diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll index 8b3e1a95ef1..ce95a6cca4e 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll @@ -102,7 +102,21 @@ module TypeTrackingInput implements Shared::TypeTrackingInput { class LocalSourceNode = DataFlowPublic::LocalSourceNode; - class Content = DataFlowPublic::Content; + class Content extends DataFlowPublic::Content { + Content() { + // TODO: for now, it's not 100% clear if should support non-precise content in + // type-tracking, or if it will lead to bad results. We start with only allowing + // precise content, which should always be a good improvement! It also simplifies + // the process of examining new results from non-precise content steps in the + // future, since you will _only_ have to look over the results from the new + // non-precise steps. + this instanceof DataFlowPublic::AttributeContent + or + this instanceof DataFlowPublic::DictionaryElementContent + or + this instanceof DataFlowPublic::TupleElementContent + } + } /** * A label to use for `WithContent` and `WithoutContent` steps, restricting diff --git a/python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py b/python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py index 89b5e1756d5..e11f451b865 100644 --- a/python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py +++ b/python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py @@ -41,8 +41,8 @@ tms = tainted_mapped_summary[0] tms # $ MISSING: tracked another_tainted_list = TTS_append_to_list([], tracked) # $ tracked -atl = another_tainted_list[0] # $ tracked -atl # $ tracked +atl = another_tainted_list[0] +atl # $ MISSING: tracked # This will not work, as the call is not found by `getACallSimple`. from json import loads as json_loads