hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add workaround.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2024-10-16 16:14:51 +02:00
parent 42d35f8b9d
commit 4153a83a4f
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
View File

@@ -233,7 +233,12 @@ private module SpeculativeTaintFlow {
predicate speculativeTaintStep(DataFlow::Node src, DataFlow::Node sink) {
exists(DataFlowDispatch::DataFlowCall call, DataFlowDispatch::ArgumentPosition argpos |
// TODO: exclude neutrals and anything that has QL modeling.
not exists(DataFlowDispatch::viableCallable(call)) and
not exists(DataFlowDispatch::DataFlowCall call0 |
// Workaround for the fact that python currently associates several
// DataFlowCalls with a single call.
src.(DataFlowPublic::ArgumentNode).argumentOf(call0, _) and
exists(DataFlowDispatch::viableCallable(call0))
) and
call instanceof DataFlowDispatch::PotentialLibraryCall and
src.(DataFlowPublic::ArgumentNode).argumentOf(call, argpos)
|