@@ -142,9 +142,9 @@ def get(self): # $ requestHandler
142142 self .request .url # $ tainted
143143 )
144144
145- # not a request handler, and not called, btu since we have type-annotation, should be a
145+ # not a request handler, and not called, but since we have type-annotation, should be a
146146# remote-flow-source.
147- async def test_heuristic_taint (request : web .Request ):
147+ async def test_source_from_type_annotation (request : web .Request ):
148148 # picking out just a few of the tests from `test_taint` above, to show that we have
149149 # the same taint-steps :)
150150 ensure_tainted (
@@ -153,10 +153,25 @@ async def test_heuristic_taint(request: web.Request):
153153 await request .content .read (), # $ tainted
154154 )
155155
156+ # Test that since we can reach the `request` object in the helper function, we don't
157+ # introduce a new remote-flow-source, but instead use the one from the caller. (which is
158+ # checked to not be tainted)
159+ async def test_sanitizer (request ): # $ requestHandler
160+ ensure_tainted (request , request .url , await request .content .read ()) # $ tainted
161+
162+ if (is_safe (request )):
163+ ensure_not_tainted (request , request .url , await request .content .read ())
164+ test_safe_helper_function_no_route_with_type (request )
165+
166+
167+ async def test_safe_helper_function_no_route_with_type (request : web .Request ):
168+ ensure_not_tainted (request , request .url , await request .content .read ()) # $ SPURIOUS: tainted
169+
156170
157171app = web .Application ()
158172app .router .add_get (r"/test_taint/{name}/{number:\d+}" , test_taint ) # $ routeSetup="/test_taint/{name}/{number:\d+}"
159173app .router .add_view (r"/test_taint_class" , TaintTestClass ) # $ routeSetup="/test_taint_class"
174+ app .router .add_view (r"/test_sanitizer" , test_sanitizer ) # $ routeSetup="/test_sanitizer"
160175
161176
162177if __name__ == "__main__" :
0 commit comments