diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll index 1c9ec5dff17..1ea5765dc37 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll @@ -1078,7 +1078,7 @@ module Conversions { nodeFrom = decoding.getAnInput() and nodeTo = decoding.getOutput() ) and - (c.isAnyTupleElement() or c.isAnyDictionaryElement()) + c.isAnyTupleOrDictionaryElement() } predicate encoderReadStep(Node nodeFrom, ContentSet c, Node nodeTo) { @@ -1086,7 +1086,7 @@ module Conversions { nodeFrom = encoding.getAnInput() and nodeTo = encoding.getOutput() ) and - (c.isAnyTupleElement() or c.isAnyDictionaryElement()) + c.isAnyTupleOrDictionaryElement() } predicate formatReadStep(Node nodeFrom, ContentSet c, Node nodeTo) { diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll index 173a5598149..c1e01cf08a9 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll @@ -914,7 +914,8 @@ class CapturedVariableContent extends Content, TCapturedVariableContent { private newtype TContentSet = TSingletonContent(Content c) or TAnyTupleElement() or - TAnyDictionaryElement() + TAnyDictionaryElement() or + TAnyTupleOrDictionaryElement() /** * An entity that represents a set of `Content`s. @@ -932,6 +933,9 @@ class ContentSet extends TContentSet { /** Holds if this content set is the wildcard for all dictionary elements. */ predicate isAnyDictionaryElement() { this = TAnyDictionaryElement() } + /** Holds if this content set is the wildcard for all tuple elements or dictionary elements. */ + predicate isAnyTupleOrDictionaryElement() { this = TAnyTupleOrDictionaryElement() } + /** Gets a content that may be stored into when storing into this set. */ Content getAStoreContent() { this = TSingletonContent(result) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll index 1e9ffcf463c..0931fcca0dc 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll @@ -87,6 +87,8 @@ module Input implements InputSig cs.isAnyTupleElement() and result = "AnyTupleElement" and arg = "" or cs.isAnyDictionaryElement() and result = "AnyDictionaryElement" and arg = "" + or + cs.isAnyTupleOrDictionaryElement() and result = "AnyTupleOrDictionaryElement" and arg = "" } bindingset[token] diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll index de5a06eaaad..7f25d276c07 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll @@ -21,9 +21,7 @@ private predicate defaultTaintReadContent(DataFlow::ContentSet contentSet) { // expand to one row per (node, distinct key or index) and the framework's // read-set relation grows quadratically). `ContentSet.getAReadContent` expands // these wildcards back to the specific contents when matching against stores. - contentSet.isAnyTupleElement() - or - contentSet.isAnyDictionaryElement() + contentSet.isAnyTupleOrDictionaryElement() or // List and set element content is already imprecise, so no wildcard expansion is // needed. diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll index 6b3e428b995..80577805e6d 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll @@ -61,9 +61,7 @@ module EscapingCaptureFlowConfig implements DataFlow::ConfigSig { predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) { isSink(node) and ( - cs.isAnyTupleElement() - or - cs.isAnyDictionaryElement() + cs.isAnyTupleOrDictionaryElement() or cs.getAStoreContent() instanceof DataFlow::ListElementContent or