Python: conversion step for format_map

and adjust collection test

Author: yoff

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll

@@ -1025,6 +1025,12 @@ module Conversions {
       fmt.getRight() = nodeFrom.asCfgNode()
     ) and
     c instanceof TupleElementContent
+    or
+    // format_map
+    // see https://docs.python.org/3/library/stdtypes.html#str.format_map
+    nodeTo.(MethodCallNode).calls(_, "format_map") and
+    nodeTo.(MethodCallNode).getArg(0) = nodeFrom and
+    c instanceof DictionaryElementContent
   }
 
   predicate readStep(Node nodeFrom, ContentSet c, Node nodeTo) {

python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep-py3/test_string.py

@@ -17,7 +17,7 @@ def str_methods():
         ts.casefold(), # $ tainted
 
         ts.format_map({}), # $ tainted
-        "{unsafe}".format_map({"unsafe": ts}), # $ MISSING: tainted
+        "{unsafe}".format_map({"unsafe": ts}), # $ tainted
     )
 
 

python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py

@@ -27,12 +27,14 @@ def test_construction():
         tainted_dict, # $ tainted
     )
 
+    # There are no implicit reads for list content as it is imprecise
+    # Therefore, list content stemming from precise content does not end up on the list itself. 
     ensure_tainted(
         list(tainted_list), # $ tainted
-        list(tainted_tuple), # $ MISSING: tainted
+        list(tainted_tuple)[0], # $ tainted
         list(tainted_set), # $ tainted
-        list(tainted_dict.values()), # $ MISSING: tainted
-        list(tainted_dict.items()), # $ MISSING: tainted
+        list(tainted_dict.values())[0], # $ tainted
+        list(tainted_dict.items())[0], # $ tainted
 
         tuple(tainted_list), # $ tainted
         set(tainted_list), # $ tainted