hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2419 from tausbn/python-fix-use-of-input-fp

Browse Source 
Python: Fix false positive for `py/use-of-input`.
This commit is contained in:
Rasmus Wriedt Larsen
2019-11-25 12:08:39 +01:00
committed by GitHub
parent 8f3998915b 67647bda66
commit 0f91139055
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/src/Expressions/UseofInput.ql
View File

@@ -14,5 +14,8 @@ import python
from CallNode call, Context context, ControlFlowNode func
where
context.getAVersion().includes(2, _) and call.getFunction() = func and func.refersTo(context, Object::builtin("input"), _, _)
context.getAVersion().includes(2, _) and
call.getFunction() = func and
func.pointsTo(context, Value::named("input"), _) and
not func.pointsTo(context, Value::named("raw_input"), _)
select call, "The unsafe built-in function 'input' is used."