Fix taint tracking configurations that broke due to interface change

2026-05-01 03:35:13 +02:00 · 2022-03-11 12:18:04 +01:00
parent cd28f09ae0
commit 93a0da75b6
4 changed files with 6 additions and 6 deletions
--- a/python/ql/lib/semmle/python/security/dataflow/PathInjection.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/PathInjection.qll
@@ -47,7 +47,7 @@ module PathInjection {

    override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }

-    override predicate isBarrier(DataFlow::Node node, DataFlow::FlowState state) {
+    override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) {
      // Block `NotNormalized` paths here, since they change state to `NormalizedUnchecked`
      node instanceof Path::PathNormalization and
      state instanceof NotNormalized
@@ -60,7 +60,7 @@ module PathInjection {
      guard instanceof SanitizerGuard
    }

-    override predicate isAdditionalFlowStep(
+    override predicate isAdditionalTaintStep(
      DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo,
      DataFlow::FlowState stateTo
    ) {
--- a/python/ql/src/experimental/semmle/python/security/injection/NoSQLInjection.qll
+++ b/python/ql/src/experimental/semmle/python/security/injection/NoSQLInjection.qll
@@ -19,13 +19,13 @@ module NoSQLInjection {
      state instanceof ConvertedToDict
    }

-    override predicate isBarrier(DataFlow::Node node, DataFlow::FlowState state) {
+    override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) {
      // Block `RemoteInput` paths here, since they change state to `ConvertedToDict`
      exists(Decoding decoding | decoding.getFormat() = "JSON" and node = decoding.getOutput()) and
      state instanceof RemoteInput
    }

-    override predicate isAdditionalFlowStep(
+    override predicate isAdditionalTaintStep(
      DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo,
      DataFlow::FlowState stateTo
    ) {