Apply suggestions from code review

sylwia-budzynska · yoff · web-flow · commit 52ceb7fb8956 · 2024-05-10T12:07:32.000+02:00
Co-authored-by: yoff &lt;lerchedahl@gmail.com&gt;
diff --git a/python/ql/lib/semmle/python/frameworks/Gradio.qll b/python/ql/lib/semmle/python/frameworks/Gradio.qll
@@ -47,9 +47,7 @@ module Gradio {
    */
   class GradioInputList extends RemoteFlowSource::Range {
     GradioInputList() {
-      exists(API::CallNode call |
-        call instanceof GradioInput
-        and
+      exists(GradioInput call |
         // limit only to lists of parameters given to `inputs`.
         (
           (
@@ -74,9 +72,7 @@ module Gradio {
    */
   class GradioInputParameter extends RemoteFlowSource::Range {
     GradioInputParameter() {
-      exists(API::CallNode call |
-        call instanceof GradioInput
-        and
+      exists(GradioInput call |
         this = call.getParameter(0, "fn").getParameter(_).asSource() and
         // exclude lists of parameters given to `inputs`
         not call.getKeywordParameter("inputs").asSink().asCfgNode() instanceof ListNode and
@@ -92,8 +88,7 @@ module Gradio {
    */
   class GradioInputDecorator extends RemoteFlowSource::Range {
     GradioInputDecorator() {
-      exists(API::CallNode call |
-        call instanceof GradioInput and
+      exists(GradioInput call |
         this = call.getReturn().getACall().getParameter(0).getParameter(_).asSource()
       )
     }
@@ -106,9 +101,7 @@ module Gradio {
    */
   private class ListTaintStep extends TaintTracking::AdditionalTaintStep {
     override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-      exists(API::CallNode node |
-        node instanceof GradioInput
-        and
+      exists(GradioInput node |
         // handle cases where there are multiple arguments passed as a list to `inputs`
         (
           (
diff --git a/python/ql/test/library-tests/frameworks/gradio/source_test.ql b/python/ql/test/library-tests/frameworks/gradio/source_test.ql
@@ -1,5 +1,20 @@
 import python
 import semmle.python.dataflow.new.RemoteFlowSources
+import TestUtilities.InlineExpectationsTest
+private import semmle.python.dataflow.new.internal.PrintNode
 
-from RemoteFlowSource rfs
-select rfs
+module SourceTest implements TestSig {
+  string getARelevantTag() { result = "source" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(location.getFile().getRelativePath()) and
+    exists(RemoteFlowSource rfs |
+      location = rfs.getLocation() and
+      element = rfs.toString() and
+      value = prettyNode(rfs) and
+      tag = "source"
+    )
+  }
+}
+
+import MakeTest<SourceTest>
