Merge branch 'main' into useStringComp

python/ql/src/Security/CWE-022/TarSlip.ql

@@ -81,11 +81,11 @@ class ExcludeTarFilePy extends Sanitizer {
 
 /* Any call to an extractall method */
 class ExtractAllSink extends TaintSink {
-  CallNode call;
-
   ExtractAllSink() {
-    this = call.getFunction().(AttrNode).getObject("extractall") and
-    count(call.getAnArg()) = 0
+    exists(CallNode call |
+      this = call.getFunction().(AttrNode).getObject("extractall") and
+      not exists(call.getAnArg())
+    )
   }
 
   override predicate sinks(TaintKind kind) { kind instanceof OpenTarFile }

python/ql/src/analysis/Consistency.ql

@@ -194,7 +194,7 @@ predicate function_object_consistency(string clsname, string problem, string wha
   exists(FunctionObject func | clsname = func.getAQlClass() |
     what = func.getName() and
     (
-      count(func.descriptiveString()) = 0 and problem = "no descriptiveString()"
+      not exists(func.descriptiveString()) and problem = "no descriptiveString()"
       or
       exists(int c | c = strictcount(func.descriptiveString()) and c > 1 |
         problem = c + "descriptiveString()s"

python/ql/src/experimental/semmle/python/frameworks/Flask.qll

@@ -67,7 +67,10 @@ module ExperimentalFlask {
   private class FlaskResponse extends DataFlow::CallCfgNode, HeaderDeclaration::Range {
     KeyValuePair item;
 
-    FlaskResponse() { this = Flask::Response::classRef().getACall() }
+    FlaskResponse() {
+      this = Flask::Response::classRef().getACall() and
+      item = this.getArg(_).asExpr().(Dict).getAnItem()
+    }
 
     override DataFlow::Node getNameArg() { result.asExpr() = item.getKey() }