hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
z80coder/ATM-feature-optimisation
codeql/python/ql/test/library-tests/frameworks/markupsafe/InlineTaintTest.ql
Rasmus Wriedt Larsen 14de3bffb7 Python: Model MarkupSafe PyPI package 
Since expectation tests had so many changes from ConceptsTest, I'm going
to do the changes for that on in a separate commit. The important part
is the changes to taint-tracking, which is highlighted in this commit.
2021-06-16 19:09:00 +02:00

14 lines
735 B
Plaintext
Raw Permalink Blame History

import experimental.meta.InlineTaintTest
import semmle.python.Concepts
class HtmlSpecialization extends TestTaintTrackingConfiguration {
// TODO: For now, since there is not an `isSanitizingStep` member-predicate part of a
// `TaintTracking::Configuration`, we use treat the output is a taint-sanitizer. This
// is slightly imprecise, which you can see in the `m_unsafe + SAFE` test-case in
// python/ql/test/library-tests/frameworks/markupsafe/taint_test.py
//
// However, it is better than `getAnInput()`. Due to use-use flow, that would remove
// the taint-flow to `SINK()` in `some_escape(tainted); SINK(tainted)`.
override predicate isSanitizer(DataFlow::Node node) { node = any(HtmlEscaping esc).getOutput() }
}
Reference in New Issue View Git Blame Copy Permalink