Python: do not add read steps for collections

2025-12-24 04:36:35 +01:00 · 2023-06-01 15:18:05 +02:00
parent 9cb83fcdc9
commit 6755bb32fb
1 changed files with 0 additions and 13 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
@@ -202,19 +202,6 @@ predicate containerStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
    obj = nodeTo.(DataFlow::PostUpdateNode).getPreUpdateNode() and
    call.getArg(0) = nodeFrom
  )
-  or
-  // Although flow through collections is modeled precisely using stores/reads, we still
-  // allow flow out of a _tainted_ collection. This is needed in order to support taint-
-  // tracking configurations where the source is a collection.
-  exists(DataFlow::Content c | DataFlowPrivate::readStep(nodeFrom, c, nodeTo) |
-    // c instanceof DataFlow::ListElementContent
-    // or
-    // c instanceof DataFlow::SetElementContent
-    // or
-    c instanceof DataFlow::DictionaryElementContent
-    // or
-    // c instanceof DataFlow::DictionaryElementAnyContent
-  )
 }

 /**