Python: Remove code that adds taint to unrelated ControlFlowNode

RasmusWL · RasmusWL · commit 0ce8e9180b72 · 2020-03-09T15:27:31.000+01:00
The problem with the deleted code is that it would add flow to what might be an
unrelated ControlFlowNode, which is illustrated in the query below (that gives
results on flask)

from ControlFlowNode arg, CallNode call, CallNode other_call
where
    call.getNode().getAKeyword().getValue() = arg.getNode() and
    not call.getAnArg() = arg and
    other_call.getAnArg() = arg and
    not other_call = call
select call, arg, other_call
diff --git a/python/ql/src/semmle/python/security/strings/Basic.qll b/python/ql/src/semmle/python/security/strings/Basic.qll
@@ -73,9 +73,6 @@ private predicate str_format(ControlFlowNode fromnode, CallNode tonode) {
     tonode.getFunction().(AttrNode).getName() = "format" and
     (
         tonode.getAnArg() = fromnode
-        or
-        // TODO: if this case is not covered by tonode.getAnArg(), we should change it so it is :\
-        tonode.getNode().getAKeyword().getValue() = fromnode.getNode()
     )
 }
 

Original file line number	Diff line number	Diff line change
`@@ -73,9 +73,6 @@ private predicate str_format(ControlFlowNode fromnode, CallNode tonode) {`
`73`	`73`	`tonode.getFunction().(AttrNode).getName() = "format" and`
`74`	`74`	`(`
`75`	`75`	`tonode.getAnArg() = fromnode`
`76`		`- or`
`77`		`- // TODO: if this case is not covered by tonode.getAnArg(), we should change it so it is :\`
`78`		`- tonode.getNode().getAKeyword().getValue() = fromnode.getNode()`
`79`	`76`	`)`
`80`	`77`	`}`
`81`	`78`