From 1764aa0caf76efadb056ec4920f1db5c6bb1265e Mon Sep 17 00:00:00 2001
From: Maiky <76447395+maikypedia@users.noreply.github.com>
Date: Sun, 17 Sep 2023 19:44:48 +0200
Subject: [PATCH] Fixing `NumpyLoadCall`

---
 .../ql/lib/semmle/python/frameworks/Numpy.qll | 26 +++++++++++--------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/python/ql/lib/semmle/python/frameworks/Numpy.qll b/python/ql/lib/semmle/python/frameworks/Numpy.qll
index 69737c19d96..9fbf0fa040a 100644
--- a/python/ql/lib/semmle/python/frameworks/Numpy.qll
+++ b/python/ql/lib/semmle/python/frameworks/Numpy.qll
@@ -17,22 +17,26 @@ private module Numpy {
   /**
    * A call to `numpy.load`
    * See https://pypi.org/project/numpy/
-   *
    */
-  private class PandasReadPickleCall extends Decoding::Range, DataFlow::CallCfgNode {
-    PandasReadPickleCall() {
-      this = API::moduleImport("numpy").getMember("load").getACall() and
-      this.getArgByName("allow_pickle").asExpr() = any(True t)
+  private class NumpyLoadCall extends Decoding::Range, API::CallNode {
+    NumpyLoadCall() { this = API::moduleImport("numpy").getMember("load").getACall() }
+
+    override predicate mayExecuteInput() {
+      this.getParameter(2, "allow_pickle")
+          .getAValueReachingSink()
+          .asExpr()
+          .(ImmutableLiteral)
+          .booleanValue() = true
     }
 
-    override predicate mayExecuteInput() { any() }
-
-    override DataFlow::Node getAnInput() {
-      result in [this.getArg(0), this.getArgByName("filename")]
-    }
+    override DataFlow::Node getAnInput() { result = this.getParameter(0, "filename").asSink() }
 
     override DataFlow::Node getOutput() { result = this }
 
-    override string getFormat() { result = "numpy" }
+    override string getFormat() {
+      result = "numpy"
+      or
+      this.mayExecuteInput() and result = "pickle"
+    }
   }
 }