Taint mode does not identify Python keyword arguments as a source #6298
Labels
enhancement
New feature or request
feature:taint
user:internal
requested only by someone within Semgrep Inc.
Describe the bug
In this example, https://semgrep.dev/s/4v4l, I want to match any instance of a string beginning with
http://
that enters the sinks specified. This works in the expected case, but does not work when the string is the default string of a keyword argument.To Reproduce
https://semgrep.dev/s/4v4l
Expected behavior
I expect this rule to match on lines 28 and 38 as it's written.
Screenshots
What is the priority of the bug to you?
Environment
If not using semgrep.dev: are you running off docker, an official binary, a local build?
Use case
What will fixing this bug enable for you?
Switching older "fake taint" rules to taint mode
The text was updated successfully, but these errors were encountered: