@@ -27,40 +27,40 @@ def test():
27
27
# as tainted even after it has been escaped in some place. This _might_ not be the
28
28
# case since data-flow library has taint-steps from adjacent uses...
29
29
ensure_tainted (ts ) # $ tainted
30
- ensure_not_tainted (escape (ts )) # $ escapeInput=ts escapeKind=html escapeOutput=escape(..)
30
+ ensure_not_tainted (escape (ts )) # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=escape(..)
31
31
ensure_tainted (ts ) # $ tainted
32
32
33
33
ensure_tainted (
34
34
ts , # $ tainted
35
35
m_unsafe , # $ tainted
36
- m_unsafe + SAFE , # $ escapeInput=SAFE escapeKind=html escapeOutput=BinaryExpr MISSING: tainted
37
- SAFE + m_unsafe , # $ escapeInput=SAFE escapeKind=html escapeOutput=BinaryExpr MISSING: tainted
38
- m_unsafe .format (SAFE ), # $ escapeInput=SAFE escapeKind=html escapeOutput=m_unsafe.format(..) MISSING: tainted
39
- m_unsafe % SAFE , # $ escapeInput=SAFE escapeKind=html escapeOutput=BinaryExpr MISSING: tainted
40
- m_unsafe + ts , # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr MISSING: tainted
36
+ m_unsafe + SAFE , # $ escapeInput=SAFE escapeKind=html escapeKind=xml escapeOutput=BinaryExpr MISSING: tainted
37
+ SAFE + m_unsafe , # $ escapeInput=SAFE escapeKind=html escapeKind=xml escapeOutput=BinaryExpr MISSING: tainted
38
+ m_unsafe .format (SAFE ), # $ escapeInput=SAFE escapeKind=html escapeKind=xml escapeOutput=m_unsafe.format(..) MISSING: tainted
39
+ m_unsafe % SAFE , # $ escapeInput=SAFE escapeKind=html escapeKind=xml escapeOutput=BinaryExpr MISSING: tainted
40
+ m_unsafe + ts , # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=BinaryExpr MISSING: tainted
41
41
42
42
m_safe .format (m_unsafe ), # $ tainted
43
43
m_safe % m_unsafe , # $ tainted
44
44
45
- escape (ts ).unescape (), # $ escapeInput=ts escapeKind=html escapeOutput=escape(..) MISSING: tainted
46
- escape_silent (ts ).unescape (), # $ escapeInput=ts escapeKind=html escapeOutput=escape_silent(..) MISSING: tainted
45
+ escape (ts ).unescape (), # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=escape(..) MISSING: tainted
46
+ escape_silent (ts ).unescape (), # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=escape_silent(..) MISSING: tainted
47
47
)
48
48
49
49
ensure_not_tainted (
50
- escape (ts ), # $ escapeInput=ts escapeKind=html escapeOutput=escape(..)
51
- escape_silent (ts ), # $ escapeInput=ts escapeKind=html escapeOutput=escape_silent(..)
50
+ escape (ts ), # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=escape(..)
51
+ escape_silent (ts ), # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=escape_silent(..)
52
52
53
- Markup .escape (ts ), # $ escapeInput=ts escapeKind=html escapeOutput=Markup.escape(..)
53
+ Markup .escape (ts ), # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=Markup.escape(..)
54
54
55
55
m_safe ,
56
- m_safe + ts , # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr
57
- ts + m_safe , # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr
58
- m_safe .format (ts ), # $ escapeInput=ts escapeKind=html escapeOutput=m_safe.format(..)
59
- m_safe % ts , # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr
60
-
61
- escape (ts ) + ts , # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr escapeOutput=escape(..)
62
- escape_silent (ts ) + ts , # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr escapeOutput=escape_silent(..)
63
- Markup .escape (ts ) + ts , # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr escapeOutput=Markup.escape(..)
56
+ m_safe + ts , # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=BinaryExpr
57
+ ts + m_safe , # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=BinaryExpr
58
+ m_safe .format (ts ), # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=m_safe.format(..)
59
+ m_safe % ts , # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=BinaryExpr
60
+
61
+ escape (ts ) + ts , # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=BinaryExpr escapeOutput=escape(..)
62
+ escape_silent (ts ) + ts , # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=BinaryExpr escapeOutput=escape_silent(..)
63
+ Markup .escape (ts ) + ts , # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=BinaryExpr escapeOutput=Markup.escape(..)
64
64
)
65
65
66
66
# flask re-exports these, as:
@@ -73,8 +73,8 @@ def test():
73
73
)
74
74
75
75
ensure_not_tainted (
76
- flask .escape (ts ), # $ escapeInput=ts escapeKind=html escapeOutput=flask.escape(..)
77
- flask .Markup .escape (ts ), # $ escapeInput=ts escapeKind=html escapeOutput=flask.Markup.escape(..)
76
+ flask .escape (ts ), # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=flask.escape(..)
77
+ flask .Markup .escape (ts ), # $ escapeInput=ts escapeKind=html escapeKind=xml escapeOutput=flask.Markup.escape(..)
78
78
)
79
79
80
80
0 commit comments