From f8576fb05b017c125b8adc8151bc59caa3ddca0f Mon Sep 17 00:00:00 2001
From: Alex Ford <alexrford@users.noreply.github.com>
Date: Thu, 19 May 2022 15:22:49 +0100
Subject: [PATCH] Python: avoid missing `cryptography` uses due to unhandled
 encryption modes

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
---
 python/ql/lib/semmle/python/frameworks/Cryptography.qll | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/python/ql/lib/semmle/python/frameworks/Cryptography.qll b/python/ql/lib/semmle/python/frameworks/Cryptography.qll
index 2b891f04c0c..29b9c6b17e8 100644
--- a/python/ql/lib/semmle/python/frameworks/Cryptography.qll
+++ b/python/ql/lib/semmle/python/frameworks/Cryptography.qll
@@ -195,9 +195,9 @@ private module CryptographyModel {
             call.getArg(0), call.getArgByName("algorithm")
           ] and
         exists(DataFlow::Node modeArg | modeArg in [call.getArg(1), call.getArgByName("mode")] |
-          modeArg = modeClassRef(modeName).getReturn().getAUse()
-          or
-          modeArg.asExpr() instanceof None and modeName = "<none>"
+          if modeArg = modeClassRef(modeName).getReturn().getAUse()
+          then any()
+          else modeName = "<None or unknown>"
         )
       )
     }