mirror of
https://github.com/github/codeql.git
synced 2026-04-11 18:14:01 +02:00
28 lines
828 B
Plaintext
28 lines
828 B
Plaintext
import python
|
|
private import semmle.python.ApiGraphs
|
|
private import experimental.cryptography.utils.CallCfgNodeWithTarget
|
|
/**
|
|
* Gets an ultimate local source (not a source in a library)
|
|
*/
|
|
DataFlow::Node getUltimateSrcFromApiNode(API::Node n){
|
|
result = n.getAValueReachingSink()
|
|
and
|
|
(
|
|
// the result is a call to a library only
|
|
(
|
|
result instanceof CallCfgNodeWithTarget and
|
|
not result.(CallCfgNodeWithTarget).getTarget().asExpr().getEnclosingModule().inSource()
|
|
)
|
|
// the result is not a call, and not a function signataure or parameter
|
|
or
|
|
(
|
|
not result instanceof CallCfgNodeWithTarget
|
|
and
|
|
not result instanceof DataFlow::ParameterNode
|
|
and
|
|
not result.asExpr() instanceof FunctionExpr
|
|
and
|
|
result.asExpr().getEnclosingModule().inSource()
|
|
)
|
|
)
|
|
} |