hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Prevent early join on argName in getArg

Browse Source
This commit is contained in:
Taus Brock-Nannestad
2020-10-21 13:23:09 +02:00
parent 0e2ec0dfb4
commit eb3333c0ce
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll
View File

@@ -400,7 +400,7 @@ module ArgumentPassing {
exists(Function f, string argName |
f = callable.getScope() and
f.getArgName(paramN) = argName and
result = TCfgNode(call.getArgByName(argName))
result = TCfgNode(call.getArgByName(unbind_string(argName)))
)
or
// a synthezised argument passed to the starred parameter (at position -1)
@@ -421,6 +421,10 @@ module ArgumentPassing {
)
}
/** Currently required in `getArg` in order to prevent a bad join. */
bindingset[result, s]
private string unbind_string(string s) { result <= s and s <= result }
/** Gets the control flow node that is passed as the `n`th overflow positional argument. */
ControlFlowNode getPositionalOverflowArg(CallNode call, CallableValue callable, int n) {
connects(call, callable) and