Revert "Python: Re-introduce syntactic handling of str/bytes/unicode"

This reverts commit c4987e94e0. Hoping that our new handling of builtins would solve this problem... but it did not :|
2025-12-19 10:23:15 +01:00 · 2021-06-14 14:18:07 +02:00
parent af13064f6a
commit 870389addb
2 changed files with 3 additions and 5 deletions
--- a/python/ql/src/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
+++ b/python/ql/src/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
@@ -77,11 +77,7 @@ predicate subscriptStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
 predicate stringManipulation(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
  // transforming something tainted into a string will make the string tainted
  exists(DataFlow::CallCfgNode call | call = nodeTo |
-    (
-      call = API::builtin(["str", "bytes", "unicode"]).getACall()
-      or
-      call.getFunction().asCfgNode().(NameNode).getId() in ["str", "bytes", "unicode"]
-    ) and
+    call = API::builtin(["str", "bytes", "unicode"]).getACall() and
    nodeFrom in [call.getArg(0), call.getArgByName("object")]
  )
  or
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/InlineTaintTest.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/InlineTaintTest.expected
@@ -1,3 +1,5 @@
 argumentToEnsureNotTaintedNotMarkedAsSpurious
 untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+| test_string.py:35:9:35:19 | test_string.py:35 | ERROR, you should add `# $ MISSING: tainted` annotation | unicode(..) |
 failures
+| test_string.py:35:22:35:32 | Comment # $ tainted | Missing result:tainted= |