File tree Expand file tree Collapse file tree
python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep Expand file tree Collapse file tree Original file line number Diff line number Diff line change 3939| json.py:27 | fail | test | json.loads(..) |
4040| json.py:34 | fail | test | tainted_filelike |
4141| json.py:35 | fail | test | json.load(..) |
42+ | json.py:48 | fail | non_syntacical | dumps(..) |
43+ | json.py:49 | fail | non_syntacical | dumps_alias(..) |
44+ | json.py:50 | fail | non_syntacical | loads(..) |
45+ | json.py:57 | fail | non_syntacical | tainted_filelike |
46+ | json.py:58 | fail | non_syntacical | load(..) |
4247| string.py:25 | ok | str_operations | ts |
4348| string.py:26 | ok | str_operations | BinaryExpr |
4449| string.py:27 | ok | str_operations | BinaryExpr |
Original file line number Diff line number Diff line change 1010
1111# Actual tests
1212
13- import json
1413from io import StringIO
1514
1615# Workaround for Python3 not having unicode
2120def test ():
2221 print ("\n # test" )
2322 ts = TAINTED_STRING
23+ import json
2424
2525 ensure_tainted (
2626 json .dumps (ts ),
@@ -35,7 +35,30 @@ def test():
3535 json .load (tainted_filelike ),
3636 )
3737
38+ def non_syntacical ():
39+ print ("\n # non_syntacical" )
40+ ts = TAINTED_STRING
41+
42+ # a less syntactical approach
43+ from json import load , loads , dumps
44+
45+ dumps_alias = dumps
46+
47+ ensure_tainted (
48+ dumps (ts ),
49+ dumps_alias (ts ),
50+ loads (dumps (ts )),
51+ )
52+
53+ # For Python2, need to convert to unicode for StringIO to work
54+ tainted_filelike = StringIO (unicode (dumps (ts )))
55+
56+ ensure_tainted (
57+ tainted_filelike ,
58+ load (tainted_filelike ),
59+ )
3860
3961# Make tests runable
4062
4163test ()
64+ non_syntacical ()
You can’t perform that action at this time.
0 commit comments