@oculum/scanner 1.0.14 → 1.0.15

package/src/__tests__/taint/python-taint.test.ts

@@ -0,0 +1,1344 @@
+/**
+ * Python Taint Engine Tests
+ *
+ * Tests for Python taint sources, sinks, sanitizers, CFG building,
+ * def-use extraction, and end-to-end taint flow detection.
+ */
+
+import { parseFile, clearASTCache } from '../../parse/ast'
+import type { ParsedAST } from '../../parse/ast'
+import { classifySources } from '../../taint/source-classifier'
+import { classifySinks } from '../../taint/sink-classifier'
+import { buildSanitizerRegistry } from '../../taint/sanitizer-registry'
+import { buildFileCFGs } from '../../taint/cfg-builder'
+import { computeDefUse } from '../../taint/def-use'
+import { analyzeTaintsForFile } from '../../taint/taint-analyzer'
+import type { TaintSource, TaintSourceType } from '../../taint/types'
+import type { TaintSink, TaintSinkType } from '../../taint/types'
+
+// Side-effect imports to register taint flow rules
+import '../../detect/ast-rules/taint-flow-ast'
+
+function parsePython(code: string, filePath = 'app.py'): ParsedAST {
+  const ast = parseFile(code, filePath)
+  if (!ast) throw new Error('Failed to parse Python code')
+  return ast
+}
+
+function getSources(code: string): TaintSource[] {
+  return classifySources(parsePython(code))
+}
+
+function getSinks(code: string): TaintSink[] {
+  return classifySinks(parsePython(code))
+}
+
+function findSourceByType(sources: TaintSource[], type: TaintSourceType): TaintSource | undefined {
+  return sources.find(s => s.sourceType === type)
+}
+
+function findSinkByType(sinks: TaintSink[], type: TaintSinkType): TaintSink | undefined {
+  return sinks.find(s => s.sinkType === type)
+}
+
+beforeEach(() => {
+  clearASTCache()
+})
+
+// ============================================================================
+// Source Classifier Tests
+// ============================================================================
+
+describe('Python Source Classifier', () => {
+  describe('Flask sources', () => {
+    it('detects request.form', () => {
+      const sources = getSources(`
+from flask import request
+name = request.form['name']
+`)
+      const s = findSourceByType(sources, 'http_body')
+      expect(s).toBeDefined()
+      expect(s!.confidence).toBe('high')
+      expect(s!.framework).toBe('flask')
+    })
+
+    it('detects request.args', () => {
+      const sources = getSources(`
+from flask import request
+q = request.args.get('q')
+`)
+      const s = findSourceByType(sources, 'http_query')
+      expect(s).toBeDefined()
+      expect(s!.confidence).toBe('high')
+    })
+
+    it('detects request.json', () => {
+      const sources = getSources(`
+from flask import request
+data = request.json
+`)
+      const s = findSourceByType(sources, 'http_body')
+      expect(s).toBeDefined()
+    })
+
+    it('detects request.data', () => {
+      const sources = getSources(`
+from flask import request
+raw = request.data
+`)
+      const s = findSourceByType(sources, 'http_body')
+      expect(s).toBeDefined()
+    })
+
+    it('detects request.values', () => {
+      const sources = getSources(`
+from flask import request
+val = request.values
+`)
+      const s = findSourceByType(sources, 'http_body')
+      expect(s).toBeDefined()
+    })
+
+    it('detects request.files', () => {
+      const sources = getSources(`
+from flask import request
+f = request.files
+`)
+      const s = findSourceByType(sources, 'file_upload')
+      expect(s).toBeDefined()
+    })
+  })
+
+  describe('Django sources', () => {
+    it('detects request.GET', () => {
+      const sources = getSources(`
+def view(request):
+    search = request.GET['q']
+`)
+      const s = findSourceByType(sources, 'http_query')
+      expect(s).toBeDefined()
+      expect(s!.framework).toBe('django')
+    })
+
+    it('detects request.POST', () => {
+      const sources = getSources(`
+def view(request):
+    name = request.POST['name']
+`)
+      const s = findSourceByType(sources, 'http_body')
+      expect(s).toBeDefined()
+      expect(s!.framework).toBe('django')
+    })
+
+    it('detects request.FILES', () => {
+      const sources = getSources(`
+def view(request):
+    f = request.FILES
+`)
+      const s = findSourceByType(sources, 'file_upload')
+      expect(s).toBeDefined()
+    })
+
+    it('detects request.META', () => {
+      const sources = getSources(`
+def view(request):
+    host = request.META
+`)
+      const s = findSourceByType(sources, 'http_headers')
+      expect(s).toBeDefined()
+    })
+
+    it('detects request.COOKIES', () => {
+      const sources = getSources(`
+def view(request):
+    c = request.COOKIES
+`)
+      const s = findSourceByType(sources, 'http_headers')
+      expect(s).toBeDefined()
+    })
+  })
+
+  describe('Python general sources', () => {
+    it('detects sys.argv', () => {
+      const sources = getSources(`
+import sys
+arg = sys.argv[1]
+`)
+      const s = findSourceByType(sources, 'cli_args')
+      expect(s).toBeDefined()
+    })
+
+    it('detects os.environ', () => {
+      const sources = getSources(`
+import os
+val = os.environ
+`)
+      const s = findSourceByType(sources, 'env_var')
+      expect(s).toBeDefined()
+    })
+
+    it('detects input() builtin', () => {
+      const sources = getSources(`
+name = input("Enter name: ")
+`)
+      const s = findSourceByType(sources, 'cli_args')
+      expect(s).toBeDefined()
+      expect(s!.confidence).toBe('high')
+      expect(s!.framework).toBe('python')
+    })
+
+    it('does NOT flag static strings as sources', () => {
+      const sources = getSources(`
+name = "hello"
+x = 42
+`)
+      expect(sources).toHaveLength(0)
+    })
+  })
+})
+
+// ============================================================================
+// Sink Classifier Tests
+// ============================================================================
+
+describe('Python Sink Classifier', () => {
+  it('detects cursor.execute(f-string) as sql_query sink', () => {
+    const sinks = getSinks(`
+import sqlite3
+conn = sqlite3.connect('db.sqlite')
+cursor = conn.cursor()
+name = "test"
+cursor.execute(f"SELECT * FROM users WHERE name = '{name}'")
+`)
+    const s = findSinkByType(sinks, 'sql_query')
+    expect(s).toBeDefined()
+    expect(s!.vulnerableToKinds.has('sql')).toBe(true)
+  })
+
+  it('does NOT flag parameterized queries', () => {
+    const sinks = getSinks(`
+import sqlite3
+cursor = sqlite3.connect('db.sqlite').cursor()
+cursor.execute("SELECT * FROM users WHERE name = %s", (name,))
+`)
+    const s = findSinkByType(sinks, 'sql_query')
+    expect(s).toBeUndefined()
+  })
+
+  it('detects subprocess.run as command_exec sink', () => {
+    const sinks = getSinks(`
+import subprocess
+cmd = "ls"
+subprocess.run(cmd, shell=True)
+`)
+    const s = findSinkByType(sinks, 'command_exec')
+    expect(s).toBeDefined()
+  })
+
+  it('detects os.system as command_exec sink', () => {
+    const sinks = getSinks(`
+import os
+cmd = user_input
+os.system(cmd)
+`)
+    const s = findSinkByType(sinks, 'command_exec')
+    expect(s).toBeDefined()
+  })
+
+  it('detects open() as path_access sink', () => {
+    const sinks = getSinks(`
+path = user_path
+f = open(path)
+`)
+    const s = findSinkByType(sinks, 'path_access')
+    expect(s).toBeDefined()
+  })
+
+  it('detects requests.get as http_request sink', () => {
+    const sinks = getSinks(`
+import requests
+url = user_url
+requests.get(url)
+`)
+    const s = findSinkByType(sinks, 'http_request')
+    expect(s).toBeDefined()
+  })
+
+  it('does NOT flag static URL in requests.get', () => {
+    const sinks = getSinks(`
+import requests
+requests.get("https://api.example.com/data")
+`)
+    const s = findSinkByType(sinks, 'http_request')
+    expect(s).toBeUndefined()
+  })
+
+  it('detects render_template_string as template_render sink', () => {
+    const sinks = getSinks(`
+from flask import render_template_string
+html = user_input
+render_template_string(html)
+`)
+    const s = findSinkByType(sinks, 'template_render')
+    expect(s).toBeDefined()
+  })
+
+  it('detects redirect() as redirect sink', () => {
+    const sinks = getSinks(`
+from flask import redirect
+url = user_url
+redirect(url)
+`)
+    const s = findSinkByType(sinks, 'redirect')
+    expect(s).toBeDefined()
+  })
+
+  it('detects eval() as eval sink', () => {
+    const sinks = getSinks(`
+code = user_input
+eval(code)
+`)
+    const s = findSinkByType(sinks, 'eval')
+    expect(s).toBeDefined()
+  })
+
+  it('detects exec() as eval sink', () => {
+    const sinks = getSinks(`
+code = user_input
+exec(code)
+`)
+    const s = findSinkByType(sinks, 'eval')
+    expect(s).toBeDefined()
+  })
+
+  it('detects Django raw() as sql_query sink', () => {
+    const sinks = getSinks(`
+query = "SELECT * FROM users WHERE name = '" + name + "'"
+result = User.objects.raw(query)
+`)
+    const s = findSinkByType(sinks, 'sql_query')
+    expect(s).toBeDefined()
+  })
+
+  it('detects mark_safe as template_render sink', () => {
+    const sinks = getSinks(`
+from django.utils.safestring import mark_safe
+html = user_input
+safe = mark_safe(html)
+`)
+    const s = findSinkByType(sinks, 'template_render')
+    expect(s).toBeDefined()
+  })
+})
+
+// ============================================================================
+// CFG Builder Tests
+// ============================================================================
+
+describe('Python CFG Builder', () => {
+  it('discovers function_definition', () => {
+    const ast = parsePython(`
+def hello(name):
+    print(name)
+`)
+    const cfgs = buildFileCFGs(ast)
+    expect(cfgs.has('hello')).toBe(true)
+  })
+
+  it('discovers class method as ClassName.method', () => {
+    const ast = parsePython(`
+class MyClass:
+    def my_method(self):
+        pass
+`)
+    const cfgs = buildFileCFGs(ast)
+    expect(cfgs.has('MyClass.my_method')).toBe(true)
+  })
+
+  it('creates <module> CFG for module-level code', () => {
+    const ast = parsePython(`
+import os
+x = 1
+print(x)
+`)
+    const cfgs = buildFileCFGs(ast)
+    expect(cfgs.has('<module>')).toBe(true)
+  })
+
+  it('handles if/elif/else branches with proper condition nodes', () => {
+    const ast = parsePython(`
+def check(x):
+    if x > 0:
+        return "positive"
+    elif x < 0:
+        return "negative"
+    else:
+        return "zero"
+`)
+    const cfgs = buildFileCFGs(ast)
+    const cfg = cfgs.get('check')
+    expect(cfg).toBeDefined()
+    // Should have 2 condition nodes (if + elif), NOT treating elif as opaque statement
+    const condNodes = [...cfg!.nodes.values()].filter(n => n.kind === 'condition')
+    expect(condNodes.length).toBe(2)
+    expect(condNodes.map(n => n.label)).toEqual(
+      expect.arrayContaining([expect.stringContaining('x > 0'), expect.stringContaining('x < 0')])
+    )
+  })
+
+  it('includes else block in CFG when elif is present', () => {
+    const ast = parsePython(`
+def check(x):
+    if x > 0:
+        a = 1
+    elif x < 0:
+        a = 2
+    else:
+        a = 3
+    return a
+`)
+    const cfgs = buildFileCFGs(ast)
+    const cfg = cfgs.get('check')
+    expect(cfg).toBeDefined()
+    // All three assignments should be in the CFG (not just if and elif)
+    const labels = [...cfg!.nodes.values()].map(n => n.label)
+    expect(labels.some(l => l?.includes('a = 3'))).toBe(true)
+  })
+
+  it('handles while loop with break', () => {
+    const ast = parsePython(`
+def loop():
+    while True:
+        x = input()
+        if x == "quit":
+            break
+`)
+    const cfgs = buildFileCFGs(ast)
+    const cfg = cfgs.get('loop')
+    expect(cfg).toBeDefined()
+  })
+
+  it('handles for loop', () => {
+    const ast = parsePython(`
+def iterate(items):
+    for item in items:
+        print(item)
+`)
+    const cfgs = buildFileCFGs(ast)
+    const cfg = cfgs.get('iterate')
+    expect(cfg).toBeDefined()
+    expect(cfg!.nodes.size).toBeGreaterThan(2)
+  })
+
+  it('includes finally block in CFG', () => {
+    const ast = parsePython(`
+def safe():
+    try:
+        x = dangerous()
+    except ValueError as e:
+        print(e)
+    finally:
+        cleanup()
+`)
+    const cfgs = buildFileCFGs(ast)
+    const cfg = cfgs.get('safe')
+    expect(cfg).toBeDefined()
+    // The finally block's cleanup() should be a node in the CFG
+    const labels = [...cfg!.nodes.values()].map(n => n.label)
+    expect(labels.some(l => l?.includes('cleanup'))).toBe(true)
+  })
+
+  it('handles raise statement', () => {
+    const ast = parsePython(`
+def check(x):
+    if x < 0:
+        raise ValueError("negative")
+    return x
+`)
+    const cfgs = buildFileCFGs(ast)
+    const cfg = cfgs.get('check')
+    expect(cfg).toBeDefined()
+  })
+})
+
+// ============================================================================
+// Def-Use Tests
+// ============================================================================
+
+describe('Python Def-Use', () => {
+  it('extracts defs/uses from assignment: x = y + z', () => {
+    const ast = parsePython(`x = y + z`)
+    const root = ast.tree.rootNode
+    // Find the assignment node
+    const assignment = root.descendantsOfType('assignment')[0]
+    expect(assignment).toBeDefined()
+    const { defs, uses } = computeDefUse(assignment)
+    expect(defs.has('x')).toBe(true)
+    expect(uses.has('y')).toBe(true)
+    expect(uses.has('z')).toBe(true)
+  })
+
+  it('extracts defs/uses from function call: result = func(a, b)', () => {
+    const ast = parsePython(`result = func(a, b)`)
+    const root = ast.tree.rootNode
+    const assignment = root.descendantsOfType('assignment')[0]
+    const { defs, uses } = computeDefUse(assignment)
+    expect(defs.has('result')).toBe(true)
+    expect(uses.has('func')).toBe(true)
+    expect(uses.has('a')).toBe(true)
+    expect(uses.has('b')).toBe(true)
+  })
+
+  it('extracts defs/uses from attribute assignment: obj.attr = val', () => {
+    const ast = parsePython(`obj.attr = val`)
+    const root = ast.tree.rootNode
+    const assignment = root.descendantsOfType('assignment')[0]
+    const { defs, uses } = computeDefUse(assignment)
+    expect(defs.has('obj')).toBe(true)
+    expect(uses.has('obj')).toBe(true)
+    expect(uses.has('val')).toBe(true)
+  })
+
+  it('extracts defs from tuple unpacking: a, b = get_pair()', () => {
+    const ast = parsePython(`a, b = get_pair()`)
+    const root = ast.tree.rootNode
+    const assignment = root.descendantsOfType('assignment')[0]
+    const { defs, uses } = computeDefUse(assignment)
+    expect(defs.has('a')).toBe(true)
+    expect(defs.has('b')).toBe(true)
+    expect(uses.has('get_pair')).toBe(true)
+  })
+
+  it('extracts uses from augmented assignment: x += y', () => {
+    const ast = parsePython(`x += y`)
+    const root = ast.tree.rootNode
+    const augmented = root.descendantsOfType('augmented_assignment')[0]
+    const { defs, uses } = computeDefUse(augmented)
+    expect(defs.has('x')).toBe(true)
+    expect(uses.has('x')).toBe(true)
+    expect(uses.has('y')).toBe(true)
+  })
+
+  it('does not recurse into function_definition body', () => {
+    const ast = parsePython(`
+def foo():
+    x = 1
+y = foo()
+`)
+    const root = ast.tree.rootNode
+    // The module-level assignment
+    const assignments = root.descendantsOfType('assignment')
+    // Filter to module-level assignment only (y = foo())
+    const moduleAssignment = assignments.find(a => a.parent?.type === 'expression_statement' && a.parent?.parent?.type === 'module')
+    expect(moduleAssignment).toBeDefined()
+    const { defs, uses } = computeDefUse(moduleAssignment!)
+    expect(defs.has('y')).toBe(true)
+    expect(uses.has('foo')).toBe(true)
+    // Should NOT have x from inside the function
+    expect(defs.has('x')).toBe(false)
+  })
+
+  it('handles Python keyword arguments', () => {
+    const ast = parsePython(`result = func(key=value)`)
+    const root = ast.tree.rootNode
+    const assignment = root.descendantsOfType('assignment')[0]
+    const { defs, uses } = computeDefUse(assignment)
+    expect(defs.has('result')).toBe(true)
+    expect(uses.has('func')).toBe(true)
+    expect(uses.has('value')).toBe(true)
+  })
+
+  it('skips Python keyword identifiers (None, True, False, self)', () => {
+    const ast = parsePython(`x = None`)
+    const root = ast.tree.rootNode
+    const assignment = root.descendantsOfType('assignment')[0]
+    const { defs, uses } = computeDefUse(assignment)
+    expect(defs.has('x')).toBe(true)
+    // None should be in literals, not uses
+    expect(uses.has('None')).toBe(false)
+  })
+})
+
+// ============================================================================
+// Sanitizer Tests
+// ============================================================================
+
+describe('Python Sanitizer Registry', () => {
+  it('detects int() as universal sanitizer', () => {
+    const ast = parsePython(`
+x = input()
+safe = int(x)
+`)
+    const sanitizers = buildSanitizerRegistry(ast)
+    const intSan = sanitizers.find(s => s.name === 'int')
+    expect(intSan).toBeDefined()
+    expect([...intSan!.clearsKinds]).toEqual(expect.arrayContaining(['sql', 'xss', 'command']))
+  })
+
+  it('detects float() as universal sanitizer', () => {
+    const ast = parsePython(`
+x = input()
+safe = float(x)
+`)
+    const sanitizers = buildSanitizerRegistry(ast)
+    expect(sanitizers.find(s => s.name === 'float')).toBeDefined()
+  })
+
+  it('detects bool() as universal sanitizer', () => {
+    const ast = parsePython(`
+x = input()
+safe = bool(x)
+`)
+    const sanitizers = buildSanitizerRegistry(ast)
+    expect(sanitizers.find(s => s.name === 'bool')).toBeDefined()
+  })
+
+  it('detects bleach.clean as xss sanitizer when imported', () => {
+    const ast = parsePython(`
+import bleach
+html = user_input
+safe = bleach.clean(html)
+`)
+    const sanitizers = buildSanitizerRegistry(ast)
+    const bleachSan = sanitizers.find(s => s.name === 'bleach.clean')
+    expect(bleachSan).toBeDefined()
+    expect(bleachSan!.clearsKinds.has('xss')).toBe(true)
+  })
+
+  it('detects shlex.quote as command sanitizer when imported', () => {
+    const ast = parsePython(`
+import shlex
+cmd = user_input
+safe = shlex.quote(cmd)
+`)
+    const sanitizers = buildSanitizerRegistry(ast)
+    const shlexSan = sanitizers.find(s => s.name === 'shlex.quote')
+    expect(shlexSan).toBeDefined()
+    expect(shlexSan!.clearsKinds.has('command')).toBe(true)
+  })
+})
+
+// ============================================================================
+// End-to-End Taint Flow Tests
+// ============================================================================
+
+describe('Python End-to-End Taint Flow', () => {
+  it('detects Flask SQL injection: request.form → cursor.execute(f-string)', () => {
+    const ast = parsePython(`
+from flask import request
+import sqlite3
+
+def search():
+    name = request.form['name']
+    conn = sqlite3.connect('db.sqlite')
+    cursor = conn.cursor()
+    cursor.execute(f"SELECT * FROM users WHERE name = '{name}'")
+`, 'routes/search.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const sqlFinding = findings.find(f => f.matchingKinds.has('sql'))
+    expect(sqlFinding).toBeDefined()
+    expect(sqlFinding!.source.sourceType).toBe('http_body')
+    expect(sqlFinding!.sink.sinkType).toBe('sql_query')
+  })
+
+  it('detects Django command injection: request.POST → os.system', () => {
+    const ast = parsePython(`
+import os
+
+def run_command(request):
+    cmd = request.POST['cmd']
+    os.system(cmd)
+`, 'views/admin.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const cmdFinding = findings.find(f => f.matchingKinds.has('command'))
+    expect(cmdFinding).toBeDefined()
+    expect(cmdFinding!.source.sourceType).toBe('http_body')
+    expect(cmdFinding!.sink.sinkType).toBe('command_exec')
+  })
+
+  it('detects Flask SSRF: request.args → requests.get', () => {
+    const ast = parsePython(`
+from flask import request
+import requests
+
+def proxy():
+    url = request.args['url']
+    resp = requests.get(url)
+`, 'routes/proxy.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const ssrfFinding = findings.find(f => f.matchingKinds.has('ssrf'))
+    expect(ssrfFinding).toBeDefined()
+    expect(ssrfFinding!.sink.sinkType).toBe('http_request')
+  })
+
+  it('detects path traversal: request.form → open()', () => {
+    const ast = parsePython(`
+from flask import request
+
+def read_file():
+    path = request.form['file']
+    f = open(path)
+`, 'routes/files.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const pathFinding = findings.find(f => f.matchingKinds.has('path'))
+    expect(pathFinding).toBeDefined()
+    expect(pathFinding!.sink.sinkType).toBe('path_access')
+  })
+
+  it('does NOT flag sanitized flow: request.form → int() → cursor.execute', () => {
+    // int() sanitizer must be on a SEPARATE line from the source assignment.
+    // At the source node, seed re-injection overrides sanitizers (by design).
+    const ast = parsePython(`
+from flask import request
+import sqlite3
+
+def get_user():
+    raw_id = request.form['id']
+    user_id = int(raw_id)
+    conn = sqlite3.connect('db.sqlite')
+    cursor = conn.cursor()
+    cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
+`, 'routes/users.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const sqlFinding = findings.find(f => f.matchingKinds.has('sql'))
+    // int() sanitizes all taint kinds, so no SQL finding should appear
+    expect(sqlFinding).toBeUndefined()
+  })
+
+  it('does NOT flag parameterized query', () => {
+    const ast = parsePython(`
+from flask import request
+import sqlite3
+
+def safe_search():
+    name = request.form['name']
+    conn = sqlite3.connect('db.sqlite')
+    cursor = conn.cursor()
+    cursor.execute("SELECT * FROM users WHERE name = %s", (name,))
+`, 'routes/safe.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const sqlFinding = findings.find(f => f.matchingKinds.has('sql'))
+    expect(sqlFinding).toBeUndefined()
+  })
+
+  it('detects multi-step taint: form → variable → f-string → execute', () => {
+    const ast = parsePython(`
+from flask import request
+import sqlite3
+
+def complex_search():
+    name = request.form['name']
+    query = f"SELECT * FROM users WHERE name = '{name}'"
+    conn = sqlite3.connect('db.sqlite')
+    cursor = conn.cursor()
+    cursor.execute(query)
+`, 'routes/complex.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const sqlFinding = findings.find(f => f.matchingKinds.has('sql'))
+    expect(sqlFinding).toBeDefined()
+  })
+
+  it('detects eval with user input', () => {
+    const ast = parsePython(`
+from flask import request
+
+def dangerous():
+    code = request.form['code']
+    eval(code)
+`, 'routes/danger.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const cmdFinding = findings.find(f => f.matchingKinds.has('command'))
+    expect(cmdFinding).toBeDefined()
+    expect(cmdFinding!.sink.sinkType).toBe('eval')
+  })
+
+  it('detects redirect with user input', () => {
+    const ast = parsePython(`
+from flask import request, redirect
+
+def redir():
+    url = request.args['next']
+    return redirect(url)
+`, 'routes/redir.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const ssrfFinding = findings.find(f => f.matchingKinds.has('ssrf'))
+    expect(ssrfFinding).toBeDefined()
+    expect(ssrfFinding!.sink.sinkType).toBe('redirect')
+  })
+
+  it('detects render_template_string with user input (XSS)', () => {
+    const ast = parsePython(`
+from flask import request, render_template_string
+
+def template():
+    name = request.form['name']
+    return render_template_string(name)
+`, 'routes/template.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const xssFinding = findings.find(f => f.matchingKinds.has('xss'))
+    expect(xssFinding).toBeDefined()
+    expect(xssFinding!.sink.sinkType).toBe('template_render')
+  })
+
+  it('detects taint flow through else block of if/elif/else', () => {
+    const ast = parsePython(`
+from flask import request
+import sqlite3
+
+def search(mode):
+    if mode == 'safe':
+        name = 'default'
+    elif mode == 'other':
+        name = 'other'
+    else:
+        name = request.form['name']
+    conn = sqlite3.connect('db.sqlite')
+    cursor = conn.cursor()
+    cursor.execute(f"SELECT * FROM users WHERE name = '{name}'")
+`, 'routes/elif_else.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const sqlFinding = findings.find(f => f.matchingKinds.has('sql'))
+    expect(sqlFinding).toBeDefined()
+    expect(sqlFinding!.source.sourceType).toBe('http_body')
+    expect(sqlFinding!.sink.sinkType).toBe('sql_query')
+  })
+
+  it('detects taint flow through elif block', () => {
+    const ast = parsePython(`
+from flask import request
+import os
+
+def run(mode):
+    if mode == 'safe':
+        cmd = 'echo safe'
+    elif mode == 'user':
+        cmd = request.form['cmd']
+    else:
+        cmd = 'echo default'
+    os.system(cmd)
+`, 'routes/elif.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const cmdFinding = findings.find(f => f.matchingKinds.has('command'))
+    expect(cmdFinding).toBeDefined()
+    expect(cmdFinding!.sink.sinkType).toBe('command_exec')
+  })
+})
+
+// ============================================================================
+// Python LLM Output Source Tests
+// ============================================================================
+
+describe('Python LLM output sources', () => {
+  it('detects OpenAI response.choices[0].message.content as llm_output', () => {
+    const sources = getSources(`
+from openai import OpenAI
+client = OpenAI()
+response = client.chat.completions.create(model="gpt-4", messages=[])
+text = response.choices[0].message.content
+`)
+    const s = findSourceByType(sources, 'llm_output')
+    expect(s).toBeDefined()
+  })
+
+  it('detects Anthropic response.content[0].text as llm_output', () => {
+    const sources = getSources(`
+import anthropic
+client = anthropic.Anthropic()
+response = client.messages.create(model="claude-3", messages=[])
+text = response.content[0].text
+`)
+    const s = findSourceByType(sources, 'llm_output')
+    expect(s).toBeDefined()
+  })
+
+  it('detects LlamaIndex response.response as llm_output', () => {
+    const sources = getSources(`
+from llama_index import VectorStoreIndex
+index = VectorStoreIndex.from_documents(docs)
+query_engine = index.as_query_engine()
+response = query_engine.query("question")
+text = response.response
+`)
+    const s = findSourceByType(sources, 'llm_output')
+    expect(s).toBeDefined()
+  })
+
+  it('detects import-aware LLM call return: from openai import OpenAI', () => {
+    const sources = getSources(`
+from openai import OpenAI
+client = OpenAI()
+result = client.chat.completions.create(model="gpt-4", messages=[])
+`)
+    const llmSource = sources.find(s => s.sourceType === 'llm_output' && s.variable === 'result')
+    expect(llmSource).toBeDefined()
+    expect(llmSource!.confidence).toBe('high')
+  })
+
+  it('detects import-aware LLM call return: from langchain_openai import ChatOpenAI', () => {
+    const sources = getSources(`
+from langchain_openai import ChatOpenAI
+llm = ChatOpenAI(model="gpt-4")
+result = llm.invoke("hello")
+`)
+    const llmSource = sources.find(s => s.sourceType === 'llm_output' && s.variable === 'result')
+    expect(llmSource).toBeDefined()
+  })
+})
+
+// ============================================================================
+// FastAPI Source Tests
+// ============================================================================
+
+describe('FastAPI sources', () => {
+  it('detects Query() parameter as http_query source', () => {
+    const sources = getSources(`
+from fastapi import FastAPI, Query
+
+app = FastAPI()
+
+@app.get("/search")
+def search(q: str = Query(...)):
+    return {"q": q}
+`)
+    const s = findSourceByType(sources, 'http_query')
+    expect(s).toBeDefined()
+    expect(s!.framework).toBe('fastapi')
+    expect(s!.variable).toBe('q')
+  })
+
+  it('detects Body() parameter as http_body source', () => {
+    const sources = getSources(`
+from fastapi import FastAPI, Body
+
+app = FastAPI()
+
+@app.post("/submit")
+def submit(data: dict = Body(...)):
+    return data
+`)
+    const s = findSourceByType(sources, 'http_body')
+    expect(s).toBeDefined()
+    expect(s!.framework).toBe('fastapi')
+  })
+
+  it('detects Form() parameter as form_data source', () => {
+    const sources = getSources(`
+from fastapi import FastAPI, Form
+
+app = FastAPI()
+
+@app.post("/login")
+def login(username: str = Form(...)):
+    return {"user": username}
+`)
+    const s = findSourceByType(sources, 'form_data')
+    expect(s).toBeDefined()
+    expect(s!.framework).toBe('fastapi')
+  })
+
+  it('detects request.query_params as http_query source', () => {
+    const sources = getSources(`
+from fastapi import Request
+
+async def handler(request: Request):
+    q = request.query_params
+`)
+    const s = findSourceByType(sources, 'http_query')
+    expect(s).toBeDefined()
+    expect(s!.framework).toBe('fastapi')
+  })
+
+  it('does NOT flag plain function parameters without FastAPI decorators', () => {
+    const sources = getSources(`
+def plain_function(q: str = "default"):
+    return q
+`)
+    const s = findSourceByType(sources, 'http_query')
+    expect(s).toBeUndefined()
+  })
+})
+
+// ============================================================================
+// Python LLM Prompt Sink Tests
+// ============================================================================
+
+describe('Python LLM prompt sinks', () => {
+  // P1: OpenAI
+  it('detects OpenAI messages with system role as system_prompt sink', () => {
+    const sinks = getSinks(`
+from openai import OpenAI
+client = OpenAI()
+text = dynamic_input
+client.chat.completions.create(
+    model="gpt-4",
+    messages=[{"role": "system", "content": text}]
+)
+`)
+    const s = findSinkByType(sinks, 'system_prompt')
+    expect(s).toBeDefined()
+  })
+
+  it('does NOT flag OpenAI messages with user role (user role is intended for user input)', () => {
+    const sinks = getSinks(`
+from openai import OpenAI
+client = OpenAI()
+msg = dynamic_input
+client.chat.completions.create(
+    model="gpt-4",
+    messages=[{"role": "user", "content": msg}]
+)
+`)
+    const promptSinks = sinks.filter(s => s.sinkType === 'prompt_construction' || s.sinkType === 'system_prompt')
+    expect(promptSinks).toHaveLength(0)
+  })
+
+  it('does NOT flag static string messages in OpenAI call', () => {
+    const sinks = getSinks(`
+from openai import OpenAI
+client = OpenAI()
+client.chat.completions.create(
+    model="gpt-4",
+    messages=[{"role": "user", "content": "Hello, how are you?"}]
+)
+`)
+    const promptSink = sinks.find(s => s.sinkType === 'prompt_construction' || s.sinkType === 'system_prompt')
+    expect(promptSink).toBeUndefined()
+  })
+
+  // P2: Anthropic
+  it('detects Anthropic system= keyword as system_prompt sink', () => {
+    const sinks = getSinks(`
+import anthropic
+client = anthropic.Anthropic()
+sys_prompt = dynamic_text
+client.messages.create(
+    model="claude-3",
+    system=sys_prompt,
+    messages=[]
+)
+`)
+    const s = findSinkByType(sinks, 'system_prompt')
+    expect(s).toBeDefined()
+  })
+
+  it('does NOT flag Anthropic messages with user role (user role is intended for user input)', () => {
+    const sinks = getSinks(`
+import anthropic
+client = anthropic.Anthropic()
+msg = user_input
+client.messages.create(
+    model="claude-3",
+    messages=[{"role": "user", "content": msg}]
+)
+`)
+    const promptSinks = sinks.filter(s => s.sinkType === 'prompt_construction' || s.sinkType === 'system_prompt')
+    expect(promptSinks).toHaveLength(0)
+  })
+
+  // P3: LangChain
+  it('detects SystemMessage(content=dynamic) as system_prompt sink', () => {
+    const sinks = getSinks(`
+from langchain_core.messages import SystemMessage
+text = user_input
+msg = SystemMessage(content=text)
+`)
+    const s = findSinkByType(sinks, 'system_prompt')
+    expect(s).toBeDefined()
+  })
+
+  it('detects HumanMessage(content=dynamic) as prompt_construction sink', () => {
+    const sinks = getSinks(`
+from langchain_core.messages import HumanMessage
+text = user_input
+msg = HumanMessage(content=text)
+`)
+    const s = findSinkByType(sinks, 'prompt_construction')
+    expect(s).toBeDefined()
+  })
+
+  it('detects SystemMessage(dynamic) positional arg as system_prompt sink', () => {
+    const sinks = getSinks(`
+from langchain_core.messages import SystemMessage
+text = user_input
+msg = SystemMessage(text)
+`)
+    const s = findSinkByType(sinks, 'system_prompt')
+    expect(s).toBeDefined()
+  })
+
+  // P4: Generic LLM methods
+  it('detects llm.invoke(user_input) as prompt_construction sink', () => {
+    const sinks = getSinks(`
+from langchain_openai import ChatOpenAI
+llm = ChatOpenAI()
+text = user_input
+llm.invoke(text)
+`)
+    const s = findSinkByType(sinks, 'prompt_construction')
+    expect(s).toBeDefined()
+  })
+
+  it('detects chain.run(user_input) as prompt_construction sink', () => {
+    const sinks = getSinks(`
+from langchain_openai import ChatOpenAI
+chain = ChatOpenAI()
+text = user_input
+chain.run(text)
+`)
+    const s = findSinkByType(sinks, 'prompt_construction')
+    expect(s).toBeDefined()
+  })
+
+  // P5: messages.append
+  it('detects messages.append({"role": "system", "content": dynamic}) as system_prompt', () => {
+    const sinks = getSinks(`
+messages = []
+text = user_input
+messages.append({"role": "system", "content": text})
+`)
+    const s = findSinkByType(sinks, 'system_prompt')
+    expect(s).toBeDefined()
+  })
+
+  it('does NOT flag messages.append with user role (user role is intended for user input)', () => {
+    const sinks = getSinks(`
+messages = []
+text = user_input
+messages.append({"role": "user", "content": text})
+`)
+    const promptSinks = sinks.filter(s => s.sinkType === 'prompt_construction' || s.sinkType === 'system_prompt')
+    expect(promptSinks).toHaveLength(0)
+  })
+
+  // P6: Google AI
+  it('detects model.generate_content(dynamic) as prompt_construction sink', () => {
+    const sinks = getSinks(`
+import google.generativeai as genai
+model = genai.GenerativeModel('gemini-pro')
+text = user_input
+model.generate_content(text)
+`)
+    const s = findSinkByType(sinks, 'prompt_construction')
+    expect(s).toBeDefined()
+  })
+
+  // P7: LlamaIndex
+  it('detects query_engine.query(user_input) as prompt_construction sink', () => {
+    const sinks = getSinks(`
+from llama_index import VectorStoreIndex
+query_engine = VectorStoreIndex.from_documents(docs).as_query_engine()
+text = user_input
+query_engine.query(text)
+`)
+    const s = findSinkByType(sinks, 'prompt_construction')
+    expect(s).toBeDefined()
+  })
+
+  // Negative
+  it('does NOT flag static LLM calls with hardcoded messages', () => {
+    const sinks = getSinks(`
+from langchain_core.messages import SystemMessage
+msg = SystemMessage("You are a helpful assistant.")
+`)
+    const promptSink = sinks.find(s => s.sinkType === 'system_prompt' || s.sinkType === 'prompt_construction')
+    expect(promptSink).toBeUndefined()
+  })
+})
+
+// ============================================================================
+// Python LLM Taint Flow Tests
+// ============================================================================
+
+describe('Python LLM Taint Flow', () => {
+  // Prompt injection (user input → LLM prompt)
+  it('Flask request.form → OpenAI messages (user role) = no finding (user role is safe)', () => {
+    const ast = parsePython(`
+from flask import request
+from openai import OpenAI
+
+def chat():
+    user_msg = request.form['message']
+    client = OpenAI()
+    response = client.chat.completions.create(
+        model="gpt-4",
+        messages=[{"role": "user", "content": user_msg}]
+    )
+`, 'routes/chat.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const promptFinding = findings.find(f => [...f.matchingKinds].includes('prompt'))
+    // User-role messages are the intended place for user input — no prompt injection
+    expect(promptFinding).toBeUndefined()
+  })
+
+  it('Flask request.args → Anthropic system= keyword = prompt injection', () => {
+    const ast = parsePython(`
+from flask import request
+import anthropic
+
+def chat():
+    system_text = request.args['system']
+    client = anthropic.Anthropic()
+    response = client.messages.create(
+        model="claude-3",
+        system=system_text,
+        messages=[]
+    )
+`, 'routes/anthropic_chat.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const promptFinding = findings.find(f => [...f.matchingKinds].includes('prompt'))
+    expect(promptFinding).toBeDefined()
+    expect(promptFinding!.sink.sinkType).toBe('system_prompt')
+  })
+
+  it('Django request.POST → LangChain HumanMessage = prompt injection', () => {
+    const ast = parsePython(`
+from langchain_core.messages import HumanMessage
+
+def chat_view(request):
+    text = request.POST['message']
+    msg = HumanMessage(content=text)
+`, 'views/chat.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const promptFinding = findings.find(f => [...f.matchingKinds].includes('prompt'))
+    expect(promptFinding).toBeDefined()
+    expect(promptFinding!.sink.sinkType).toBe('prompt_construction')
+  })
+
+  it('FastAPI request.query_params → OpenAI messages (user role) = no finding (user role is safe)', () => {
+    const ast = parsePython(`
+from fastapi import FastAPI, Request
+from openai import OpenAI
+
+app = FastAPI()
+
+@app.get("/ask")
+async def ask(request: Request):
+    q = request.query_params
+    client = OpenAI()
+    response = client.chat.completions.create(
+        model="gpt-4",
+        messages=[{"role": "user", "content": q}]
+    )
+`, 'routes/ask.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const promptFinding = findings.find(f => [...f.matchingKinds].includes('prompt'))
+    // User-role messages are the intended place for user input — no prompt injection
+    expect(promptFinding).toBeUndefined()
+  })
+
+  it('multi-step: request.form → variable → f-string → SystemMessage', () => {
+    const ast = parsePython(`
+from flask import request
+from langchain_core.messages import SystemMessage
+
+def chat():
+    persona = request.form['persona']
+    prompt = f"You are a {persona}. Be helpful."
+    msg = SystemMessage(content=prompt)
+`, 'routes/multistep.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const promptFinding = findings.find(f => [...f.matchingKinds].includes('prompt'))
+    expect(promptFinding).toBeDefined()
+    expect(promptFinding!.sink.sinkType).toBe('system_prompt')
+  })
+
+  // Unsafe execution (LLM output → dangerous sink)
+  it('OpenAI response.choices[0].message.content → eval() = command taint', () => {
+    const ast = parsePython(`
+from openai import OpenAI
+
+def execute():
+    client = OpenAI()
+    response = client.chat.completions.create(
+        model="gpt-4",
+        messages=[{"role": "user", "content": "write code"}]
+    )
+    code = response.choices[0].message.content
+    eval(code)
+`, 'routes/exec.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const cmdFinding = findings.find(f => [...f.matchingKinds].includes('command'))
+    expect(cmdFinding).toBeDefined()
+    expect(cmdFinding!.source.sourceType).toBe('llm_output')
+  })
+
+  it('OpenAI response → subprocess.run() = command taint', () => {
+    const ast = parsePython(`
+from openai import OpenAI
+import subprocess
+
+def run_cmd():
+    client = OpenAI()
+    response = client.chat.completions.create(
+        model="gpt-4",
+        messages=[{"role": "user", "content": "give me a command"}]
+    )
+    cmd = response.choices[0].message.content
+    subprocess.run(cmd, shell=True)
+`, 'routes/run_cmd.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const cmdFinding = findings.find(f => [...f.matchingKinds].includes('command'))
+    expect(cmdFinding).toBeDefined()
+    expect(cmdFinding!.source.sourceType).toBe('llm_output')
+    expect(cmdFinding!.sink.sinkType).toBe('command_exec')
+  })
+
+  it('LLM output variable → cursor.execute(f-string) = sql taint', () => {
+    const ast = parsePython(`
+from openai import OpenAI
+import sqlite3
+
+def query_db():
+    client = OpenAI()
+    response = client.chat.completions.create(
+        model="gpt-4",
+        messages=[{"role": "user", "content": "generate SQL"}]
+    )
+    query = response.choices[0].message.content
+    conn = sqlite3.connect('db.sqlite')
+    cursor = conn.cursor()
+    cursor.execute(query)
+`, 'routes/query.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const sqlFinding = findings.find(f => [...f.matchingKinds].includes('sql'))
+    expect(sqlFinding).toBeDefined()
+    expect(sqlFinding!.source.sourceType).toBe('llm_output')
+    expect(sqlFinding!.sink.sinkType).toBe('sql_query')
+  })
+
+  // Negative cases
+  it('does NOT flag sanitized: input → int() → messages', () => {
+    const ast = parsePython(`
+from flask import request
+from openai import OpenAI
+
+def ask():
+    raw_count = request.form['count']
+    count = int(raw_count)
+    client = OpenAI()
+    response = client.chat.completions.create(
+        model="gpt-4",
+        messages=[{"role": "user", "content": count}]
+    )
+`, 'routes/sanitized.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const promptFinding = findings.find(f => [...f.matchingKinds].includes('prompt'))
+    expect(promptFinding).toBeUndefined()
+  })
+
+  it('does NOT flag hardcoded prompt: static string → OpenAI messages', () => {
+    const ast = parsePython(`
+from openai import OpenAI
+
+def safe_chat():
+    client = OpenAI()
+    response = client.chat.completions.create(
+        model="gpt-4",
+        messages=[{"role": "system", "content": "You are helpful."}]
+    )
+`, 'routes/safe.py')
+    const findings = analyzeTaintsForFile(ast, ast.filePath)
+    const promptFinding = findings.find(f => [...f.matchingKinds].includes('prompt'))
+    expect(promptFinding).toBeUndefined()
+  })
+})