hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix string taint tests

Browse Source 
The tests in ql/python/ql/test/library-tests/taint/strings/ shows that
ClassValue::str() is not good enough.
This commit is contained in:
Rasmus Wriedt Larsen
2020-03-09 15:09:52 +01:00
parent 2416cac8f4
commit cac5d00ca2
1 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/ql/src/semmle/python/security/strings/Basic.qll
View File

@@ -94,13 +94,11 @@ private predicate encode_decode(ControlFlowNode fromnode, CallNode tonode) {
/* tonode = str(fromnode)*/
private predicate to_str(ControlFlowNode fromnode, CallNode tonode) {
tonode.getAnArg() = fromnode and
tonode = ClassValue::str().getACall()
// TODO: should it instead be this?
// (
// tonode = ClassValue::bytes().getACall()
// or
// tonode = ClassValue::unicode().getACall()
// )
(
tonode = ClassValue::bytes().getACall()
or
tonode = ClassValue::unicode().getACall()
)
}
/* tonode = fromnode[:] */