File tree Expand file tree Collapse file tree 1 file changed +14
-1
lines changed
python/ql/src/semmle/python/functions Expand file tree Collapse file tree 1 file changed +14
-1
lines changed Original file line number Diff line number Diff line change @@ -159,17 +159,26 @@ module ModificationOfParameterWithDefault {
159159 boolean isInverted ( ) { result = inverted }
160160 }
161161
162+ /**
163+ * Holds iff `guard` is checking the `Name` represented by `guarded` for truthyness.
164+ * `result` is true if the check is inverted and false if it is not.
165+ */
162166 boolean isIdentityGuard ( DataFlow:: GuardNode guard , ControlFlowNode guarded ) {
163167 exists ( IdentityGuarded ig |
164168 ig instanceof Name and
165169 // In `not l`, the `ControlFlowNode` for `l` is not an instance of `GuardNode`.
166- // TODO: This is slightly naive, we should change it when we have a proper guards library.
170+ // TODO: This is slightly naive, not handling e.g. `l or cond` correctly.
171+ // We should change it when we have a proper guards library.
167172 guard .getNode ( ) .getAChildNode * ( ) = ig and
168173 result = ig .isInverted ( ) and
169174 guarded .getNode ( ) = ig
170175 )
171176 }
172177
178+ /**
179+ * A sanitizer guard that does not let a truthy value flow to the true branch.
180+ * Based on `isIdentityGuard`, so comes with the same caveats.
181+ */
173182 class BlocksTruthyGuard extends BlocksTruthy {
174183 ControlFlowNode guarded ;
175184
@@ -186,6 +195,10 @@ module ModificationOfParameterWithDefault {
186195 }
187196 }
188197
198+ /**
199+ * A sanitizer guard that does not let a falsy value flow to the true branch.
200+ * Based on `isIdentityGuard`, so comes with the same caveats.
201+ */
189202 class BlocksFalseyGuard extends BlocksFalsey {
190203 ControlFlowNode guarded ;
191204
You can’t perform that action at this time.
0 commit comments