From 719b8a499533b2e58f260481ac621d5bad2cad16 Mon Sep 17 00:00:00 2001
From: CyanM0un <1544130024@qq.com>
Date: Sun, 15 Feb 2026 14:35:34 +0000
Subject: [PATCH] fix: source match, importProcess and __class__ support

---
 src/checker/taint/common-kit/source-util.ts          |  6 ++++++
 src/engine/analyzer/python/common/python-analyzer.ts | 10 ++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/checker/taint/common-kit/source-util.ts b/src/checker/taint/common-kit/source-util.ts
index 1eb2fa15..d185f751 100644
--- a/src/checker/taint/common-kit/source-util.ts
+++ b/src/checker/taint/common-kit/source-util.ts
@@ -134,6 +134,12 @@ function introduceFuncArgTaintByRuleConfig(scope: any, node: any, res: any, func
             }
             break
           }
+        } else if (call.name === tspec.fsig) {
+          const args = prepareArgs(res, undefined, tspec)
+          for (let i = 0; i < args.length; i++) {
+            markTaintSource(args[i], { path: node, kind: tspec.kind })
+          }
+          break
         }
       }
     }
diff --git a/src/engine/analyzer/python/common/python-analyzer.ts b/src/engine/analyzer/python/common/python-analyzer.ts
index 4e3949ed..b847f327 100644
--- a/src/engine/analyzer/python/common/python-analyzer.ts
+++ b/src/engine/analyzer/python/common/python-analyzer.ts
@@ -475,9 +475,15 @@ class PythonAnalyzer extends (Analyzer as any) {
 
       let targetPath = normalizedPath
       if (!targetPath.endsWith('.py')) {
+        const mouduleFile = `${targetPath}/${modulePath}.py`
+        const moduleInitFile = path.join(`${targetPath}/${modulePath}`, '__init__.py')
         // 可能是包目录，检查是否有 __init__.py
         const initFile = path.join(targetPath, '__init__.py')
-        if (this.fileList.some((f: string) => path.normalize(f) === path.normalize(initFile))) {
+        if (this.fileList.some((f: string) => path.normalize(f) === path.normalize(mouduleFile))) {
+          targetPath = mouduleFile
+        } else if (this.fileList.some((f: string) => path.normalize(f) === path.normalize(moduleInitFile))) {
+          targetPath = moduleInitFile
+        } else if (this.fileList.some((f: string) => path.normalize(f) === path.normalize(initFile))) {
           targetPath = initFile
         } else {
           // 尝试添加 .py 扩展名
@@ -557,7 +563,7 @@ class PythonAnalyzer extends (Analyzer as any) {
     } else if (prop.type !== 'Identifier' && prop.type !== 'Literal') {
       resolved_prop = this.processInstruction(scope, prop, state)
     }
-    if (prop.type === 'Identifier' && prop.name === '__init__' && prop.parent?.parent?.type === 'CallExpression') {
+    if (prop.type === 'Identifier' && (prop.name === '__init__' || prop.name === '__class__') && prop.parent?.parent?.type === 'CallExpression') {
       resolved_prop.name = '_CTOR_'
     }
     if (!resolved_prop) return defscope