hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Attempt at taint step for list.append/set.add

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-08-27 10:54:06 +02:00
parent af20c3e082
commit d0081dfbfa
3 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll
View File

@@ -177,6 +177,15 @@ predicate containerStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
"values", "items", "get", "popitem"] and
call.getFunction().(AttrNode).getObject(name) = nodeFrom.getNode()
)
or
// list.append, set.add
// NOTE: this currently doesn't work, since there are no PostUpdateNodes
exists(CallNode call, string name |
name in ["append", "add"] and
call.getFunction().(AttrNode).getObject(name) =
nodeTo.(PostUpdateNode).getPreUpdateNode().(DataFlow::CfgNode).getNode() and
call.getArg(0) = nodeFrom.getNode()
)
}
/**