File tree Expand file tree Collapse file tree 2 files changed +4
-4
lines changed
src/semmle/python/frameworks
test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep Expand file tree Collapse file tree 2 files changed +4
-4
lines changed Original file line number Diff line number Diff line change @@ -511,7 +511,7 @@ private module Stdlib {
511511
512512 override predicate mayExecuteInput ( ) { none ( ) }
513513
514- override DataFlow:: Node getAnInput ( ) { result . asCfgNode ( ) = node .getArg ( 0 ) }
514+ override DataFlow:: Node getAnInput ( ) { result in [ this .getArg ( 0 ) , this . getArgByName ( "s" ) ] }
515515
516516 override DataFlow:: Node getOutput ( ) { result = this }
517517
@@ -525,7 +525,7 @@ private module Stdlib {
525525 private class JsonDumpsCall extends Encoding:: Range , DataFlow:: CallCfgNode {
526526 JsonDumpsCall ( ) { this = json ( ) .getMember ( "dumps" ) .getACall ( ) }
527527
528- override DataFlow:: Node getAnInput ( ) { result . asCfgNode ( ) = node .getArg ( 0 ) }
528+ override DataFlow:: Node getAnInput ( ) { result in [ this .getArg ( 0 ) , this . getArgByName ( "obj" ) ] }
529529
530530 override DataFlow:: Node getOutput ( ) { result = this }
531531
Original file line number Diff line number Diff line change @@ -22,9 +22,9 @@ def test():
2222 ensure_tainted (
2323 encoded , # $ tainted
2424 json .dumps (ts ), # $ tainted
25- json .dumps (obj = ts ), # $ MISSING: tainted
25+ json .dumps (obj = ts ), # $ tainted
2626 json .loads (encoded ), # $ tainted
27- json .loads (s = encoded ), # $ MISSING: tainted
27+ json .loads (s = encoded ), # $ tainted
2828 )
2929
3030 # load/dump with file-like
You can’t perform that action at this time.
0 commit comments