def sanitize_test_b_source_attribute():
if 1 > 2:
x = a_source()
else:
x = b_source()
c = C_sanitized_b_source(x)
_test_sink(c.attribute)
def sanitize_all_sinks_instance(c: C_sanitized_all_sinks):
if 1 > 2:
a_sink(c.instance)
elif 2 > 3:
b_sink(c.instance)
else:
_test_sink(c.instance)
def setters_are_simulated() -> None:
x = SetterMutatesValue()
# Expect no issue
_test_sink(x.p)
x.p = _test_source()
# x.p should now have an issue
_test_sink(x.p)
def sanitize_all_sinks_attribute(c: C_sanitized_all_sinks):
if 1 > 2:
a_sink(c.attribute)
elif 2 > 3:
b_sink(c.attribute)
else:
_test_sink(c.attribute)
def test_union_property_attribute_sink(x):
obj: Union[TaintedGetterAndSetter, RegularAttribute]
if 1 > 2:
obj = TaintedGetterAndSetter()
else:
obj = RegularAttribute(x)
_test_sink(obj.my_property)
def sanitize_test_ab_sources_instance():
if 1 > 2:
x = a_source()
else:
x = b_source()
c = C_sanitized_ab_sources(x)
_test_sink(c.instance) # should only trigger Test -> Test
def sanitize_test_b_source_instance():
if 1 > 2:
x = a_source()
else:
x = b_source()
c = C_sanitized_b_source(x)
_test_sink(c.instance)
def test_within_try_to_finally():
x = None
try:
x = _test_source()
return none_throws(x)
finally:
# TODO(T106611060): We do not find the issue here.
_test_sink(x)
def test_except_to_finally():
x = None
try:
return none_throws(x)
except:
x = _test_source()
finally:
_test_sink(x)
def lists_of_dictionary_iteration_is_precise():
list_of_dicts = [{
"with_feature": _test_source(),
"without_feature": 0
} for x in []]
for dict in list_of_dicts:
_test_sink(dict["with_feature"])
_test_sink(dict["without_feature"])
def alternate_fields():
d = {"a": _test_source(), "b": _test_source()}
if 1 > 2:
x = d["a"]
else:
x = d["b"]
_test_sink(x)
return x
def test_items_backward_values(x, y):
key_is_tainted = {x: "a"}
value_is_tainted = {"b": y}
for k, v in key_is_tainted.items():
_test_sink(v)
for k, v in value_is_tainted.items():
_test_sink(v)
def test2_alarm4(foo):
# via-type:Dict[str, int], via-type:List[str], via-type:float
c = Test2_C(_test_source())
foo = c.x
if 1:
foo = c.y
elif 2:
foo = c.z
_test_sink(foo)
def test1_alarm4(foo):
# via-type:int, via-type:str, via-type:typing.Annotated[str]
c = Test1_C(_test_source())
foo = c.x
if 1:
foo = c.y
elif 2:
foo = c.z
_test_sink(foo)
def sanitize_test_all_sources_instance():
if 1 > 2:
x = a_source()
elif 2 > 3:
x = b_source()
else:
x = _test_source()
c = C_sanitized_all_sources(x)
_test_sink(c.instance)
def sanitize_test_all_sources_attribute():
if 1 > 2:
x = a_source()
elif 2 > 3:
x = b_source()
else:
x = _test_source()
c = C_sanitized_all_sources(x)
_test_sink(c.attribute)
def test3_alarm4(c: Test3_C, foo):
# via-type:Dict[str, List[int]],
# via-type:Test3_Foo,
# via-type:typing.Annotated[List[List[str]]
foo = c.x
if 1:
foo = c.y
elif 2:
foo = c.z
_test_sink(foo)
def test_keys_and_values():
tainted_values = {"benign": ("benign", _test_source())}
# Should be an issue.
_test_sink(tainted_values.values())
# Shouldn't be an issue.
_test_sink(tainted_values.keys())
for item in tainted_values.values():
_test_sink(item[0])
tainted_keys = {_test_source(): ""}
# Should be an issue.
_test_sink(tainted_keys.keys())
# Shouldn't be an issue.
_test_sink(tainted_keys.values())
def issue_only_with_nested_first():
first, second = only_applies_to_nested()
a, issue = first
c, d = second
_test_sink(issue)
_test_sink(a)
_test_sink(c)
_test_sink(d)
return only_applies_to_nested()
def test(complicated_service: ComplicatedService):
exception = False
result = None
try:
result = complicated_service.serve_tainted_request()
except:
exception = True
# Only try reactivation if all other checks passed
if exception:
try:
result = complicated_service.serve_tainted_request()
except:
raise
_test_sink(result)
def test_items():
key_is_tainted = {_test_source(): ""}
value_is_tainted = {"a": _test_source()}
for k, v in key_is_tainted.items():
# Should be an issue.
_test_sink(k)
# Should not be an issue.
_test_sink(v)
for k, v in value_is_tainted.items():
# Should not be an issue.
_test_sink(k)
# Should be an issue.
_test_sink(v)
def dict_update_sinks(x, y, z):
d = {"a": x, "b": y}
d.update({"a": "safe", "c": z})
_test_sink(d["a"])
_test_sink(d["b"])
_test_sink(d["c"])
return
def locals_to_sink():
# No issue before assigning.
_test_sink(locals()["x"])
x = _test_source()
_test_sink(locals()["x"])
_test_sink(locals()["y"])
# We properly handle named parameters through `**`.
named_sink(**locals())
def format_sink(x):
y = "a {}".format(x)
_test_sink(y)
def through_iadd():
a = _test_source()
b = ""
b += a
_test_sink(b)
def maybe_rhs(b: bool):
if b:
a = _test_source()
else:
a = concatenate_rhs(_test_source())
_test_sink(a)
def either(b: bool):
if b:
a = concatenate_lhs(_test_source())
else:
a = concatenate_rhs(_test_source())
_test_sink(a)
def bad_2():
a = concatenate_rhs(_test_source())
_test_sink(a)
def bad_1():
a = concatenate_lhs(_test_source())
_test_sink(a)
async def async_issue_bools() -> None:
x, y = await async_tuple_of_bools()
_test_sink(x)
