hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Use MethodCallNode for MarkupSafe string-format

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-06-30 13:58:09 +02:00
parent d6e8fafdbd
commit c84658dff1
1 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
python/ql/src/semmle/python/frameworks/MarkupSafe.qll
View File

@@ -67,13 +67,8 @@ private module MarkupSafeModel {
}
/** A string format with `markupsafe.Markup` as the format string. */
class StringFormat extends Markup::InstanceSource, DataFlow::CallCfgNode {
StringFormat() {
exists(DataFlow::AttrRead attr | this.getFunction() = attr |
attr.getAttributeName() = "format" and
attr.getObject() = instance()
)
}
class StringFormat extends Markup::InstanceSource, DataFlow::MethodCallNode {
StringFormat() { this.calls(instance(), "format") }
}
/** Taint propagation for `markupsafe.Markup`. */