Python: Move ControlFlowNode.toString() to AST cached stage

RasmusWL · RasmusWL · commit d151e21f15c3 · 2022-11-24T10:14:39.000+01:00
This means points-to is no longer evaluated for sql injection 🎉 Thanks @asgerf 💪
diff --git a/python/ql/lib/semmle/python/Flow.qll b/python/ql/lib/semmle/python/Flow.qll
@@ -125,7 +125,7 @@ class ControlFlowNode extends @py_flow_node {
   /** Gets a textual representation of this element. */
   cached
   string toString() {
-    Stages::PointsTo::ref() and
+    Stages::AST::ref() and
     exists(Scope s | s.getEntryNode() = this | result = "Entry node for " + s.toString())
     or
     exists(Scope s | s.getANormalExit() = this | result = "Exit node for " + s.toString())
diff --git a/python/ql/lib/semmle/python/internal/CachedStages.qll b/python/ql/lib/semmle/python/internal/CachedStages.qll
@@ -93,6 +93,8 @@ module Stages {
       exists(PyFlow::DefinitionNode b)
       or
       exists(any(PyFlow::SequenceNode n).getElement(_))
+      or
+      exists(any(PyFlow::ControlFlowNode c).toString())
     }
   }
 
@@ -140,7 +142,6 @@ module Stages {
     private import semmle.python.pointsto.Base as PointsToBase
     private import semmle.python.types.Object as TypeObject
     private import semmle.python.objects.TObject as TObject
-    private import semmle.python.Flow as Flow
     private import semmle.python.objects.ObjectInternal as ObjectInternal
     // have to alias since this module is also called PointsTo
     private import semmle.python.pointsto.PointsTo as RealPointsTo
@@ -159,8 +160,6 @@ module Stages {
       or
       exists(TObject::TObject f)
       or
-      exists(any(Flow::ControlFlowNode c).toString())
-      or
       exists(any(ObjectInternal::ObjectInternal o).toString())
       or
       RealPointsTo::AttributePointsTo::variableAttributePointsTo(_, _, _, _, _)
