Avoid using Str_ internal class

2025-12-24 04:36:35 +01:00 · 2021-11-16 19:00:04 +01:00
parent 6ecb6d1a1b
commit a4204cc04f
2 changed files with 12 additions and 6 deletions
--- a/python/ql/src/experimental/semmle/python/frameworks/Django.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/Django.qll
@@ -175,9 +175,12 @@ private module PrivateDjango {
            }

            override predicate isSameSite() {
-              this.(DataFlow::CallCfgNode).getArgByName("samesite").asExpr().(Str_).getS() in [
-                  "Strict", "Lax"
-                ]
+              exists(StrConst str |
+                str.getText() in ["Strict", "Lax"] and
+                DataFlow::exprNode(str)
+                    .(DataFlow::LocalSourceNode)
+                    .flowsTo(this.(DataFlow::CallCfgNode).getArgByName("samesite"))
+              )
            }

            override DataFlow::Node getHeaderArg() { none() }
--- a/python/ql/src/experimental/semmle/python/frameworks/Flask.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/Flask.qll
@@ -121,9 +121,12 @@ module ExperimentalFlask {
    }

    override predicate isSameSite() {
-      this.(DataFlow::CallCfgNode).getArgByName("samesite").asExpr().(Str_).getS() in [
-          "Strict", "Lax"
-        ]
+      exists(StrConst str |
+        str.getText() in ["Strict", "Lax"] and
+        DataFlow::exprNode(str)
+            .(DataFlow::LocalSourceNode)
+            .flowsTo(this.(DataFlow::CallCfgNode).getArgByName("samesite"))
+      )
    }

    override DataFlow::Node getHeaderArg() { none() }