Python: Highlight problem picking DataFlow::Node for Assign

2026-05-01 11:45:14 +02:00 · 2021-06-29 15:32:16 +02:00
parent 9573048ee8
commit 94bcda3bae
2 changed files with 6 additions and 4 deletions
--- a/python/ql/src/semmle/python/frameworks/Aiohttp.qll
+++ b/python/ql/src/semmle/python/frameworks/Aiohttp.qll
@@ -646,8 +646,9 @@ module AiohttpWebModel {

    AiohttpResponseCookieSubscriptWrite() {
      exists(Assign assign, Subscript subscript |
-        // there doesn't seem to be any _good_ choice for `this`, so just picking the
-        // whole subscript...
+        // Since there is no `DataFlow::Node` for the assign (since it's a statement,
+        // and not an expression) there doesn't seem to be any _good_ choice for `this`,
+        // so just picking the whole subscript...
        this.asExpr() = subscript
      |
        assign.getATarget() = subscript and
--- a/python/ql/src/semmle/python/frameworks/Django.qll
+++ b/python/ql/src/semmle/python/frameworks/Django.qll
@@ -1413,8 +1413,9 @@ private module PrivateDjango {

          DjangoResponseCookieSubscriptWrite() {
            exists(Assign assign, Subscript subscript, DataFlow::AttrRead cookieLookup |
-              // there doesn't seem to be any _good_ choice for `this`, so just picking the
-              // whole subscript...
+              // Since there is no `DataFlow::Node` for the assign (since it's a statement,
+              // and not an expression) there doesn't seem to be any _good_ choice for `this`,
+              // so just picking the whole subscript...
              this.asExpr() = subscript
            |
              cookieLookup.getAttributeName() = "cookies" and