Skip to content

Commit f35ffa5

Browse files
RasmusWLRasmusWL
committed
Python: Add support for x in ["safe", "also_safe"] (and not in)
1 parent 431aab4 commit f35ffa5

File tree

2 files changed

+24
-4
lines changed

2 files changed

+24
-4
lines changed

python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -372,6 +372,26 @@ module BarrierGuard {
372372
or
373373
this.operands(checked_node, op, str_const.getAFlowNode())
374374
)
375+
or
376+
exists(ControlFlowNode str_const_iterable, Cmpop op |
377+
op = any(In in_) and safe_branch = true
378+
or
379+
op = any(NotIn ni) and safe_branch = false
380+
|
381+
this.operands(checked_node, op, str_const_iterable) and
382+
(
383+
str_const_iterable instanceof SequenceNode
384+
or
385+
str_const_iterable instanceof SetNode
386+
) and
387+
forall(ControlFlowNode elem |
388+
elem = str_const_iterable.(SequenceNode).getAnElement()
389+
or
390+
elem = str_const_iterable.(SetNode).getAnElement()
391+
|
392+
elem.getNode() instanceof StrConst
393+
)
394+
)
375395
}
376396

377397
override predicate checks(ControlFlowNode node, boolean branch) {

python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/TestTaint.expected

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,18 +9,18 @@
99
| test_string_const_compare.py:45 | ok | test_non_eq1 | ts |
1010
| test_string_const_compare.py:51 | ok | test_non_eq2 | ts |
1111
| test_string_const_compare.py:53 | fail | test_non_eq2 | ts |
12-
| test_string_const_compare.py:59 | fail | test_in_list | ts |
12+
| test_string_const_compare.py:59 | ok | test_in_list | ts |
1313
| test_string_const_compare.py:61 | ok | test_in_list | ts |
14-
| test_string_const_compare.py:67 | fail | test_in_tuple | ts |
14+
| test_string_const_compare.py:67 | ok | test_in_tuple | ts |
1515
| test_string_const_compare.py:69 | ok | test_in_tuple | ts |
16-
| test_string_const_compare.py:75 | fail | test_in_set | ts |
16+
| test_string_const_compare.py:75 | ok | test_in_set | ts |
1717
| test_string_const_compare.py:77 | ok | test_in_set | ts |
1818
| test_string_const_compare.py:83 | ok | test_in_unsafe1 | ts |
1919
| test_string_const_compare.py:85 | ok | test_in_unsafe1 | ts |
2020
| test_string_const_compare.py:91 | ok | test_in_unsafe2 | ts |
2121
| test_string_const_compare.py:93 | ok | test_in_unsafe2 | ts |
2222
| test_string_const_compare.py:99 | ok | test_not_in1 | ts |
23-
| test_string_const_compare.py:101 | fail | test_not_in1 | ts |
23+
| test_string_const_compare.py:101 | ok | test_not_in1 | ts |
2424
| test_string_const_compare.py:107 | ok | test_not_in2 | ts |
2525
| test_string_const_compare.py:109 | fail | test_not_in2 | ts |
2626
| test_string_const_compare.py:119 | fail | test_eq_thorugh_func | ts |

0 commit comments

Comments
 (0)