hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Use explicit argument specification instead of getAnArg

Browse Source 
I've seen quite a few places where `getAnArg` leads to wrong behavior, and I
generally just don't like it.
This commit is contained in:
Rasmus Wriedt Larsen
2021-02-24 10:19:34 +01:00
parent c3d2001e85
commit 5bb4a1a45a
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql
View File

@@ -24,8 +24,9 @@ private API::Node paramikoSSHClientInstance() {
from DataFlow::CallCfgNode call, DataFlow::Node arg, string name
where
// see http://docs.paramiko.org/en/stable/api/client.html#paramiko.client.SSHClient.set_missing_host_key_policy
call = paramikoSSHClientInstance().getMember("set_missing_host_key_policy").getACall() and
arg = call.getAnArg() and
arg in [call.getArg(0), call.getArgByName("policy")] and
(
arg = unsafe_paramiko_policy(name).getAUse() or
arg = unsafe_paramiko_policy(name).getReturn().getAUse()