Skip to content

Commit 164cf27

Browse files
joefarebrotherjoefarebrother
committed
Add additional constant checks to constant barrier gaurd
1 parent f2e943f commit 164cf27

File tree

1 file changed

+24
-13
lines changed

1 file changed

+24
-13
lines changed

python/ql/lib/semmle/python/dataflow/new/BarrierGuards.qll

Lines changed: 24 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -3,34 +3,45 @@
33
private import python
44
private import semmle.python.dataflow.new.DataFlow
55

6-
private predicate stringConstCompare(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) {
6+
private predicate constCompare(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) {
77
exists(CompareNode cn | cn = g |
8-
exists(StringLiteral str_const, Cmpop op |
8+
exists(ImmutableLiteral const, Cmpop op |
99
op = any(Eq eq) and branch = true
1010
or
1111
op = any(NotEq ne) and branch = false
1212
|
13-
cn.operands(str_const.getAFlowNode(), op, node)
13+
cn.operands(const.getAFlowNode(), op, node)
1414
or
15-
cn.operands(node, op, str_const.getAFlowNode())
15+
cn.operands(node, op, const.getAFlowNode())
1616
)
1717
or
18-
exists(IterableNode str_const_iterable, Cmpop op |
18+
exists(NameConstant const, Cmpop op |
19+
op = any(Is is_) and branch = true
20+
or
21+
op = any(IsNot isn) and branch = false
22+
|
23+
cn.operands(const.getAFlowNode(), op, node)
24+
or
25+
cn.operands(node, op, const.getAFlowNode())
26+
)
27+
or
28+
exists(IterableNode const_iterable, Cmpop op |
1929
op = any(In in_) and branch = true
2030
or
2131
op = any(NotIn ni) and branch = false
2232
|
23-
forall(ControlFlowNode elem | elem = str_const_iterable.getAnElement() |
24-
elem.getNode() instanceof StringLiteral
33+
forall(ControlFlowNode elem | elem = const_iterable.getAnElement() |
34+
elem.getNode() instanceof ImmutableLiteral
2535
) and
26-
cn.operands(node, op, str_const_iterable)
36+
cn.operands(node, op, const_iterable)
2737
)
2838
)
2939
}
3040

31-
/** A validation of unknown node by comparing with a constant string value. */
32-
class StringConstCompareBarrier extends DataFlow::Node {
33-
StringConstCompareBarrier() {
34-
this = DataFlow::BarrierGuard<stringConstCompare/3>::getABarrierNode()
35-
}
41+
/** A validation of unknown node by comparing with a constant value. */
42+
class ConstCompareBarrier extends DataFlow::Node {
43+
ConstCompareBarrier() { this = DataFlow::BarrierGuard<constCompare/3>::getABarrierNode() }
3644
}
45+
46+
/** DEPRECATED: Use ConstCompareBarrier instead. */
47+
deprecated class StringConstCompareBarrier = ConstCompareBarrier;

0 commit comments

Comments
 (0)