Skip to content

Commit 494b8bd

Browse files
yoffyoff
committed
python: model string property of resultof finditer 
1 parent 073189e commit 494b8bd

File tree

2 files changed

+10
-2
lines changed

2 files changed

+10
-2
lines changed

python/ql/lib/semmle/python/frameworks/Stdlib.qll

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3463,6 +3463,14 @@ module StdlibPrivate {
34633463
) and
34643464
preservesValue = false
34653465
)
3466+
or
3467+
// flow from input string to attribute on match object
3468+
exists(int arg | arg = methodName.(RegexExecutionMethod).getStringArgIndex() - offset |
3469+
input in ["Argument[" + arg + "]", "Argument[string:]"] and
3470+
methodName = "finditer" and
3471+
output = "ReturnValue.ListElement.Attribute[string]" and
3472+
preservesValue = true
3473+
)
34663474
)
34673475
}
34683476
}

python/ql/test/library-tests/frameworks/stdlib/test_re.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,8 @@
3939
compiled_pat.match(ts).string, # $ tainted
4040
re.compile(ts).match("safe").re.pattern, # $ tainted
4141

42-
list(re.finditer(pat, ts))[0].string, # $ MISSING: tainted
43-
[m.string for m in re.finditer(pat, ts)], # $ MISSING: tainted
42+
list(re.finditer(pat, ts))[0].string, # $ tainted
43+
[m.string for m in re.finditer(pat, ts)], # $ tainted
4444

4545
list(re.finditer(pat, ts))[0].groups()[0], # $ MISSING: tainted
4646
[m.groups()[0] for m in re.finditer(pat, ts)], # $ MISSING: tainted

0 commit comments

Comments
 (0)