Python: Remove code that adds taint to unrelated ControlFlowNode

The problem with the deleted code is that it would add flow to what might be an unrelated ControlFlowNode, which is illustrated in the query below (that gives results on flask) from ControlFlowNode arg, CallNode call, CallNode other_call where call.getNode().getAKeyword().getValue() = arg.getNode() and not call.getAnArg() = arg and other_call.getAnArg() = arg and not other_call = call select call, arg, other_call
2026-05-01 03:35:13 +02:00 · 2020-03-09 15:27:31 +01:00
parent cac5d00ca2
commit 0ce8e9180b
1 changed files with 0 additions and 3 deletions
--- a/python/ql/src/semmle/python/security/strings/Basic.qll
+++ b/python/ql/src/semmle/python/security/strings/Basic.qll
@@ -73,9 +73,6 @@ private predicate str_format(ControlFlowNode fromnode, CallNode tonode) {
    tonode.getFunction().(AttrNode).getName() = "format" and
    (
        tonode.getAnArg() = fromnode
-        or
-        // TODO: if this case is not covered by tonode.getAnArg(), we should change it so it is :\
-        tonode.getNode().getAKeyword().getValue() = fromnode.getNode()
    )
 }