Python: Simplify charpred for LocalSourceNode

The somewhat convoluted `comes_from_cfgnode` was originally introduced in order to have local sources for instances of global variables. This was needed because global variables have an implicit "scope entry" SSA definition that flows to the first actual use of the variable (and so would not fit the strict "has no incoming flow" definition of a local source node). However, a subsequent change means that we include all global variable reads anyway, and so the old definition is no longer needed. (See commit 3fafb47b16 for further context.)
2025-12-20 10:46:30 +01:00 · 2021-04-20 13:15:50 +00:00
parent 038bf612be
commit 38548c9acd
1 changed files with 1 additions and 8 deletions
--- a/python/ql/src/semmle/python/dataflow/new/internal/LocalSources.qll
+++ b/python/ql/src/semmle/python/dataflow/new/internal/LocalSources.qll
@@ -10,13 +10,6 @@ import python
 import DataFlowPublic
 private import DataFlowPrivate

-private predicate comes_from_cfgnode(Node node) {
-  exists(CfgNode first, Node second |
-    simpleLocalFlowStep(first, second) and
-    simpleLocalFlowStep*(second, node)
-  )
-}
-
 /**
 * A data flow node that is a source of local flow. This includes things like
 * - Expressions
@@ -40,7 +33,7 @@ private predicate comes_from_cfgnode(Node node) {
 class LocalSourceNode extends Node {
  cached
  LocalSourceNode() {
-    not comes_from_cfgnode(this) and
+    not simpleLocalFlowStep(_, this) and
    // Currently, we create synthetic post-update nodes for
    // - arguments to calls that may modify said argument
    // - direct reads a writes of object attributes