Python: From an Argument to a Parameter

[Sim4n6]

I have a case where the call to function f1() returns an object obj1.
Then the method m() is called on obj1 with an argument a.

The code is in Python:

obj1 = f1() obj1.m(a)

I noticed the source a does not flow to a sink inside the m() method.

I want to write an additional taint step that links the a argument to somehow the a parameter.

Do you have any advice on how to handle such a case, please?

[aeisenberg]

If f() is a library defined in the current program (not in a third party library), then the dataflow should be connected. Can you share a query that you are writing as well as a snippet of code that should be working?

I wrote this simple python script and query and the result was found. Are you trying to do something different?

class Obj: def m(self, a): print(a) def f1(): return Obj() a = 1 obj1 = f1() obj1.m(a)

import python import semmle.python.dataflow.new.DataFlow class SampleConfiguration extends DataFlow::Configuration { SampleConfiguration() { this = "sample" } override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof IntegerLiteral } override predicate isSink(DataFlow::Node sink) { exists(Call print | print.getFunc().pointsTo(Value::named("print")) | print.getArg(0) = sink.asExpr()) } } from DataFlow::Node start, DataFlow::Node end, SampleConfiguration config where config.hasFlow(start, end) select start, end

[Sim4n6]

If f() is a library defined in the current program (not in a third party library).

That was the case maybe let me please think about it through the weekend and get back to you.

[Sim4n6]

thank you , it was my fault a bit lost in the code... thank you again