feat: add Tornado checker

resource/checker/checker-config.json

@@ -135,6 +135,11 @@
     "checkerPath": "checker/taint/python/django-taint-checker.ts",
     "description": "python Django框架 entrypoint采集以及框架source添加"
   },
+  {
+    "checkerId": "taint_flow_python_tornado_input",
+    "checkerPath": "checker/taint/python/tornado-taint-checker.ts",
+    "description": "python Tornado框架 entrypoint采集以及框架source添加"
+  },
   {
     "checkerId": "taint_flow_test",
     "checkerPath": "checker/taint/test-taint-checker.ts",

resource/checker/checker-pack-config.json

@@ -86,6 +86,7 @@
     "checkerIds": [
       "taint_flow_python_input",
       "taint_flow_python_django_input",
+      "taint_flow_python_tornado_input",
       "callgraph",
       "sanitizer"
     ],
@@ -96,6 +97,7 @@
     "checkerIds": [
       "taint_flow_python_input_inner",
       "taint_flow_python_django_input",
+      "taint_flow_python_tornado_input",
       "callgraph",
       "sanitizer"
     ],

resource/example-rule-config/rule_config_python.json

@@ -1,6 +1,11 @@
 [
   {
-    "checkerIds": ["taint_flow_python_input", "taint_flow_python_input_inner", "taint_flow_python_django_input"],
+    "checkerIds": [
+      "taint_flow_python_input",
+      "taint_flow_python_input_inner",
+      "taint_flow_python_django_input",
+      "taint_flow_python_tornado_input"
+    ],
     "sources": {
       "FuncCallReturnValueTaintSource": [
         {

src/checker/taint/python/python-taint-abstract-checker.ts

@@ -21,7 +21,36 @@ class PythonTaintAbstractChecker extends TaintChecker {
    * @param info
    */
   triggerAtIdentifier(analyzer: any, scope: any, node: any, state: any, info: any) {
+    // Try normal matching first
     IntroduceTaint.introduceTaintAtIdentifier(node, info.res, this.sourceScope.value)
+
+    // If preprocess is not ready, still mark parameters that are in sourceScope
+    const BasicRuleHandler = require('../../common/rules-basic-handler')
+    if (!BasicRuleHandler.getPreprocessReady() && this.sourceScope.value && this.sourceScope.value.length > 0) {
+      for (const source of this.sourceScope.value) {
+        // Check if kind matches (could be string or array)
+        const kindMatches =
+          source.kind === 'PYTHON_INPUT' || (Array.isArray(source.kind) && source.kind.includes('PYTHON_INPUT'))
+
+        if (source.path === node.name && kindMatches) {
+          // For path parameters, we use 'all' for all scope conditions, so always match
+          const shouldMatch =
+            (source.scopeFile === 'all' || !source.scopeFile) &&
+            (source.scopeFunc === 'all' || !source.scopeFunc) &&
+            (source.locStart === 'all' || !source.locStart) &&
+            (source.locEnd === 'all' || !source.locEnd)
+
+          if (shouldMatch && (!info.res._tags || info.res._tags.size === 0)) {
+            if (!info.res._tags) {
+              info.res._tags = new Set()
+            }
+            info.res._tags.add('PYTHON_INPUT')
+            info.res.hasTagRec = true
+            break
+          }
+        }
+      }
+    }
   }
 
   /**