From a4204cc04f3dd7886017e1db6d7787354ca673d4 Mon Sep 17 00:00:00 2001 From: jorgectf Date: Tue, 16 Nov 2021 19:00:04 +0100 Subject: [PATCH] Avoid using `Str_` internal class --- .../src/experimental/semmle/python/frameworks/Django.qll | 9 ++++++--- .../src/experimental/semmle/python/frameworks/Flask.qll | 9 ++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/python/ql/src/experimental/semmle/python/frameworks/Django.qll b/python/ql/src/experimental/semmle/python/frameworks/Django.qll index 1c2d13f76cf..2fef35d276c 100644 --- a/python/ql/src/experimental/semmle/python/frameworks/Django.qll +++ b/python/ql/src/experimental/semmle/python/frameworks/Django.qll @@ -175,9 +175,12 @@ private module PrivateDjango { } override predicate isSameSite() { - this.(DataFlow::CallCfgNode).getArgByName("samesite").asExpr().(Str_).getS() in [ - "Strict", "Lax" - ] + exists(StrConst str | + str.getText() in ["Strict", "Lax"] and + DataFlow::exprNode(str) + .(DataFlow::LocalSourceNode) + .flowsTo(this.(DataFlow::CallCfgNode).getArgByName("samesite")) + ) } override DataFlow::Node getHeaderArg() { none() } diff --git a/python/ql/src/experimental/semmle/python/frameworks/Flask.qll b/python/ql/src/experimental/semmle/python/frameworks/Flask.qll index c07abc0e177..b9283dafd92 100644 --- a/python/ql/src/experimental/semmle/python/frameworks/Flask.qll +++ b/python/ql/src/experimental/semmle/python/frameworks/Flask.qll @@ -121,9 +121,12 @@ module ExperimentalFlask { } override predicate isSameSite() { - this.(DataFlow::CallCfgNode).getArgByName("samesite").asExpr().(Str_).getS() in [ - "Strict", "Lax" - ] + exists(StrConst str | + str.getText() in ["Strict", "Lax"] and + DataFlow::exprNode(str) + .(DataFlow::LocalSourceNode) + .flowsTo(this.(DataFlow::CallCfgNode).getArgByName("samesite")) + ) } override DataFlow::Node getHeaderArg() { none() }