Merge branch 'main' into tt-consistency

2026-04-26 17:25:19 +02:00 · 2024-03-11 14:12:09 +01:00
parent adf5a4b1e4 e6e6a4e9c8
commit 800351c7b7
1077 changed files with 176072 additions and 34642 deletions
--- a/python/ql/test/experimental/dataflow/fieldflow/test_dict.py
+++ b/python/ql/test/experimental/dataflow/fieldflow/test_dict.py
@@ -45,6 +45,15 @@ def test_dict_update():
    SINK(d["key"])  # $ flow="SOURCE, l:-1 -> d['key']"
    SINK(d.get("key"))  # $ flow="SOURCE, l:-2 -> d.get(..)"

+
+def test_dict_update_fresh_key():
+    # we had a regression where we did not create a dictionary element content
+    # for keys used in "inline update" like this
+    d = {}
+    d["fresh_key"] = SOURCE
+    SINK(d["fresh_key"])  # $ flow="SOURCE, l:-1 -> d['fresh_key']"
+
+
@expects(3) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..)
 def test_dict_setdefault():
    d = {}
--- a/python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ext.yml
+++ b/python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ext.yml
@@ -15,4 +15,6 @@ extensions:
      - ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue.ListElement", "value"]
      - ["foo", "Member[MS_append_to_list]", "Argument[0]", "ReturnValue", "taint"]
      - ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue", "taint"]
+      - ["foo", "Member[MS_spread]", "Argument[0]", "ReturnValue.TupleElement[0]", "value"]
+      - ["foo", "Member[MS_spread]", "Argument[1]", "ReturnValue.TupleElement[1]", "value"]
      - ["json", "Member[MS_loads]", "Argument[0]", "ReturnValue", "taint"]
--- a/python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ext.yml
+++ b/python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ext.yml
@@ -15,4 +15,6 @@ extensions:
      - ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue.ListElement", "value"]
      - ["foo", "Member[MS_append_to_list]", "Argument[0]", "ReturnValue", "taint"]
      - ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue", "taint"]
+      - ["foo", "Member[MS_spread]", "Argument[0]", "ReturnValue.TupleElement[0]", "value"]
+      - ["foo", "Member[MS_spread]", "Argument[1]", "ReturnValue.TupleElement[1]", "value"]
      - ["json", "Member[MS_loads]", "Argument[0]", "ReturnValue", "taint"]
--- a/python/ql/test/experimental/dataflow/model-summaries/model_summaries.py
+++ b/python/ql/test/experimental/dataflow/model-summaries/model_summaries.py
@@ -30,7 +30,7 @@ def SINK_F(x):
 ensure_tainted = ensure_not_tainted = print
 TAINTED_STRING = "TAINTED_STRING"

-from foo import MS_identity, MS_apply_lambda, MS_reversed, MS_list_map, MS_append_to_list
+from foo import MS_identity, MS_apply_lambda, MS_reversed, MS_list_map, MS_append_to_list, MS_spread

 # Simple summary
 via_identity = MS_identity(SOURCE)
@@ -107,6 +107,13 @@ ensure_tainted(
    tainted_list[0],  # $ tainted
 )

+a, b = MS_spread(SOURCE, NONSOURCE)
+SINK(a)  # $ flow="SOURCE, l:-1 -> a"
+SINK_F(b)
+x, y = MS_spread(NONSOURCE, SOURCE)
+SINK_F(x)
+SINK(y)  # $ flow="SOURCE, l:-2 -> y"
+
 # Modeled flow-summary is not value preserving
 from json import MS_loads as json_loads

--- a/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.py
+++ b/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.py
@@ -216,3 +216,9 @@ def flow_from_within_deepcopy_fp():
 def flow_through_deepcopy_fp(x=[]):
    y = deepcopy(x)
    y.append(1)
+
+# Use of copy method:
+
+def flow_through_copy_fp(x=[]):
+    y = x.copy()
+    y.append(1)