Python: Fix "use set literal" warnings

2026-05-04 21:25:44 +02:00 · 2022-03-04 12:26:36 +00:00
parent 821de636af
commit 20710616c5
2 changed files with 19 additions and 49 deletions
--- a/python/ql/lib/semmle/python/security/strings/External.qll
+++ b/python/ql/lib/semmle/python/security/strings/External.qll
@@ -79,18 +79,12 @@ deprecated class ExternalUrlSplitResult extends ExternalStringSequenceKind {
  override TaintKind getTaintOfAttribute(string name) {
    result = super.getTaintOfAttribute(name)
    or
-    (
-      // namedtuple field names
-      name = "scheme" or
-      name = "netloc" or
-      name = "path" or
-      name = "query" or
-      name = "fragment" or
-      // class methods
-      name = "username" or
-      name = "password" or
-      name = "hostname"
-    ) and
+    name in [
+        // namedtuple field names
+        "scheme", "netloc", "path", "query", "fragment",
+        // class methods
+        "password", "username", "hostname",
+      ] and
    result instanceof ExternalStringKind
  }

@@ -108,19 +102,12 @@ deprecated class ExternalUrlParseResult extends ExternalStringSequenceKind {
  override TaintKind getTaintOfAttribute(string name) {
    result = super.getTaintOfAttribute(name)
    or
-    (
-      // namedtuple field names
-      name = "scheme" or
-      name = "netloc" or
-      name = "path" or
-      name = "params" or
-      name = "query" or
-      name = "fragment" or
-      // class methods
-      name = "username" or
-      name = "password" or
-      name = "hostname"
-    ) and
+    name in [
+        // namedtuple field names
+        "scheme", "netloc", "path", "params", "query", "fragment",
+        // class methods
+        "username", "password", "hostname",
+      ] and
    result instanceof ExternalStringKind
  }

--- a/python/ql/src/Variables/ShadowBuiltin.ql
+++ b/python/ql/src/Variables/ShadowBuiltin.ql
@@ -17,30 +17,13 @@ import Shadowing
 import semmle.python.types.Builtins

 predicate allow_list(string name) {
-  /* These are rarely used and thus unlikely to be confusing */
-  name = "iter" or
-  name = "next" or
-  name = "input" or
-  name = "file" or
-  name = "apply" or
-  name = "slice" or
-  name = "buffer" or
-  name = "coerce" or
-  name = "intern" or
-  name = "exit" or
-  name = "quit" or
-  name = "license" or
-  /* These are short and/or hard to avoid */
-  name = "dir" or
-  name = "id" or
-  name = "max" or
-  name = "min" or
-  name = "sum" or
-  name = "cmp" or
-  name = "chr" or
-  name = "ord" or
-  name = "bytes" or
-  name = "_"
+  name in [
+      /* These are rarely used and thus unlikely to be confusing */
+      "iter", "next", "input", "file", "apply", "slice", "buffer", "coerce", "intern", "exit",
+      "quit", "license",
+      /* These are short and/or hard to avoid */
+      "dir", "id", "max", "min", "sum", "cmp", "chr", "ord", "bytes", "_",
+    ]
 }

 predicate shadows(Name d, string name, Function scope, int line) {