Python: Alter disablesCertificateValidation to fit our needs

For the snippet below, our current query is able to show _why_ we consider `var` to be a falsey value that would disable SSL/TLS verification. I'm not sure we're going to need the part that Ruby did, for being able to specify _where_ the verification was removed, but we'll see. ``` requests.get(url, verify=var) ```
2026-05-03 12:45:27 +02:00 · 2021-12-13 11:25:55 +01:00
parent 08f6d1ab80
commit 7bf285a52e
2 changed files with 25 additions and 6 deletions
--- a/python/ql/test/experimental/meta/ConceptsTest.qll
+++ b/python/ql/test/experimental/meta/ConceptsTest.qll
@@ -479,7 +479,9 @@ class CryptographicOperationTest extends InlineExpectationsTest {
 class HttpClientRequestTest extends InlineExpectationsTest {
  HttpClientRequestTest() { this = "HttpClientRequestTest" }

-  override string getARelevantTag() { result = "clientRequestUrl" }
+  override string getARelevantTag() {
+    result in ["clientRequestUrl", "clientRequestDisablesCertValidation"]
+  }

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    exists(location.getFile().getRelativePath()) and
@@ -490,5 +492,14 @@ class HttpClientRequestTest extends InlineExpectationsTest {
      value = prettyNodeForInlineTest(url) and
      tag = "clientRequestUrl"
    )
+    or
+    exists(location.getFile().getRelativePath()) and
+    exists(HTTP::Client::Request req, DataFlow::Node disablingNode |
+      req.disablesCertificateValidation(disablingNode, _) and
+      location = disablingNode.getLocation() and
+      element = disablingNode.toString() and
+      value = prettyNodeForInlineTest(disablingNode) and
+      tag = "clientRequestDisablesCertValidation"
+    )
  }
 }