Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Taint mode does not identify Python keyword arguments as a source #6298

Closed
1 of 3 tasks
minusworld opened this issue Oct 12, 2022 · 1 comment · Fixed by #6336
Closed
1 of 3 tasks

Taint mode does not identify Python keyword arguments as a source #6298

minusworld opened this issue Oct 12, 2022 · 1 comment · Fixed by #6336
Assignees
@IagoAbal
Labels
enhancement New feature or request feature:taint user:internal requested only by someone within Semgrep Inc.

Comments

@minusworld
Copy link
Member

Describe the bug
In this example, https://semgrep.dev/s/4v4l, I want to match any instance of a string beginning with http:// that enters the sinks specified. This works in the expected case, but does not work when the string is the default string of a keyword argument.

To Reproduce
https://semgrep.dev/s/4v4l

Expected behavior
I expect this rule to match on lines 28 and 38 as it's written.

Screenshots
image

What is the priority of the bug to you?

  • P0: blocking your adoption of Semgrep or workflow
  • P1: important to fix or quite annoying
  • P2: regular bug that should get fixed

Environment
If not using semgrep.dev: are you running off docker, an official binary, a local build?

Use case
What will fixing this bug enable for you?

Switching older "fake taint" rules to taint mode
@r2c-demo
Copy link
Collaborator

This issue is synced in Linear at https://linear.app/r2c/issue/PA-1990/taint-mode-does-not-identify-python-keyword-arguments-as-a-source. Note: this link is for r2c use only and is not accessible publicly.

@IagoAbal IagoAbal self-assigned this Oct 18, 2022
@IagoAbal IagoAbal added enhancement New feature or request feature:taint user:internal requested only by someone within Semgrep Inc. labels Oct 18, 2022
IagoAbal added a commit that referenced this issue Oct 18, 2022
@IagoAbal
tainting: Track taint coming from params' default values
4d897f5 
Plus a small refactoring, to make -dfg_tainting use the same code as for
running taint rules, otherwise results can differ sometimes.

Closes #6298
Fixes PA-1991

test plan:
make test # added one test
@IagoAbal IagoAbal mentioned this issue Oct 18, 2022
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@IagoAbal IagoAbal

Labels
enhancement New feature or request feature:taint user:internal requested only by someone within Semgrep Inc.
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

tainting: Track taint coming from params' default values semgrep/semgrep
3 participants
@minusworld @IagoAbal @r2c-demo