Python: Add taint test of more colleciton methods

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/TestTaint.expected

@@ -49,8 +49,19 @@
 | collections_.py:137 | fail | list_index_aug_assign | my_list |
 | collections_.py:144 | ok   | list_append | my_list |
 | collections_.py:147 | fail | list_append | my_list |
-| collections_.py:154 | ok   | set_add | my_set |
-| collections_.py:157 | fail | set_add | my_set |
+| collections_.py:154 | ok   | list_extend | my_list |
+| collections_.py:157 | fail | list_extend | my_list |
+| collections_.py:164 | ok   | dict_update_dict | my_dict |
+| collections_.py:167 | fail | dict_update_dict | my_dict |
+| collections_.py:174 | ok   | dict_update_kv_list | my_dict |
+| collections_.py:177 | fail | dict_update_kv_list | my_dict |
+| collections_.py:183 | ok   | dict_update_kv_arg | my_dict |
+| collections_.py:186 | fail | dict_update_kv_arg | my_dict |
+| collections_.py:193 | ok   | dict_manual_update | my_dict |
+| collections_.py:197 | fail | dict_manual_update | my_dict |
+| collections_.py:205 | fail | dict_merge | merged |
+| collections_.py:212 | ok   | set_add | my_set |
+| collections_.py:215 | fail | set_add | my_set |
 | json_.py:26 | ok   | test | json.dumps(..) |
 | json_.py:27 | ok   | test | json.loads(..) |
 | json_.py:34 | fail | test | tainted_filelike |

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/collections_.py

@@ -147,6 +147,64 @@ def list_append():
     ensure_tainted(my_list)
 
 
+def list_extend():
+    my_list = ["safe"]
+    tainted_list = [TAINTED_STRING]
+
+    ensure_not_tainted(my_list)
+
+    my_list.extend(tainted_list)
+    ensure_tainted(my_list)
+
+
+def dict_update_dict():
+    my_dict = {"key1": "safe"}
+    tainted_dict = {"key2": TAINTED_STRING}
+
+    ensure_not_tainted(my_dict)
+
+    my_dict.update(tainted_dict)
+    ensure_tainted(my_dict)
+
+
+def dict_update_kv_list():
+    my_dict = {"key1": "safe"}
+    tainted_kv_list = [("key2", TAINTED_STRING)]
+
+    ensure_not_tainted(my_dict)
+
+    my_dict.update(tainted_kv_list)
+    ensure_tainted(my_dict)
+
+
+def dict_update_kv_arg():
+    my_dict = {"key1": "safe"}
+
+    ensure_not_tainted(my_dict)
+
+    my_dict.update(key2=TAINTED_STRING)
+    ensure_tainted(my_dict)
+
+
+def dict_manual_update():
+    my_dict = {"key1": "safe"}
+    tainted_dict = {"key2": TAINTED_STRING}
+
+    ensure_not_tainted(my_dict)
+
+    for k in tainted_dict:
+        my_dict[k] = tainted_dict[k]
+    ensure_tainted(my_dict)
+
+
+def dict_merge():
+    my_dict = {"key1": "safe"}
+    tainted_dict = {"key2": TAINTED_STRING}
+
+    merged = {**my_dict, **tainted_dict}
+    ensure_tainted(merged)
+
+
 def set_add():
     tainted_string = TAINTED_STRING
     my_set = {"safe"}
@@ -168,4 +226,12 @@ test_defaultdict("key", "key")
 list_index_assign()
 list_index_aug_assign()
 list_append()
+list_extend()
+
+dict_update_dict()
+dict_update_kv_list()
+dict_update_kv_arg()
+dict_manual_update()
+dict_merge()
+
 set_add()