hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: TaintTracking: stringMethods => stringManipualtion

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-08-25 13:05:27 +02:00
parent 238e0845aa
commit cf121cc4d0
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll
View File

@@ -29,7 +29,7 @@ predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeT
or
subscriptStep(nodeFrom, nodeTo)
or
stringMethods(nodeFrom, nodeTo)
stringManipulation(nodeFrom, nodeTo)
}
/**
@@ -59,7 +59,7 @@ predicate subscriptStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
* Note that since we cannot easily distinguish when something is a string, this can
* also make taint flow on `<non string>.replace(foo, bar)`.
*/
predicate stringMethods(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
predicate stringManipulation(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
// transforming something tainted into a string will make the string tainted
exists(CallNode call | call = nodeTo.getNode() |
call.getFunction().(NameNode).getId() in ["str", "bytes", "unicode"] and