python: handle guards compared to boolean literals

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll

@@ -595,7 +595,8 @@ ControlFlowNode guardNode(ConditionBlock conditionBlock, boolean flipped) {
   result = conditionBlock.getLastNode() and
   flipped = false
   or
-  // Recursive case: if a guard node is a `not`-expression,
+  // Recursive cases:
+  // if a guard node is a `not`-expression,
   // the operand is also a guard node, but with inverted polarity.
   exists(UnaryExprNode notNode |
     result = notNode.getOperand() and
@@ -603,6 +604,33 @@ ControlFlowNode guardNode(ConditionBlock conditionBlock, boolean flipped) {
   |
     notNode = guardNode(conditionBlock, flipped.booleanNot())
   )
+  or
+  // if a guard node is compared to a boolean literal,
+  // the other operand is also a guard node,
+  // but with polarity depending on the literal (and on the comparison).
+  exists(CompareNode cmpNode, Cmpop op, ControlFlowNode b, boolean bool |
+    (
+      cmpNode.operands(result, op, b) or
+      cmpNode.operands(b, op, result)
+    ) and
+    not result.getNode() instanceof BooleanLiteral and
+    (
+      // comparing to the boolean
+      (op instanceof Eq or op instanceof Is) and
+      // `bool` is the value being compared against, here the value of `b`
+      b.getNode().(BooleanLiteral).booleanValue() = bool
+      or
+      // comparing to the negation of the boolean
+      (op instanceof NotEq or op instanceof IsNot) and
+      // again, `bool` is the value being compared against, but here it is the value of `not b`
+      b.getNode().(BooleanLiteral).booleanValue() = bool.booleanNot()
+    )
+  |
+    // if `bool` is true, we should preserve `flipped`, otherwise we should flip it
+    // `flipped xor (not bool)` achieves that.
+    flipped in [true, false] and
+    cmpNode = guardNode(conditionBlock, flipped.booleanXor(bool.booleanNot()))
+  )
 }
 
 /**