Update python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll

Co-authored-by: Taus <tausbn@github.com>
2026-02-23 18:33:42 +01:00 · 2026-02-17 10:28:43 -05:00
parent 4d4e7a1b5c
commit ceb3b21e0f
1 changed files with 17 additions and 29 deletions
--- a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
@@ -186,37 +186,25 @@ module ServerSideRequestForgery {

  private predicate uri_validator(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) {
    exists(DataFlow::CallCfgNode call, string funcs |
-      funcs in ["in_domain", "in_azure_keyvault_domain", "in_azure_storage_domain"]
-    |
+      funcs in ["in_domain", "in_azure_keyvault_domain", "in_azure_storage_domain"] and
      call = API::moduleImport("AntiSSRF").getMember("URIValidator").getMember(funcs).getACall() and
-      call.getArg(0).asCfgNode() = node and
-      (
-        // validator used in a comparison
-        exists(CompareNode cn, Cmpop op, Node n | cn = g and n.getALocalSource() = call |
-          (
-            // validator == true or validator == false or validator is True or validator is False
-            (op instanceof Eq or op instanceof Is) and
-            exists(ControlFlowNode l, boolean bool |
-              l.getNode().(BooleanLiteral).booleanValue() = bool and
-              bool in [true, false] and
-              branch = bool and
-              cn.operands(n.asCfgNode(), op, l)
-            )
-            or
-            // validator != false or validator != true or validator is not True or validator is not False
-            (op instanceof NotEq or op instanceof IsNot) and
-            exists(ControlFlowNode l, boolean bool |
-              l.getNode().(BooleanLiteral).booleanValue() = bool and
-              bool in [true, false] and
-              branch = bool.booleanNot() and
-              cn.operands(n.asCfgNode(), op, l)
-            )
-          )
-        )
+      call.getArg(0).asCfgNode() = node
+    |
+      // validator call directly (e.g., if URIValidator.in_domain(...) )
+      g = call.asCfgNode() and
+      branch = true
+      or
+      // validator used in a comparison
+      exists(Cmpop op, Node n, ControlFlowNode l |
+        n.getALocalSource() = call and g.(CompareNode).operands(n.asCfgNode(), op, l)
+      |
+        // validator == true or validator == false or validator is True or validator is False
+        (op instanceof Eq or op instanceof Is) and
+        branch = l.getNode().(BooleanLiteral).booleanValue()
        or
-        // validator call directly (e.g., if URIValidator.in_domain(...) )
-        g = call.asCfgNode() and
-        branch = true
+        // validator != false or validator != true or validator is not True or validator is not False
+        (op instanceof NotEq or op instanceof IsNot) and
+        branch = l.getNode().(BooleanLiteral).booleanValue().booleanNot()
      )
    )
  }