hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Attempt at taint step for list.append/set.add

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-08-27 10:54:06 +02:00
parent af20c3e082
commit d0081dfbfa
3 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/TestTaint.expected
View File

@@ -49,6 +49,8 @@
| collections_.py:137 | fail | list_index_aug_assign | my_list |
| collections_.py:144 | ok | list_append | my_list |
| collections_.py:147 | fail | list_append | my_list |
| collections_.py:154 | ok | set_add | my_set |
| collections_.py:157 | fail | set_add | my_set |
| json_.py:26 | ok | test | json.dumps(..) |
| json_.py:27 | ok | test | json.loads(..) |
| json_.py:34 | fail | test | tainted_filelike |

11
python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/collections_.py
View File

@@ -147,6 +147,16 @@ def list_append():
ensure_tainted(my_list)
def set_add():
tainted_string = TAINTED_STRING
my_set = {"safe"}
ensure_not_tainted(my_set)
my_set.add(tainted_string)
ensure_tainted(my_set)
# Make tests runable
test_construction()
@@ -158,3 +168,4 @@ test_defaultdict("key", "key")
list_index_assign()
list_index_aug_assign()
list_append()
set_add()