Skip to content

Commit 4820be3

Browse files
RasmusWLRasmusWL
committed
Python: Model keyword arguments to dill.loads 
1 parent 9180257 commit 4820be3

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

python/ql/lib/semmle/python/frameworks/Dill.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ private module Dill {
2424

2525
override predicate mayExecuteInput() { any() }
2626

27-
override DataFlow::Node getAnInput() { result = this.getArg(0) }
27+
override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("str")] }
2828

2929
override DataFlow::Node getOutput() { result = this }
3030

python/ql/test/library-tests/frameworks/dill/Decoding.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,4 +3,4 @@
33
dill.load(file_) # $ MISSING: decodeInput=file_ decodeOutput=dill.loads(..) decodeFormat=dill decodeMayExecuteInput
44
dill.load(file=file_) # $ MISSING: decodeInput=file_ decodeOutput=dill.loads(..) decodeFormat=dill decodeMayExecuteInput
55
dill.loads(payload) # $ decodeInput=payload decodeOutput=dill.loads(..) decodeFormat=dill decodeMayExecuteInput
6-
dill.loads(str=payload) # $ decodeOutput=dill.loads(..) decodeFormat=dill decodeMayExecuteInput MISSING: decodeInput=payload
6+
dill.loads(str=payload) # $ decodeInput=payload decodeOutput=dill.loads(..) decodeFormat=dill decodeMayExecuteInput

0 commit comments

Comments
 (0)