Merge pull request #15695 from github/tausbn/python-add-copy-method-as-copy-step

RasmusWL · web-flow · commit 42acd9c22c80 · 2024-03-11T09:43:34.000+01:00
Python: Add `.copy()` method call as copy step
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
@@ -195,6 +195,8 @@ predicate copyStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
     call = API::moduleImport("copy").getMember(["copy", "deepcopy"]).getACall() and
     call.getArg(0) = nodeFrom
   )
+  or
+  nodeTo.(DataFlow::MethodCallNode).calls(nodeFrom, "copy")
 }
 
 /**
diff --git a/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.py b/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.py
@@ -216,3 +216,9 @@ def flow_from_within_deepcopy_fp():
 def flow_through_deepcopy_fp(x=[]):
     y = deepcopy(x)
     y.append(1)
+
+# Use of copy method:
+
+def flow_through_copy_fp(x=[]):
+    y = x.copy()
+    y.append(1)

Original file line number	Diff line number	Diff line change
`@@ -195,6 +195,8 @@ predicate copyStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {`
`195`	`195`	`call = API::moduleImport("copy").getMember(["copy", "deepcopy"]).getACall() and`
`196`	`196`	`call.getArg(0) = nodeFrom`
`197`	`197`	`)`
	`198`	`+ or`
	`199`	`+ nodeTo.(DataFlow::MethodCallNode).calls(nodeFrom, "copy")`
`198`	`200`	`}`
`199`	`201`
`200`	`202`	`/**`