Python: Apply suggestions from code review

Co-authored-by: yoff <lerchedahl@gmail.com>
2025-12-18 01:33:15 +01:00 · 2022-03-01 15:50:21 +01:00
parent 3e71d7f9bb
commit 2309f67e9b
1 changed files with 2 additions and 6 deletions
--- a/python/ql/lib/semmle/python/frameworks/Django.qll
+++ b/python/ql/lib/semmle/python/frameworks/Django.qll
@@ -584,7 +584,7 @@ module PrivateDjango {
         * - https://docs.djangoproject.com/en/3.1/ref/models/fields/#django.db.models.ImageField
         */
        module FileField {
-          /** Gets a reference to the `flask.views.View` class or any subclass. */
+          /** Gets a reference to the `django.db.models.FileField` or  the `django.db.models.ImageField` class or any subclass. */
          API::Node subclassRef() {
            exists(string className | className in ["FileField", "ImageField"] |
              // commonly used alias
@@ -2288,11 +2288,7 @@ module PrivateDjango {
      exists(DataFlow::CallCfgNode call, DataFlow::Node uploadToArg, Function func |
        this.getParameter() = func.getArg(1) and
        call = django::db::models::FileField::subclassRef().getACall() and
-        (
-          uploadToArg = call.getArg(2)
-          or
-          uploadToArg = call.getArgByName("upload_to")
-        ) and
+        uploadToArg in [call.getArg(2), call.getArgByName("upload_to")] and
        uploadToArg = poorMansFunctionTracker(func)
      )
    }