hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Only comparison with constant will clear taint

Browse Source 
tainted = SOURCE
    if tainted == tainted:
        SINK(tainted) # unsafe

before, in the body of the if statement, `tainted` was not tainted
This commit is contained in:
Rasmus Wriedt Larsen
2020-01-21 15:24:06 +01:00
parent 1498145415
commit bbe93f43d3
4 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/src/semmle/python/dataflow/Implementation.qll
View File

@@ -806,7 +806,10 @@ private predicate testEvaluatesMaybe(ControlFlowNode test, ControlFlowNode use)
any(PyEdgeRefinement ref).getTest().getAChild*() = test and
test.getAChild*() = use and
not test.(UnaryExprNode).getNode().getOp() instanceof Not and
not Filters::equality_test(test, use, _, _) and
not exists(ControlFlowNode const |
Filters::equality_test(test, use, _, const) and
const.getNode() instanceof ImmutableLiteral
) and
not Filters::isinstance(test, _, use) and
not test = use
or