Merge pull request #2973 from tausbn/python-fix-or-disable-cps

Approved by BekaValentine

Author: semmle-qlci

python/ql/src/semmle/python/dataflow/Implementation.qll

@@ -726,6 +726,8 @@ private class EssaTaintTracking extends string {
     private TaintKind iterable_unpacking_descent(
         SequenceNode left_parent, ControlFlowNode left_defn, CollectionKind parent_kind
     ) {
+        //TODO: Fix the cartesian product in this predicate
+        none() and
         left_parent.getAnElement() = left_defn and
         // Handle `a, *b = some_iterable`
         if left_defn instanceof StarredNode

python/ql/src/semmle/python/security/strings/External.qll

@@ -223,19 +223,19 @@ class UrlsplitUrlparseTempSanitizer extends Sanitizer {
             or
             full_use.(AttrNode).getObject() = test.getInput().getAUse()
         |
-            clears_taint(_, full_use, test.getTest(), test.getSense())
+            clears_taint(full_use, test.getTest(), test.getSense())
         )
     }
 
-    private predicate clears_taint(ControlFlowNode final_test, ControlFlowNode tainted, ControlFlowNode test, boolean sense) {
-        test_equality_with_const(final_test, tainted, sense)
+    private predicate clears_taint(ControlFlowNode tainted, ControlFlowNode test, boolean sense) {
+        test_equality_with_const(test, tainted, sense)
         or
-        test_in_const_seq(final_test, tainted, sense)
+        test_in_const_seq(test, tainted, sense)
         or
         test.(UnaryExprNode).getNode().getOp() instanceof Not and
         exists(ControlFlowNode nested_test |
             nested_test = test.(UnaryExprNode).getOperand() and
-            clears_taint(final_test, tainted, nested_test, sense.booleanNot())
+            clears_taint(tainted, nested_test, sense.booleanNot())
         )
     }
 

python/ql/test/3/library-tests/taint/unpacking/TestTaint.expected

@@ -1,9 +1,9 @@
-| test.py:11 | extended_unpacking | first | externally controlled string |
-| test.py:11 | extended_unpacking | last | externally controlled string |
-| test.py:11 | extended_unpacking | rest | [externally controlled string] |
-| test.py:16 | also_allowed | a | [externally controlled string] |
+| test.py:11 | extended_unpacking | first | NO TAINT |
+| test.py:11 | extended_unpacking | last | NO TAINT |
+| test.py:11 | extended_unpacking | rest | NO TAINT |
+| test.py:16 | also_allowed | a | NO TAINT |
 | test.py:24 | also_allowed | b | NO TAINT |
 | test.py:24 | also_allowed | c | NO TAINT |
-| test.py:31 | nested | x | externally controlled string |
-| test.py:31 | nested | xs | [externally controlled string] |
-| test.py:31 | nested | ys | [externally controlled string] |
+| test.py:31 | nested | x | NO TAINT |
+| test.py:31 | nested | xs | NO TAINT |
+| test.py:31 | nested | ys | NO TAINT |

python/ql/test/library-tests/taint/collections/TestStep.expected

@@ -26,9 +26,6 @@
 | Taint [externally controlled string] | test.py:29 | test.py:29:9:29:25 | Subscript |  |  -->  | Taint [externally controlled string] | test.py:32 | test.py:32:16:32:16 | c |  |
 | Taint [externally controlled string] | test.py:30 | test.py:30:9:30:20 | tainted_list |  |  -->  | Taint [externally controlled string] | test.py:30 | test.py:30:9:30:27 | Attribute() |  |
 | Taint [externally controlled string] | test.py:30 | test.py:30:9:30:27 | Attribute() |  |  -->  | Taint [externally controlled string] | test.py:32 | test.py:32:19:32:19 | d |  |
-| Taint [externally controlled string] | test.py:31 | test.py:31:15:31:26 | tainted_list |  |  -->  | Taint externally controlled string | test.py:32 | test.py:32:22:32:22 | e |  |
-| Taint [externally controlled string] | test.py:31 | test.py:31:15:31:26 | tainted_list |  |  -->  | Taint externally controlled string | test.py:32 | test.py:32:25:32:25 | f |  |
-| Taint [externally controlled string] | test.py:31 | test.py:31:15:31:26 | tainted_list |  |  -->  | Taint externally controlled string | test.py:32 | test.py:32:28:32:28 | g |  |
 | Taint [externally controlled string] | test.py:33 | test.py:33:14:33:25 | tainted_list |  |  -->  | Taint externally controlled string | test.py:33 | test.py:33:5:33:26 | For |  |
 | Taint [externally controlled string] | test.py:35 | test.py:35:14:35:35 | reversed() |  |  -->  | Taint externally controlled string | test.py:35 | test.py:35:5:35:36 | For |  |
 | Taint [externally controlled string] | test.py:35 | test.py:35:23:35:34 | tainted_list |  |  -->  | Taint [externally controlled string] | test.py:35 | test.py:35:14:35:35 | reversed() |  |

python/ql/test/library-tests/taint/collections/TestTaint.expected

@@ -10,9 +10,9 @@
 | test.py:32 | test_access | b | externally controlled string |
 | test.py:32 | test_access | c | [externally controlled string] |
 | test.py:32 | test_access | d | [externally controlled string] |
-| test.py:32 | test_access | e | externally controlled string |
-| test.py:32 | test_access | f | externally controlled string |
-| test.py:32 | test_access | g | externally controlled string |
+| test.py:32 | test_access | e | NO TAINT |
+| test.py:32 | test_access | f | NO TAINT |
+| test.py:32 | test_access | g | NO TAINT |
 | test.py:34 | test_access | h | externally controlled string |
 | test.py:36 | test_access | i | externally controlled string |
 | test.py:43 | test_dict_access | a | externally controlled string |

python/ql/test/library-tests/taint/namedtuple/TestTaint.expected

@@ -1,7 +1,7 @@
 | test.py:13 | test_basic | a | externally controlled string |
 | test.py:13 | test_basic | b | externally controlled string |
 | test.py:13 | test_basic | c | externally controlled string |
-| test.py:13 | test_basic | d | externally controlled string |
+| test.py:13 | test_basic | d | NO TAINT |
 | test.py:13 | test_basic | urlsplit_res | [externally controlled string] |
 | test.py:19 | test_sanitizer | Attribute | externally controlled string |
 | test.py:22 | test_sanitizer | Attribute | NO TAINT |

python/ql/test/library-tests/taint/unpacking/TestStep.expected

@@ -1,35 +1,8 @@
 | Taint [[externally controlled string]] | test.py:19 | test.py:19:10:19:18 | List |  |  -->  | Taint [[externally controlled string]] | test.py:22 | test.py:22:28:22:29 | ll |  |
 | Taint [[externally controlled string]] | test.py:19 | test.py:19:10:19:18 | List |  |  -->  | Taint [[externally controlled string]] | test.py:26 | test.py:26:28:26:29 | ll |  |
 | Taint [[externally controlled string]] | test.py:19 | test.py:19:10:19:18 | List |  |  -->  | Taint [[externally controlled string]] | test.py:30 | test.py:30:28:30:29 | ll |  |
-| Taint [[externally controlled string]] | test.py:22 | test.py:22:28:22:29 | ll |  |  -->  | Taint [externally controlled string] | test.py:23 | test.py:23:22:23:22 | b |  |
-| Taint [[externally controlled string]] | test.py:22 | test.py:22:28:22:29 | ll |  |  -->  | Taint [externally controlled string] | test.py:23 | test.py:23:25:23:25 | c |  |
-| Taint [[externally controlled string]] | test.py:22 | test.py:22:28:22:29 | ll |  |  -->  | Taint externally controlled string | test.py:23 | test.py:23:10:23:11 | a1 |  |
-| Taint [[externally controlled string]] | test.py:22 | test.py:22:28:22:29 | ll |  |  -->  | Taint externally controlled string | test.py:23 | test.py:23:14:23:15 | a2 |  |
-| Taint [[externally controlled string]] | test.py:22 | test.py:22:28:22:29 | ll |  |  -->  | Taint externally controlled string | test.py:23 | test.py:23:18:23:19 | a3 |  |
-| Taint [[externally controlled string]] | test.py:26 | test.py:26:28:26:29 | ll |  |  -->  | Taint [externally controlled string] | test.py:27 | test.py:27:22:27:22 | b |  |
-| Taint [[externally controlled string]] | test.py:26 | test.py:26:28:26:29 | ll |  |  -->  | Taint [externally controlled string] | test.py:27 | test.py:27:25:27:25 | c |  |
-| Taint [[externally controlled string]] | test.py:26 | test.py:26:28:26:29 | ll |  |  -->  | Taint externally controlled string | test.py:27 | test.py:27:10:27:11 | a1 |  |
-| Taint [[externally controlled string]] | test.py:26 | test.py:26:28:26:29 | ll |  |  -->  | Taint externally controlled string | test.py:27 | test.py:27:14:27:15 | a2 |  |
-| Taint [[externally controlled string]] | test.py:26 | test.py:26:28:26:29 | ll |  |  -->  | Taint externally controlled string | test.py:27 | test.py:27:18:27:19 | a3 |  |
-| Taint [[externally controlled string]] | test.py:30 | test.py:30:28:30:29 | ll |  |  -->  | Taint [externally controlled string] | test.py:31 | test.py:31:22:31:22 | b |  |
-| Taint [[externally controlled string]] | test.py:30 | test.py:30:28:30:29 | ll |  |  -->  | Taint [externally controlled string] | test.py:31 | test.py:31:25:31:25 | c |  |
-| Taint [[externally controlled string]] | test.py:30 | test.py:30:28:30:29 | ll |  |  -->  | Taint externally controlled string | test.py:31 | test.py:31:10:31:11 | a1 |  |
-| Taint [[externally controlled string]] | test.py:30 | test.py:30:28:30:29 | ll |  |  -->  | Taint externally controlled string | test.py:31 | test.py:31:14:31:15 | a2 |  |
-| Taint [[externally controlled string]] | test.py:30 | test.py:30:28:30:29 | ll |  |  -->  | Taint externally controlled string | test.py:31 | test.py:31:18:31:19 | a3 |  |
-| Taint [[externally controlled string]] | test.py:47 | test.py:47:28:47:54 | Tuple |  |  -->  | Taint externally controlled string | test.py:48 | test.py:48:10:48:10 | a |  |
-| Taint [[externally controlled string]] | test.py:47 | test.py:47:28:47:54 | Tuple |  |  -->  | Taint externally controlled string | test.py:48 | test.py:48:13:48:13 | b |  |
-| Taint [[externally controlled string]] | test.py:47 | test.py:47:28:47:54 | Tuple |  |  -->  | Taint externally controlled string | test.py:48 | test.py:48:16:48:16 | c |  |
-| Taint [[externally controlled string]] | test.py:47 | test.py:47:28:47:54 | Tuple |  |  -->  | Taint externally controlled string | test.py:48 | test.py:48:19:48:19 | d |  |
-| Taint [[externally controlled string]] | test.py:47 | test.py:47:28:47:54 | Tuple |  |  -->  | Taint externally controlled string | test.py:48 | test.py:48:22:48:22 | e |  |
-| Taint [[externally controlled string]] | test.py:47 | test.py:47:28:47:54 | Tuple |  |  -->  | Taint externally controlled string | test.py:48 | test.py:48:25:48:25 | f |  |
 | Taint [externally controlled string] | test.py:6 | test.py:6:9:6:20 | TAINTED_LIST |  |  -->  | Taint [externally controlled string] | test.py:7 | test.py:7:15:7:15 | l |  |
-| Taint [externally controlled string] | test.py:7 | test.py:7:15:7:15 | l |  |  -->  | Taint externally controlled string | test.py:8 | test.py:8:10:8:10 | a |  |
-| Taint [externally controlled string] | test.py:7 | test.py:7:15:7:15 | l |  |  -->  | Taint externally controlled string | test.py:8 | test.py:8:13:8:13 | b |  |
-| Taint [externally controlled string] | test.py:7 | test.py:7:15:7:15 | l |  |  -->  | Taint externally controlled string | test.py:8 | test.py:8:16:8:16 | c |  |
 | Taint [externally controlled string] | test.py:12 | test.py:12:9:12:20 | TAINTED_LIST |  |  -->  | Taint [externally controlled string] | test.py:13 | test.py:13:17:13:17 | l |  |
-| Taint [externally controlled string] | test.py:13 | test.py:13:17:13:17 | l |  |  -->  | Taint externally controlled string | test.py:14 | test.py:14:10:14:10 | a |  |
-| Taint [externally controlled string] | test.py:13 | test.py:13:17:13:17 | l |  |  -->  | Taint externally controlled string | test.py:14 | test.py:14:13:14:13 | b |  |
-| Taint [externally controlled string] | test.py:13 | test.py:13:17:13:17 | l |  |  -->  | Taint externally controlled string | test.py:14 | test.py:14:16:14:16 | c |  |
 | Taint [externally controlled string] | test.py:18 | test.py:18:9:18:20 | TAINTED_LIST |  |  -->  | Taint [externally controlled string] | test.py:19 | test.py:19:11:19:11 | l |  |
 | Taint [externally controlled string] | test.py:18 | test.py:18:9:18:20 | TAINTED_LIST |  |  -->  | Taint [externally controlled string] | test.py:19 | test.py:19:14:19:14 | l |  |
 | Taint [externally controlled string] | test.py:18 | test.py:18:9:18:20 | TAINTED_LIST |  |  -->  | Taint [externally controlled string] | test.py:19 | test.py:19:17:19:17 | l |  |

python/ql/test/library-tests/taint/unpacking/TestTaint.expected

@@ -1,33 +1,33 @@
-| test.py:8 | unpacking | a | externally controlled string |
-| test.py:8 | unpacking | b | externally controlled string |
-| test.py:8 | unpacking | c | externally controlled string |
-| test.py:14 | unpacking_to_list | a | externally controlled string |
-| test.py:14 | unpacking_to_list | b | externally controlled string |
-| test.py:14 | unpacking_to_list | c | externally controlled string |
-| test.py:23 | nested | a1 | externally controlled string |
-| test.py:23 | nested | a2 | externally controlled string |
-| test.py:23 | nested | a3 | externally controlled string |
-| test.py:23 | nested | b | [externally controlled string] |
-| test.py:23 | nested | c | [externally controlled string] |
-| test.py:27 | nested | a1 | externally controlled string |
-| test.py:27 | nested | a2 | externally controlled string |
-| test.py:27 | nested | a3 | externally controlled string |
-| test.py:27 | nested | b | [externally controlled string] |
-| test.py:27 | nested | c | [externally controlled string] |
-| test.py:31 | nested | a1 | externally controlled string |
-| test.py:31 | nested | a2 | externally controlled string |
-| test.py:31 | nested | a3 | externally controlled string |
-| test.py:31 | nested | b | [externally controlled string] |
-| test.py:31 | nested | c | [externally controlled string] |
+| test.py:8 | unpacking | a | NO TAINT |
+| test.py:8 | unpacking | b | NO TAINT |
+| test.py:8 | unpacking | c | NO TAINT |
+| test.py:14 | unpacking_to_list | a | NO TAINT |
+| test.py:14 | unpacking_to_list | b | NO TAINT |
+| test.py:14 | unpacking_to_list | c | NO TAINT |
+| test.py:23 | nested | a1 | NO TAINT |
+| test.py:23 | nested | a2 | NO TAINT |
+| test.py:23 | nested | a3 | NO TAINT |
+| test.py:23 | nested | b | NO TAINT |
+| test.py:23 | nested | c | NO TAINT |
+| test.py:27 | nested | a1 | NO TAINT |
+| test.py:27 | nested | a2 | NO TAINT |
+| test.py:27 | nested | a3 | NO TAINT |
+| test.py:27 | nested | b | NO TAINT |
+| test.py:27 | nested | c | NO TAINT |
+| test.py:31 | nested | a1 | NO TAINT |
+| test.py:31 | nested | a2 | NO TAINT |
+| test.py:31 | nested | a3 | NO TAINT |
+| test.py:31 | nested | b | NO TAINT |
+| test.py:31 | nested | c | NO TAINT |
 | test.py:38 | unpack_from_set | a | NO TAINT |
 | test.py:38 | unpack_from_set | b | NO TAINT |
 | test.py:38 | unpack_from_set | c | NO TAINT |
-| test.py:48 | contrived_1 | a | externally controlled string |
-| test.py:48 | contrived_1 | b | externally controlled string |
-| test.py:48 | contrived_1 | c | externally controlled string |
-| test.py:48 | contrived_1 | d | externally controlled string |
-| test.py:48 | contrived_1 | e | externally controlled string |
-| test.py:48 | contrived_1 | f | externally controlled string |
+| test.py:48 | contrived_1 | a | NO TAINT |
+| test.py:48 | contrived_1 | b | NO TAINT |
+| test.py:48 | contrived_1 | c | NO TAINT |
+| test.py:48 | contrived_1 | d | NO TAINT |
+| test.py:48 | contrived_1 | e | NO TAINT |
+| test.py:48 | contrived_1 | f | NO TAINT |
 | test.py:56 | contrived_2 | a | NO TAINT |
 | test.py:56 | contrived_2 | b | NO TAINT |
 | test.py:56 | contrived_2 | c | NO TAINT |