Python: Use helper predicate

RasmusWL · RasmusWL · commit d8fd45731012 · 2024-02-14T14:47:28.000+01:00
Since the helper predicate had nice qldocs
diff --git a/python/ql/src/experimental/semmle/python/security/DecompressionBomb.qll b/python/ql/src/experimental/semmle/python/security/DecompressionBomb.qll
@@ -54,12 +54,7 @@ module ZipFile {
       exists(API::Node zipOpen | zipOpen = zipFileClass().getReturn().getMember("open") |
         // this open function must reads uncompressed data with buffer
         // and checks the accumulated size at the end of each read to be called safe
-        not TaintTracking::localExprTaint(zipOpen
-              .getReturn()
-              .getMember("read")
-              .getParameter(0)
-              .asSink()
-              .asExpr(), any(Compare i).getASubExpression*()) and
+        not zipFileDecompressionBombSanitizer(zipOpen) and
         this = zipOpen.getACall()
       )
     }

Original file line number	Diff line number	Diff line change
`@@ -54,12 +54,7 @@ module ZipFile {`
`54`	`54`	`exists(API::Node zipOpen \| zipOpen = zipFileClass().getReturn().getMember("open") \|`
`55`	`55`	`// this open function must reads uncompressed data with buffer`
`56`	`56`	`// and checks the accumulated size at the end of each read to be called safe`
`57`		`- not TaintTracking::localExprTaint(zipOpen`
`58`		`- .getReturn()`
`59`		`- .getMember("read")`
`60`		`- .getParameter(0)`
`61`		`- .asSink()`
`62`		`- .asExpr(), any(Compare i).getASubExpression*()) and`
	`57`	`+ not zipFileDecompressionBombSanitizer(zipOpen) and`
`63`	`58`	`this = zipOpen.getACall()`
`64`	`59`	`)`
`65`	`60`	`}`