Commit 37780ba

author

Ben Caller

committed

AugAssign propagates taint

Before, the variable would be tainted only if the last += was tainted. Now url = 'http://' url += TAINT url += '?x=y' url marked as tainted.

1 parent ff0e042 commit 37780baCopy full SHA for 37780ba

File tree

+11

-2

lines changed

+11

-2

lines changed

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -499,11 +499,12 @@ def visit_AugAssign(self, node):`
`499`	`499`	`rhs_visitor = RHSVisitor()`
`500`	`500`	`rhs_visitor.visit(node.value)`
`501`	`501`
	`502`	`+ lhs = extract_left_hand_side(node.target)`
`502`	`503`	`return self.append_node(AssignmentNode(`
`503`	`504`	`label.result,`
`504`		`- extract_left_hand_side(node.target),`
	`505`	`+ lhs,`
`505`	`506`	`node,`
`506`		`- rhs_visitor.result,`
	`507`	`+ rhs_visitor.result+ [lhs],`
`507`	`508`	`path=self.filenames[-1]`
`508`	`509`	`))`
`509`	`510`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -820,6 +820,14 @@ def test_assignment_starred_list(self):`
`820`	`820`	`[('a', ['d']), ('b', ['d']), ('c', ['e'])],`
`821`	`821`	`)`
`822`	`822`
	`823`	`+ def test_augmented_assignment(self):`
	`824`	`+ self.cfg_create_from_ast(ast.parse('a+=f(b,c)'))`
	`825`	`+`
	`826`	`+ (node,) = self.cfg.nodes[1:-1]`
	`827`	`+ self.assertEqual(node.label, 'a += f(b, c)')`
	`828`	`+ self.assertEqual(node.left_hand_side, 'a')`
	`829`	`+ self.assertEqual(node.right_hand_side_variables, ['b', 'c', 'a'])`
	`830`	`+`
`823`	`831`
`824`	`832`	`class CFGComprehensionTest(CFGBaseTestCase):`
`825`	`833`	`def test_nodes(self):`

Comments

(0)