Remove a write step & update the builtin open step

Sim4n6 · Sim4n6 · commit a4aaf0ec6f9e · 2023-01-28T09:53:54.000+01:00
diff --git a/python/ql/src/experimental/Security/UnsafeUnpackQuery.qll b/python/ql/src/experimental/Security/UnsafeUnpackQuery.qll
@@ -66,8 +66,14 @@ class UnsafeUnpackingConfig extends TaintTracking::Configuration {
     or
     // Open a file for access
     exists(MethodCallNode cn |
-      nodeTo = cn.getObject() and
-      cn.getMethodName() = "open" and
+      cn.calls(nodeTo, "open") and
+      cn.flowsTo(nodeFrom)
+    )
+    or
+    // Open a file for access using builtin
+    exists(API::CallNode cn |
+      cn = API::builtin("open").getACall() and
+      nodeTo = cn.(API::CallNode).getArg(0) and
       cn.flowsTo(nodeFrom)
     )
     or
@@ -77,22 +83,11 @@ class UnsafeUnpackingConfig extends TaintTracking::Configuration {
       nodeFrom = cn.getArg(0)
     )
     or
-    // Open a file for access using builtin
-    nodeFrom = API::builtin("open").getACall() and nodeTo = nodeFrom.(API::CallNode).getArg(0)
-    or
     // Retrieve Django uploaded files
     // see getlist(): https://docs.djangoproject.com/en/4.1/ref/request-response/#django.http.QueryDict.getlist
     // see chunks(): https://docs.djangoproject.com/en/4.1/ref/files/uploads/#django.core.files.uploadedfile.UploadedFile.chunks
     nodeTo.(MethodCallNode).calls(nodeFrom, ["getlist", "get", "chunks"])
     or
-    // Writing the response data to the archive
-    exists(Stdlib::FileLikeObject::InstanceSource is, Node f, MethodCallNode mc |
-      is.flowsTo(f) and
-      mc.calls(f, "write") and
-      nodeFrom = mc.getArg(0) and
-      nodeTo = is.(CallCfgNode).getArg(0)
-    )
-    or
     // Considering the use of "fs"
     exists(API::CallNode fs, MethodCallNode mcn |
       fs =
