hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Python: Re-introduce syntactic handling of str/bytes/unicode"

Browse Source 
This reverts commit c4987e94e0.

Hoping that our new handling of builtins would solve this problem... but
it did not :|
This commit is contained in:
Rasmus Wriedt Larsen
2021-06-14 14:18:07 +02:00
parent af13064f6a
commit 870389addb
2 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/src/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
View File

@@ -77,11 +77,7 @@ predicate subscriptStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
predicate stringManipulation(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
// transforming something tainted into a string will make the string tainted
exists(DataFlow::CallCfgNode call | call = nodeTo |
(
call = API::builtin(["str", "bytes", "unicode"]).getACall()
or
call.getFunction().asCfgNode().(NameNode).getId() in ["str", "bytes", "unicode"]
) and
call = API::builtin(["str", "bytes", "unicode"]).getACall() and
nodeFrom in [call.getArg(0), call.getArgByName("object")]
)
or