hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add support for x != "safe" BarrierGuard

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-11-23 10:20:43 +01:00
parent 18041fd059
commit 431aab45f7
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
View File

@@ -360,17 +360,22 @@ module BarrierGuard {
/** A validation of unknown node by comparing with a constant string value. */
class StringConstCompare extends BarrierGuard, CompareNode {
ControlFlowNode checked_node;
boolean safe_branch;
StringConstCompare() {
exists(StrConst str_const |
this.operands(str_const.getAFlowNode(), any(Eq eq), checked_node)
exists(StrConst str_const, Cmpop op |
op = any(Eq eq) and safe_branch = true
or
this.operands(checked_node, any(Eq eq), str_const.getAFlowNode())
op = any(NotEq ne) and safe_branch = false
|
this.operands(str_const.getAFlowNode(), op, checked_node)
or
this.operands(checked_node, op, str_const.getAFlowNode())
)
}
override predicate checks(ControlFlowNode node, boolean branch) {
node = checked_node and branch = true
node = checked_node and branch = safe_branch
}
}
}