Python: Allow provenance in additional taint steps

yoff · yoff · commit 20ea9255a1da · 2024-05-16T14:04:10.000+02:00
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
@@ -29,6 +29,8 @@ private module Cached {
     or
     any(AdditionalTaintStep a).step(nodeFrom, nodeTo) and
     model = "AdditionalTaintStep"
+    or
+    any(AdditionalTaintStep a).step(nodeFrom, nodeTo, model)
   }
 
   /**
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPublic.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPublic.qll
@@ -48,5 +48,7 @@ class AdditionalTaintStep extends Unit {
    * Holds if the step from `nodeFrom` to `nodeTo` should be considered a taint
    * step for all configurations.
    */
-  abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
+  predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { none() }
+
+  predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) { none() }
 }

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,8 @@ private module Cached {`
`29`	`29`	`or`
`30`	`30`	`any(AdditionalTaintStep a).step(nodeFrom, nodeTo) and`
`31`	`31`	`model = "AdditionalTaintStep"`
	`32`	`+ or`
	`33`	`+ any(AdditionalTaintStep a).step(nodeFrom, nodeTo, model)`
`32`	`34`	`}`
`33`	`35`
`34`	`36`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -48,5 +48,7 @@ class AdditionalTaintStep extends Unit {`
`48`	`48`	* Holds if the step from `nodeFrom` to `nodeTo` should be considered a taint
`49`	`49`	`* step for all configurations.`
`50`	`50`	`*/`
`51`		`- abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);`
	`51`	`+ predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { none() }`
	`52`	`+`
	`53`	`+ predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) { none() }`
`52`	`54`	`}`