Python: Deprecate StringDictKind

This QL ```codeql import python import semmle.python.dataflow.TaintTracking import semmle.python.security.strings.Untrusted from CollectionKind ck where ck.(DictKind).getMember() instanceof StringKind or ck.getMember().(DictKind).getMember() instanceof StringKind select ck, ck.getAQlClass(), ck.getMember().getAQlClass() ``` generates these 6 results. ``` 1 {externally controlled string} ExternalStringDictKind UntrustedStringKind 2 {externally controlled string} StringDictKind UntrustedStringKind 3 [{externally controlled string}] SequenceKind ExternalStringDictKind 4 [{externally controlled string}] SequenceKind StringDictKind 5 {{externally controlled string}} DictKind ExternalStringDictKind 6 {{externally controlled string}} DictKind StringDictKind ``` StringDictKind was only used in *one* place in our library code. As illustrated above, it pollutes our set of TaintKinds. Effectively, every time we make a flow-step for dictionaries with tainted strings as values, we do it TWICE -- once for ExternalStringDictKind, and once for StringDictKind... that is just a waste.
2026-04-30 19:26:02 +02:00 · 2020-05-29 12:01:14 +02:00
parent 87bc8ae28d
commit b083c01520
2 changed files with 7 additions and 3 deletions
--- a/python/ql/src/semmle/python/security/strings/Basic.qll
+++ b/python/ql/src/semmle/python/security/strings/Basic.qll
@@ -107,7 +107,11 @@ private predicate os_path_join(ControlFlowNode fromnode, CallNode tonode) {
    tonode.getAnArg() = fromnode
 }

-/** A kind of "taint", representing a dictionary mapping str->"taint" */
-class StringDictKind extends DictKind {
+/**
+ * A kind of "taint", representing a dictionary mapping str->"taint"
+ *
+ * DEPRECATED: Use `ExternalStringKind` instead.
+ */
+deprecated class StringDictKind extends DictKind {
    StringDictKind() { this.getValue() instanceof StringKind }
 }
--- a/python/ql/src/semmle/python/web/turbogears/Response.qll
+++ b/python/ql/src/semmle/python/web/turbogears/Response.qll
@@ -27,5 +27,5 @@ class ControllerMethodTemplatedReturnValue extends HttpResponseTaintSink {
        )
    }

-    override predicate sinks(TaintKind kind) { kind instanceof StringDictKind }
+    override predicate sinks(TaintKind kind) { kind instanceof ExternalStringDictKind }
 }