hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Use new MethodCallNode in TaintTrackingPrivate

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-06-22 15:12:35 +02:00
parent 0b767bb853
commit 3b41c2f204
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/ql/src/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
View File

@@ -165,20 +165,20 @@ predicate containerStep(DataFlow::CfgNode nodeFrom, DataFlow::Node nodeTo) {
)
or
// methods
exists(DataFlow::CallCfgNode call, string name | call = nodeTo |
name in [
exists(DataFlow::MethodCallNode call, string methodName | call = nodeTo |
methodName in [
// general
"copy", "pop",
// dict
"values", "items", "get", "popitem"
] and
call.getFunction().(DataFlow::AttrRead).getObject(name) = nodeFrom
call.calls(nodeFrom, methodName)
)
or
// list.append, set.add
exists(DataFlow::CallCfgNode call, string name |
name in ["append", "add"] and
call.getFunction().(DataFlow::AttrRead).getObject(name).getPostUpdateNode() = nodeTo and
exists(DataFlow::MethodCallNode call, DataFlow::Node obj |
call.calls(obj, ["append", "add"]) and
obj.getPostUpdateNode() = nodeTo and
call.getArg(0) = nodeFrom
)
}