Python: Handle all methods in StringKind.getTaintOfMethodResult

2026-04-30 11:15:13 +02:00 · 2020-04-20 16:07:30 +02:00
parent a5d3966cb3
commit b7145af447
4 changed files with 165 additions and 1 deletions
--- a/python/ql/src/semmle/python/security/strings/Basic.qll
+++ b/python/ql/src/semmle/python/security/strings/Basic.qll
@@ -8,8 +8,38 @@ abstract class StringKind extends TaintKind {
    StringKind() { this = this }

    override TaintKind getTaintOfMethodResult(string name) {
-        name in ["strip", "format", "lstrip", "rstrip", "ljust", "rjust", "title", "capitalize"] and
+        name in [
+            "capitalize",
+            "casefold",
+            "center",
+            "expandtabs",
+            "format",
+            "format_map",
+            "ljust",
+            "lstrip",
+            "lower",
+            "replace",
+            "rjust",
+            "rstrip",
+            "strip",
+            "swapcase",
+            "title",
+            "upper",
+            "zfill",
+            /* encode/decode is technically not correct, but close enough */
+            "encode",
+            "decode"
+        ] and
        result = this
+        or
+        name in [
+            "partition",
+            "rpartition",
+            "rsplit",
+            "split",
+            "splitlines"
+        ] and
+        result.(SequenceKind).getItem() = this
    }

    override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) {