Apply suggestions from code review

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2025-12-21 19:26:31 +01:00 · 2023-07-13 12:23:00 +02:00
parent 7a717555aa
commit 69efddbaef
2 changed files with 8 additions and 12 deletions
--- a/python/ql/lib/change-notes/2023-07-12-aiohttp-improvements.md
+++ b/python/ql/lib/change-notes/2023-07-12-aiohttp-improvements.md
@@ -1,4 +1,4 @@
 ---
 category: minorAnalysis
 ---
-* Improvements of the `aiohttp` models including heuristic sources and new path manipulation and SSRF sinks.
+* Improvements of the `aiohttp` models including remote-flow-sources from type annotations, new path manipulation, and SSRF sinks.
--- a/python/ql/lib/semmle/python/frameworks/Aiohttp.qll
+++ b/python/ql/lib/semmle/python/frameworks/Aiohttp.qll
@@ -477,19 +477,15 @@ module AiohttpWebModel {
    DataFlow::ParameterNode, RemoteFlowSource::Range
  {
    AiohttpHeuristicRequestHandlerRequestParam() {
-      exists(FunctionExpr fe, int i |
-        // the API::Node is the annotation (type hint), we need to get the annotated parameter
-        fe.getArgs().getAnnotation(i) =
-          API::moduleImport("aiohttp")
-              .getMember("web")
-              .getMember("Request")
-              .getAValueReachableFromSource()
-              .asExpr() and
-        fe.getInnerScope().getArg(i) = this.getParameter()
-      )
+      this.getParameter().getAnnotation() =
+        API::moduleImport("aiohttp")
+            .getMember("web")
+            .getMember("Request")
+            .getAValueReachableFromSource()
+            .asExpr()
    }

-    override string getSourceType() { result = "aiohttp web request parameter" }
+    override string getSourceType() { result = "aiohttp.web.Request from type-annotation" }
  }

  /**