Python: fix QL alerts

2026-04-30 19:26:02 +02:00 · 2022-09-12 23:53:42 +02:00
parent 2e9c60de6c
commit 03c243175b
5 changed files with 5 additions and 11 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
@@ -78,7 +78,7 @@ module SyntheticPreUpdateNode {
   * that is mapped to the `self` parameter. That way, constructor calls represent the value of the
   * object after the constructor (currently only `__init__`) has run.
   */
-  CfgNode objectCreationNode() { result.getNode().(CallNode) = any(ClassCall c).getNode() }
+  CfgNode objectCreationNode() { result.getNode() = any(ClassCall c).getNode() }
 }

 import SyntheticPreUpdateNode
--- a/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll
@@ -255,7 +255,7 @@ predicate iterableUnpackingAssignmentFlowStep(Node nodeFrom, Node nodeTo) {
 */
 predicate iterableUnpackingForReadStep(CfgNode nodeFrom, Content c, Node nodeTo) {
  exists(ForTarget target |
-    nodeFrom.(CfgNode).getNode().getNode() = target.getSource() and
+    nodeFrom.getNode().getNode() = target.getSource() and
    target instanceof SequenceNode and
    nodeTo = TIterableSequenceNode(target)
  ) and
--- a/python/ql/test/experimental/dataflow/TestUtil/NormalTaintTrackingTest.qll
+++ b/python/ql/test/experimental/dataflow/TestUtil/NormalTaintTrackingTest.qll
@@ -13,7 +13,7 @@ class DataFlowTest extends FlowTest {
  }
 }

-query predicate missingAnnotationOnSINK(Location location, string error, string element) {
+query predicate missingAnnotationOnSink(Location location, string error, string element) {
  error = "ERROR, you should add `# $ MISSING: flow` annotation" and
  exists(DataFlow::Node sink |
    exists(DataFlow::CallCfgNode call |
--- a/python/ql/test/experimental/dataflow/TestUtil/RoutingTest.qll
+++ b/python/ql/test/experimental/dataflow/TestUtil/RoutingTest.qll
@@ -49,12 +49,6 @@ abstract class RoutingTest extends InlineExpectationsTest {

  pragma[inline]
  private string toFunc(DataFlow::Node toNode) {
-    result =
-      toNode
-          .getEnclosingCallable()
-          .(DataFlowPrivate::DataFlowCallable)
-          .getCallableValue()
-          .getScope()
-          .getQualifiedName() // TODO: More robust pretty printing?
+    result = toNode.getEnclosingCallable().getCallableValue().getScope().getQualifiedName() // TODO: More robust pretty printing?
  }
 }
--- a/python/ql/test/experimental/dataflow/testTaintConfig.qll
+++ b/python/ql/test/experimental/dataflow/testTaintConfig.qll
@@ -8,7 +8,7 @@
 *      s = SOURCE
 *      SINK(s)
 * ```
- * `SOURCE` will be a source and the second occurance of `s` will be a sink.
+ * `SOURCE` will be a source and the second occurrence of `s` will be a sink.
 *
 * In order to test literals, alternative sources are defined for each type:
 *