Python: Add support for x in ["safe", "also_safe"] (and not in)

2026-04-30 03:05:15 +02:00 · 2020-11-23 10:42:24 +01:00
parent 431aab45f7
commit f35ffa5632
2 changed files with 24 additions and 4 deletions
--- a/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
+++ b/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
@@ -372,6 +372,26 @@ module BarrierGuard {
        or
        this.operands(checked_node, op, str_const.getAFlowNode())
      )
+      or
+      exists(ControlFlowNode str_const_iterable, Cmpop op |
+        op = any(In in_) and safe_branch = true
+        or
+        op = any(NotIn ni) and safe_branch = false
+      |
+        this.operands(checked_node, op, str_const_iterable) and
+        (
+          str_const_iterable instanceof SequenceNode
+          or
+          str_const_iterable instanceof SetNode
+        ) and
+        forall(ControlFlowNode elem |
+          elem = str_const_iterable.(SequenceNode).getAnElement()
+          or
+          elem = str_const_iterable.(SetNode).getAnElement()
+        |
+          elem.getNode() instanceof StrConst
+        )
+      )
    }

    override predicate checks(ControlFlowNode node, boolean branch) {
--- a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/TestTaint.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/TestTaint.expected
@@ -9,18 +9,18 @@
 | test_string_const_compare.py:45 | ok   | test_non_eq1 | ts |
 | test_string_const_compare.py:51 | ok   | test_non_eq2 | ts |
 | test_string_const_compare.py:53 | fail | test_non_eq2 | ts |
-| test_string_const_compare.py:59 | fail | test_in_list | ts |
+| test_string_const_compare.py:59 | ok   | test_in_list | ts |
 | test_string_const_compare.py:61 | ok   | test_in_list | ts |
-| test_string_const_compare.py:67 | fail | test_in_tuple | ts |
+| test_string_const_compare.py:67 | ok   | test_in_tuple | ts |
 | test_string_const_compare.py:69 | ok   | test_in_tuple | ts |
-| test_string_const_compare.py:75 | fail | test_in_set | ts |
+| test_string_const_compare.py:75 | ok   | test_in_set | ts |
 | test_string_const_compare.py:77 | ok   | test_in_set | ts |
 | test_string_const_compare.py:83 | ok   | test_in_unsafe1 | ts |
 | test_string_const_compare.py:85 | ok   | test_in_unsafe1 | ts |
 | test_string_const_compare.py:91 | ok   | test_in_unsafe2 | ts |
 | test_string_const_compare.py:93 | ok   | test_in_unsafe2 | ts |
 | test_string_const_compare.py:99 | ok   | test_not_in1 | ts |
-| test_string_const_compare.py:101 | fail | test_not_in1 | ts |
+| test_string_const_compare.py:101 | ok   | test_not_in1 | ts |
 | test_string_const_compare.py:107 | ok   | test_not_in2 | ts |
 | test_string_const_compare.py:109 | fail | test_not_in2 | ts |
 | test_string_const_compare.py:119 | fail | test_eq_thorugh_func | ts |