:19:9:19:22 | tainted_string | |
| Taint externally controlled string | test.py:19 | test.py:19:9:19:30 | Attribute() | |
| Taint externally controlled string | test.py:22 | test.py:22:22:22:28 | TAINTED | |
| Taint externally controlled string | test.py:23 | test.py:23:8:23:21 | tainted_string | |
| Taint externally controlled string | test.py:26 | test.py:26:23:26:36 | tainted_string | |
| Taint externally controlled string | test.py:29 | test.py:29:22:29:28 | TAINTED | |
| Taint externally controlled string | test.py:30 | test.py:30:8:30:21 | tainted_string | |
| Taint externally controlled string | test.py:30 | test.py:30:34:30:47 | tainted_string | |
| Taint externally controlled string | test.py:33 | test.py:33:23:33:36 | tainted_string | |
| Taint externally controlled string | test.py:36 | test.py:36:22:36:28 | TAINTED | |
| Taint externally controlled string | test.py:37 | test.py:37:9:37:27 | str() | |
| Taint externally controlled string | test.py:37 | test.py:37:13:37:26 | tainted_string | |
| Taint externally controlled string | test.py:38 | test.py:38:9:38:29 | bytes() | |
| Taint externally controlled string | test.py:38 | test.py:38:15:38:28 | tainted_string | |
| Taint externally controlled string | test.py:39 | test.py:39:9:39:46 | bytes() | |
| Taint externally controlled string | test.py:39 | test.py:39:15:39:28 | tainted_string | |
| Taint json[externally controlled string] | test.py:6 | test.py:6:20:6:45 | Attribute() | |
| Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:20 | tainted_json | |
| Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:25 | Subscript | |
@@ -61,11 +41,3 @@
| Taint json[externally controlled string] | test.py:8 | test.py:8:9:8:18 | Attribute() | |
| Taint json[externally controlled string] | test.py:9 | test.py:9:9:9:9 | b | |
| Taint json[externally controlled string] | test.py:9 | test.py:9:9:9:14 | Subscript | |
| Taint {externally controlled string} | test.py:20 | test.py:20:20:20:31 | TAINTED_DICT | |
| Taint {externally controlled string} | test.py:21 | test.py:21:9:21:20 | tainted_dict | |
| Taint {externally controlled string} | test.py:22 | test.py:22:9:22:20 | tainted_dict | |
| Taint {externally controlled string} | test.py:23 | test.py:23:9:23:20 | tainted_dict | |
| Taint {externally controlled string} | test.py:23 | test.py:23:9:23:27 | Attribute() | |
| Taint {externally controlled string} | test.py:24 | test.py:24:14:24:25 | tainted_dict | |
| Taint {externally controlled string} | test.py:27 | test.py:27:17:27:28 | tainted_dict | |
| Taint {externally controlled string} | test.py:41 | test.py:41:20:41:42 | Dict | |

76
python/ql/test/library-tests/taint/strings/TestStep.expected
View File

@@ -1,49 +1,32 @@
| Taint [externally controlled string] | test.py:12 | test.py:12:20:12:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:13 | test.py:13:9:13:20 | tainted_list | |
| Taint [externally controlled string] | test.py:12 | test.py:12:20:12:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:14 | test.py:14:9:14:20 | tainted_list | |
| Taint [externally controlled string] | test.py:12 | test.py:12:20:12:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:15 | test.py:15:9:15:20 | tainted_list | |
| Taint [externally controlled string] | test.py:12 | test.py:12:20:12:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:16 | test.py:16:9:16:20 | tainted_list | |
| Taint [externally controlled string] | test.py:12 | test.py:12:20:12:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:17 | test.py:17:15:17:26 | tainted_list | |
| Taint [externally controlled string] | test.py:13 | test.py:13:9:13:20 | tainted_list | | --> | Taint externally controlled string | test.py:13 | test.py:13:9:13:23 | Subscript | |
| Taint [externally controlled string] | test.py:14 | test.py:14:9:14:20 | tainted_list | | --> | Taint externally controlled string | test.py:14 | test.py:14:9:14:23 | Subscript | |
| Taint [externally controlled string] | test.py:15 | test.py:15:9:15:20 | tainted_list | | --> | Taint [externally controlled string] | test.py:15 | test.py:15:9:15:25 | Subscript | |
| Taint [externally controlled string] | test.py:16 | test.py:16:9:16:20 | tainted_list | | --> | Taint [externally controlled string] | test.py:16 | test.py:16:9:16:27 | Attribute() | |
| Taint [externally controlled string] | test.py:24 | test.py:24:14:24:34 | Attribute() | | --> | Taint externally controlled string | test.py:24 | test.py:24:5:24:35 | For | |
| Taint externally controlled string | test.py:5 | test.py:5:22:5:28 | TAINTED | | --> | Taint externally controlled string | test.py:6 | test.py:6:31:6:44 | tainted_string | |
| Taint externally controlled string | test.py:6 | test.py:6:31:6:44 | tainted_string | | --> | Taint json[externally controlled string] | test.py:6 | test.py:6:20:6:45 | Attribute() | |
| Taint externally controlled string | test.py:7 | test.py:7:9:7:25 | Subscript | | --> | Taint externally controlled string | test.py:8 | test.py:8:9:8:9 | a | |
| Taint externally controlled string | test.py:8 | test.py:8:9:8:18 | Attribute() | | --> | Taint externally controlled string | test.py:9 | test.py:9:9:9:9 | b | |
| Taint externally controlled string | test.py:24 | test.py:24:5:24:35 | For | | --> | Taint externally controlled string | test.py:25 | test.py:25:9:25:9 | d | |
| Taint externally controlled string | test.py:31 | test.py:31:22:31:28 | TAINTED | | --> | Taint externally controlled string | test.py:32 | test.py:32:9:32:22 | tainted_string | |
| Taint externally controlled string | test.py:31 | test.py:31:22:31:28 | TAINTED | | --> | Taint externally controlled string | test.py:33 | test.py:33:9:33:22 | tainted_string | |
| Taint externally controlled string | test.py:31 | test.py:31:22:31:28 | TAINTED | | --> | Taint externally controlled string | test.py:34 | test.py:34:9:34:22 | tainted_string | |
| Taint externally controlled string | test.py:31 | test.py:31:22:31:28 | TAINTED | | --> | Taint externally controlled string | test.py:35 | test.py:35:9:35:22 | tainted_string | |
| Taint externally controlled string | test.py:31 | test.py:31:22:31:28 | TAINTED | | --> | Taint externally controlled string | test.py:36 | test.py:36:18:36:31 | tainted_string | |
| Taint externally controlled string | test.py:31 | test.py:31:22:31:28 | TAINTED | | --> | Taint externally controlled string | test.py:37 | test.py:37:14:37:27 | tainted_string | |
| Taint externally controlled string | test.py:31 | test.py:31:22:31:28 | TAINTED | | --> | Taint externally controlled string | test.py:38 | test.py:38:9:38:22 | tainted_string | |
| Taint externally controlled string | test.py:31 | test.py:31:22:31:28 | TAINTED | | --> | Taint externally controlled string | test.py:39 | test.py:39:21:39:34 | tainted_string | |
| Taint externally controlled string | test.py:31 | test.py:31:22:31:28 | TAINTED | | --> | Taint externally controlled string | test.py:40 | test.py:40:22:40:35 | tainted_string | |
| Taint externally controlled string | test.py:31 | test.py:31:22:31:28 | TAINTED | | --> | Taint externally controlled string | test.py:41 | test.py:41:28:41:41 | tainted_string | |
| Taint externally controlled string | test.py:32 | test.py:32:9:32:22 | tainted_string | | --> | Taint externally controlled string | test.py:32 | test.py:32:9:32:31 | Attribute() | |
| Taint externally controlled string | test.py:33 | test.py:33:9:33:22 | tainted_string | | --> | Taint externally controlled string | test.py:33 | test.py:33:9:33:29 | Attribute() | |
| Taint externally controlled string | test.py:34 | test.py:34:9:34:22 | tainted_string | | --> | Taint externally controlled string | test.py:34 | test.py:34:9:34:25 | Subscript | |
| Taint externally controlled string | test.py:35 | test.py:35:9:35:22 | tainted_string | | --> | Taint externally controlled string | test.py:35 | test.py:35:9:35:27 | Subscript | |
| Taint externally controlled string | test.py:36 | test.py:36:18:36:31 | tainted_string | | --> | Taint externally controlled string | test.py:36 | test.py:36:9:36:32 | reversed() | |
| Taint externally controlled string | test.py:37 | test.py:37:14:37:27 | tainted_string | | --> | Taint externally controlled string | test.py:37 | test.py:37:9:37:28 | copy() | |
| Taint externally controlled string | test.py:38 | test.py:38:9:38:22 | tainted_string | | --> | Taint externally controlled string | test.py:38 | test.py:38:9:38:30 | Attribute() | |
| Taint externally controlled string | test.py:39 | test.py:39:21:39:34 | tainted_string | | --> | Taint [externally controlled string] | test.py:39 | test.py:39:20:39:35 | List | |
| Taint externally controlled string | test.py:40 | test.py:40:22:40:35 | tainted_string | | --> | Taint [externally controlled string] | test.py:40 | test.py:40:22:40:36 | Tuple | |
| Taint externally controlled string | test.py:41 | test.py:41:28:41:41 | tainted_string | | --> | Taint {externally controlled string} | test.py:41 | test.py:41:20:41:42 | Dict | |
| Taint externally controlled string | test.py:44 | test.py:44:22:44:28 | TAINTED | | --> | Taint externally controlled string | test.py:45 | test.py:45:8:45:21 | tainted_string | |
| Taint externally controlled string | test.py:44 | test.py:44:22:44:28 | TAINTED | | --> | Taint externally controlled string | test.py:48 | test.py:48:23:48:36 | tainted_string | |
| Taint externally controlled string | test.py:51 | test.py:51:22:51:28 | TAINTED | | --> | Taint externally controlled string | test.py:52 | test.py:52:8:52:21 | tainted_string | |
| Taint externally controlled string | test.py:51 | test.py:51:22:51:28 | TAINTED | | --> | Taint externally controlled string | test.py:52 | test.py:52:34:52:47 | tainted_string | |
| Taint externally controlled string | test.py:51 | test.py:51:22:51:28 | TAINTED | | --> | Taint externally controlled string | test.py:55 | test.py:55:23:55:36 | tainted_string | |
| Taint externally controlled string | test.py:58 | test.py:58:22:58:28 | TAINTED | | --> | Taint externally controlled string | test.py:59 | test.py:59:13:59:26 | tainted_string | |
| Taint externally controlled string | test.py:58 | test.py:58:22:58:28 | TAINTED | | --> | Taint externally controlled string | test.py:60 | test.py:60:15:60:28 | tainted_string | |
| Taint externally controlled string | test.py:58 | test.py:58:22:58:28 | TAINTED | | --> | Taint externally controlled string | test.py:61 | test.py:61:15:61:28 | tainted_string | |
| Taint externally controlled string | test.py:59 | test.py:59:13:59:26 | tainted_string | | --> | Taint externally controlled string | test.py:59 | test.py:59:9:59:27 | str() | |
| Taint externally controlled string | test.py:60 | test.py:60:15:60:28 | tainted_string | | --> | Taint externally controlled string | test.py:60 | test.py:60:9:60:29 | bytes() | |
| Taint externally controlled string | test.py:61 | test.py:61:15:61:28 | tainted_string | | --> | Taint externally controlled string | test.py:61 | test.py:61:9:61:46 | bytes() | |
| Taint externally controlled string | test.py:12 | test.py:12:22:12:28 | TAINTED | | --> | Taint externally controlled string | test.py:13 | test.py:13:9:13:22 | tainted_string | |
| Taint externally controlled string | test.py:12 | test.py:12:22:12:28 | TAINTED | | --> | Taint externally controlled string | test.py:14 | test.py:14:9:14:22 | tainted_string | |
| Taint externally controlled string | test.py:12 | test.py:12:22:12:28 | TAINTED | | --> | Taint externally controlled string | test.py:15 | test.py:15:9:15:22 | tainted_string | |
| Taint externally controlled string | test.py:12 | test.py:12:22:12:28 | TAINTED | | --> | Taint externally controlled string | test.py:16 | test.py:16:9:16:22 | tainted_string | |
| Taint externally controlled string | test.py:12 | test.py:12:22:12:28 | TAINTED | | --> | Taint externally controlled string | test.py:17 | test.py:17:18:17:31 | tainted_string | |
| Taint externally controlled string | test.py:12 | test.py:12:22:12:28 | TAINTED | | --> | Taint externally controlled string | test.py:18 | test.py:18:14:18:27 | tainted_string | |
| Taint externally controlled string | test.py:12 | test.py:12:22:12:28 | TAINTED | | --> | Taint externally controlled string | test.py:19 | test.py:19:9:19:22 | tainted_string | |
| Taint externally controlled string | test.py:13 | test.py:13:9:13:22 | tainted_string | | --> | Taint externally controlled string | test.py:13 | test.py:13:9:13:31 | Attribute() | |
| Taint externally controlled string | test.py:14 | test.py:14:9:14:22 | tainted_string | | --> | Taint externally controlled string | test.py:14 | test.py:14:9:14:29 | Attribute() | |
| Taint externally controlled string | test.py:15 | test.py:15:9:15:22 | tainted_string | | --> | Taint externally controlled string | test.py:15 | test.py:15:9:15:25 | Subscript | |
| Taint externally controlled string | test.py:16 | test.py:16:9:16:22 | tainted_string | | --> | Taint externally controlled string | test.py:16 | test.py:16:9:16:27 | Subscript | |
| Taint externally controlled string | test.py:17 | test.py:17:18:17:31 | tainted_string | | --> | Taint externally controlled string | test.py:17 | test.py:17:9:17:32 | reversed() | |
| Taint externally controlled string | test.py:18 | test.py:18:14:18:27 | tainted_string | | --> | Taint externally controlled string | test.py:18 | test.py:18:9:18:28 | copy() | |
| Taint externally controlled string | test.py:19 | test.py:19:9:19:22 | tainted_string | | --> | Taint externally controlled string | test.py:19 | test.py:19:9:19:30 | Attribute() | |
| Taint externally controlled string | test.py:22 | test.py:22:22:22:28 | TAINTED | | --> | Taint externally controlled string | test.py:23 | test.py:23:8:23:21 | tainted_string | |
| Taint externally controlled string | test.py:22 | test.py:22:22:22:28 | TAINTED | | --> | Taint externally controlled string | test.py:26 | test.py:26:23:26:36 | tainted_string | |
| Taint externally controlled string | test.py:29 | test.py:29:22:29:28 | TAINTED | | --> | Taint externally controlled string | test.py:30 | test.py:30:8:30:21 | tainted_string | |
| Taint externally controlled string | test.py:29 | test.py:29:22:29:28 | TAINTED | | --> | Taint externally controlled string | test.py:30 | test.py:30:34:30:47 | tainted_string | |
| Taint externally controlled string | test.py:29 | test.py:29:22:29:28 | TAINTED | | --> | Taint externally controlled string | test.py:33 | test.py:33:23:33:36 | tainted_string | |
| Taint externally controlled string | test.py:36 | test.py:36:22:36:28 | TAINTED | | --> | Taint externally controlled string | test.py:37 | test.py:37:13:37:26 | tainted_string | |
| Taint externally controlled string | test.py:36 | test.py:36:22:36:28 | TAINTED | | --> | Taint externally controlled string | test.py:38 | test.py:38:15:38:28 | tainted_string | |
| Taint externally controlled string | test.py:36 | test.py:36:22:36:28 | TAINTED | | --> | Taint externally controlled string | test.py:39 | test.py:39:15:39:28 | tainted_string | |
| Taint externally controlled string | test.py:37 | test.py:37:13:37:26 | tainted_string | | --> | Taint externally controlled string | test.py:37 | test.py:37:9:37:27 | str() | |
| Taint externally controlled string | test.py:38 | test.py:38:15:38:28 | tainted_string | | --> | Taint externally controlled string | test.py:38 | test.py:38:9:38:29 | bytes() | |
| Taint externally controlled string | test.py:39 | test.py:39:15:39:28 | tainted_string | | --> | Taint externally controlled string | test.py:39 | test.py:39:9:39:46 | bytes() | |
| Taint json[externally controlled string] | test.py:6 | test.py:6:20:6:45 | Attribute() | | --> | Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:20 | tainted_json | |
| Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:20 | tainted_json | | --> | Taint externally controlled string | test.py:7 | test.py:7:9:7:25 | Subscript | |
| Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:20 | tainted_json | | --> | Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:25 | Subscript | |
@@ -53,12 +36,3 @@
| Taint json[externally controlled string] | test.py:8 | test.py:8:9:8:18 | Attribute() | | --> | Taint json[externally controlled string] | test.py:9 | test.py:9:9:9:9 | b | |
| Taint json[externally controlled string] | test.py:9 | test.py:9:9:9:9 | b | | --> | Taint externally controlled string | test.py:9 | test.py:9:9:9:14 | Subscript | |
| Taint json[externally controlled string] | test.py:9 | test.py:9:9:9:9 | b | | --> | Taint json[externally controlled string] | test.py:9 | test.py:9:9:9:14 | Subscript | |
| Taint {externally controlled string} | test.py:20 | test.py:20:20:20:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:21 | test.py:21:9:21:20 | tainted_dict | |
| Taint {externally controlled string} | test.py:20 | test.py:20:20:20:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:22 | test.py:22:9:22:20 | tainted_dict | |
| Taint {externally controlled string} | test.py:20 | test.py:20:20:20:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:23 | test.py:23:9:23:20 | tainted_dict | |
| Taint {externally controlled string} | test.py:20 | test.py:20:20:20:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:24 | test.py:24:14:24:25 | tainted_dict | |
| Taint {externally controlled string} | test.py:20 | test.py:20:20:20:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:27 | test.py:27:17:27:28 | tainted_dict | |
| Taint {externally controlled string} | test.py:21 | test.py:21:9:21:20 | tainted_dict | | --> | Taint externally controlled string | test.py:21 | test.py:21:9:21:28 | Subscript | |
| Taint {externally controlled string} | test.py:22 | test.py:22:9:22:20 | tainted_dict | | --> | Taint externally controlled string | test.py:22 | test.py:22:9:22:23 | Subscript | |
| Taint {externally controlled string} | test.py:23 | test.py:23:9:23:20 | tainted_dict | | --> | Taint {externally controlled string} | test.py:23 | test.py:23:9:23:27 | Attribute() | |
| Taint {externally controlled string} | test.py:24 | test.py:24:14:24:25 | tainted_dict | | --> | Taint [externally controlled string] | test.py:24 | test.py:24:14:24:34 | Attribute() | |

22
python/ql/test/library-tests/taint/strings/test.py
View File

@@ -8,25 +8,6 @@ def test_json():
b = a.get("y")
c = b["z"]
def test_list(x, y, z):
tainted_list = TAINTED_LIST
a = tainted_list[0]
b = tainted_list[x]
c = tainted_list[y:z]
d = tainted_list.copy()
e, f, g = tainted_list # TODO: currently not handled
def test_dict(x):
tainted_dict = TAINTED_DICT
a = tainted_dict["name"]
b = tainted_dict[x]
c = tainted_dict.copy()
for d in tainted_dict.values():
d
# TODO: currently not recognizing tainted_dict.items()
for _, e in tainted_dict.items():
e
def test_str():
tainted_string = TAINTED
a = tainted_string.ljust(8)
@@ -36,9 +17,6 @@ def test_str():
e = reversed(tainted_string)
f = copy(tainted_string)
h = tainted_string.strip()
tainted_list = [tainted_string]
tainted_tuple = (tainted_string,)
tainted_dict = {'key': tainted_string}
def test_const_sanitizer1():
tainted_string = TAINTED