Python: Handle taint for f-strings

Which we seem to not handle in the current taint tracking :O f-strings needs to be Python 3 only, so enabled that test setup. I really liked the idea for having the version specific tests right next to the normal tests, so you don't have to look in test/experimental/3/dataflow/i/will/forget/to/look/here.
2025-12-20 10:46:30 +01:00 · 2020-08-24 16:29:30 +02:00
parent cb4b4e91ab
commit d96ef73033
7 changed files with 64 additions and 0 deletions
--- a/python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll
+++ b/python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll
@@ -125,6 +125,9 @@ predicate stringMethods(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
    mult.getOp() instanceof Mult and
    mult.getLeft() = nodeFrom.getNode()
  )
+  or
+  // f-strings
+  nodeTo.getNode().getNode().(Fstring).getAValue() = nodeFrom.getNode().getNode()
  // TODO: Handle encode/decode from base64/quopri
  // TODO: Handle os.path.join
  // TODO: Handle functions in https://docs.python.org/3/library/binascii.html