Python: Propagate taint through parse_qsl

python/ql/test/library-tests/taint/strings/TestStep.expected

@@ -1,5 +1,6 @@
-| Taint [externally controlled string] | test.py:67 | test.py:67:9:67:32 | urlsplit() |  |  -->  | Taint [externally controlled string] | test.py:70 | test.py:70:10:70:10 | a |  |
-| Taint [externally controlled string] | test.py:68 | test.py:68:9:68:32 | urlparse() |  |  -->  | Taint [externally controlled string] | test.py:70 | test.py:70:13:70:13 | b |  |
+| Taint [[externally controlled string]] | test.py:70 | test.py:70:9:70:33 | parse_qsl() |  |  -->  | Taint [[externally controlled string]] | test.py:71 | test.py:71:19:71:19 | d |  |
+| Taint [externally controlled string] | test.py:67 | test.py:67:9:67:32 | urlsplit() |  |  -->  | Taint [externally controlled string] | test.py:71 | test.py:71:10:71:10 | a |  |
+| Taint [externally controlled string] | test.py:68 | test.py:68:9:68:32 | urlparse() |  |  -->  | Taint [externally controlled string] | test.py:71 | test.py:71:13:71:13 | b |  |
 | Taint exception.info | test.py:44 | test.py:44:22:44:26 | taint | p1 = exception.info |  -->  | Taint exception.info | test.py:45 | test.py:45:17:45:21 | taint | p1 = exception.info |
 | Taint exception.info | test.py:45 | test.py:45:17:45:21 | taint | p1 = exception.info |  -->  | Taint exception.info | test.py:45 | test.py:45:12:45:22 | func() | p1 = exception.info |
 | Taint exception.info | test.py:45 | test.py:45:17:45:21 | taint | p1 = exception.info |  -->  | Taint exception.info | test.py:52 | test.py:52:19:52:21 | arg | p0 = exception.info |
@@ -61,9 +62,11 @@
 | Taint externally controlled string | test.py:66 | test.py:66:22:66:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:67 | test.py:67:18:67:31 | tainted_string |  |
 | Taint externally controlled string | test.py:66 | test.py:66:22:66:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:68 | test.py:68:18:68:31 | tainted_string |  |
 | Taint externally controlled string | test.py:66 | test.py:66:22:66:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:69 | test.py:69:18:69:31 | tainted_string |  |
+| Taint externally controlled string | test.py:66 | test.py:66:22:66:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:70 | test.py:70:19:70:32 | tainted_string |  |
 | Taint externally controlled string | test.py:67 | test.py:67:18:67:31 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:67 | test.py:67:9:67:32 | urlsplit() |  |
 | Taint externally controlled string | test.py:68 | test.py:68:18:68:31 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:68 | test.py:68:9:68:32 | urlparse() |  |
 | Taint externally controlled string | test.py:69 | test.py:69:18:69:31 | tainted_string |  |  -->  | Taint {externally controlled string} | test.py:69 | test.py:69:9:69:32 | parse_qs() |  |
+| Taint externally controlled string | test.py:70 | test.py:70:19:70:32 | tainted_string |  |  -->  | Taint [[externally controlled string]] | test.py:70 | test.py:70:9:70:33 | parse_qsl() |  |
 | Taint json[externally controlled string] | test.py:6 | test.py:6:20:6:45 | Attribute() |  |  -->  | Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:20 | tainted_json |  |
 | Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:20 | tainted_json |  |  -->  | Taint externally controlled string | test.py:7 | test.py:7:9:7:25 | Subscript |  |
 | Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:20 | tainted_json |  |  -->  | Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:25 | Subscript |  |
@@ -76,4 +79,4 @@
 | Taint json[externally controlled string] | test.py:9 | test.py:9:9:9:9 | b |  |  -->  | Taint externally controlled string | test.py:9 | test.py:9:9:9:14 | Subscript |  |
 | Taint json[externally controlled string] | test.py:9 | test.py:9:9:9:9 | b |  |  -->  | Taint json[externally controlled string] | test.py:9 | test.py:9:9:9:14 | Subscript |  |
 | Taint json[externally controlled string] | test.py:9 | test.py:9:9:9:14 | Subscript |  |  -->  | Taint json[externally controlled string] | test.py:10 | test.py:10:16:10:16 | c |  |
-| Taint {externally controlled string} | test.py:69 | test.py:69:9:69:32 | parse_qs() |  |  -->  | Taint {externally controlled string} | test.py:70 | test.py:70:16:70:16 | c |  |
+| Taint {externally controlled string} | test.py:69 | test.py:69:9:69:32 | parse_qs() |  |  -->  | Taint {externally controlled string} | test.py:71 | test.py:71:16:71:16 | c |  |

python/ql/test/library-tests/taint/strings/TestTaint.expected

@@ -20,6 +20,7 @@
 | test.py:42 | test_str2 | c | externally controlled string |
 | test.py:50 | test_exc_info | res | exception.info |
 | test.py:58 | test_untrusted | res | externally controlled string |
-| test.py:70 | test_urlsplit_urlparse | a | [externally controlled string] |
-| test.py:70 | test_urlsplit_urlparse | b | [externally controlled string] |
-| test.py:70 | test_urlsplit_urlparse | c | {externally controlled string} |
+| test.py:71 | test_urlsplit_urlparse | a | [externally controlled string] |
+| test.py:71 | test_urlsplit_urlparse | b | [externally controlled string] |
+| test.py:71 | test_urlsplit_urlparse | c | {externally controlled string} |
+| test.py:71 | test_urlsplit_urlparse | d | [[externally controlled string]] |

python/ql/test/library-tests/taint/strings/test.py

@@ -60,11 +60,12 @@ def test_untrusted():
 def exc_untrusted_call(arg):
     return arg
 
-from six.moves.urllib.parse import urlsplit, urlparse, parse_qs
+from six.moves.urllib.parse import urlsplit, urlparse, parse_qs, parse_qsl
 
 def test_urlsplit_urlparse():
     tainted_string = TAINTED_STRING
     a = urlsplit(tainted_string)
     b = urlparse(tainted_string)
     c = parse_qs(tainted_string)
-    test(a, b, c)
+    d = parse_qsl(tainted_string)
+    test(a, b, c, d)