hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix tests

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2023-08-17 10:15:36 +02:00
parent 0443057608
commit 24f9f13790
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKey.ql
View File

@@ -35,11 +35,16 @@ module WebAppConstantSecretKeyConfig implements DataFlow::StateConfigSig {
}
predicate isBarrier(DataFlow::Node node) {
node.getLocation().getFile().inStdlib() or
node.getLocation().getFile().inStdlib()
or
// To reduce FP rate, the following was added
node.getLocation()
.getFile()
.getAbsolutePath()
.matches(["%test%", "%demo%", "%example%", "%sample%"])
.getRelativePath()
.matches(["%test%", "%demo%", "%example%", "%sample%"]) and
// but that also meant all data-flow nodes in query tests were excluded... so we had
// to add this:
not node.getLocation().getFile().getRelativePath().matches("%query-tests/Security/CWE-287%")
}
predicate isSink(DataFlow::Node sink, FlowState state) {