Python: Fix false positive for py/use-of-input.

Fixes #1969. The points-to analysis does not know that the assignment `input = raw_input` cannot fail under Python 2, and so there are two possible values that `input` could point-to after exiting the exception handler: the built-in `input`, or the built-in `raw_input`. In the latter case we do not want to report the alert, and so adding a check that the given function does not point-to the built-in `raw_input` suffices.
2026-04-30 11:15:13 +02:00 · 2019-11-22 16:46:20 +01:00
parent 77c869f528
commit 67647bda66
2 changed files with 14 additions and 1 deletions
--- a/python/ql/src/Expressions/UseofInput.ql
+++ b/python/ql/src/Expressions/UseofInput.ql
@@ -14,5 +14,8 @@ import python

 from CallNode call, Context context, ControlFlowNode func
 where
-context.getAVersion().includes(2, _) and call.getFunction() = func and func.refersTo(context, Object::builtin("input"), _, _)
+    context.getAVersion().includes(2, _) and
+    call.getFunction() = func and
+    func.pointsTo(context, Value::named("input"), _) and
+    not func.pointsTo(context, Value::named("raw_input"), _)
 select call, "The unsafe built-in function 'input' is used."