Skip to content

Commit 1954c0b

Browse files
yofftausbn
yoff
and
tausbn
authored
Apply suggestions from code review
Co-authored-by: Taus <[email protected]>
1 parent 5a4e661 commit 1954c0b

File tree

1 file changed

+9
-9
lines changed

1 file changed

+9
-9
lines changed

python/ql/src/semmle/python/frameworks/Stdlib.qll

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -941,7 +941,7 @@ private module Stdlib {
941941
or
942942
// Type-preserving call
943943
exists(DataFlow::Node nodeFrom, DataFlow::TypeTracker t2 |
944-
nodeFrom.getALocalSource() = pathlibPath(t2) and
944+
pathlibPath(t2).flowsTo(nodeFrom) and
945945
t2.end()
946946
|
947947
t.start() and
@@ -962,7 +962,7 @@ private module Stdlib {
962962
exists(BinaryExprNode slash, DataFlow::Node pathOperand, DataFlow::TypeTracker t2 |
963963
slash.getOp() instanceof Div and
964964
pathOperand.asCfgNode() = slash.getAnOperand() and
965-
pathOperand.getALocalSource() = pathlibPath(t2) and
965+
pathlibPath(t2).flowsTo(pathOperand) and
966966
t2.end()
967967
|
968968
t.start() and
@@ -972,7 +972,7 @@ private module Stdlib {
972972
// standard case
973973
exists(DataFlow::AttrRead returnsPath, DataFlow::TypeTracker t2 |
974974
returnsPath.getAttributeName() = pathlibPathInjection() and
975-
returnsPath.getObject().getALocalSource() = pathlibPath(t2) and
975+
pathlibPath(t2).flowsTo(returnsPath.getObject()) and
976976
t2.end()
977977
|
978978
t.start() and
@@ -997,7 +997,7 @@ private module Stdlib {
997997
"rename", "replace", "resolve", "rglob", "rmdir", "samefile", "symlink_to", "touch",
998998
"unlink", "link_to", "write_bytes", "write_text"
999999
] and
1000-
fileAccess.getObject().getALocalSource() = pathlibPath() and
1000+
pathlibPath().flowsTo(fileAccess.getObject()) and
10011001
this.getFunction() = fileAccess
10021002
}
10031003

@@ -1012,8 +1012,8 @@ private module Stdlib {
10121012
nodeFrom = nodeTo.(DataFlow::CallCfgNode).getArg(_)
10131013
or
10141014
// Type preservation
1015-
nodeFrom.getALocalSource() = pathlibPath() and
1016-
nodeTo.getALocalSource() = pathlibPath() and
1015+
pathlibPath().flowsTo(nodeFrom) and
1016+
pathlibPath().flowsTo(nodeTo) and
10171017
(
10181018
// Type-preserving call
10191019
typePreservingCall(nodeFrom, nodeTo)
@@ -1023,13 +1023,13 @@ private module Stdlib {
10231023
)
10241024
or
10251025
// Data injection
1026-
nodeTo.getALocalSource() = pathlibPath() and
1026+
pathlibPath().flowsTo(nodeTo) and
10271027
(
10281028
// Special handling of the `/` operator
10291029
exists(BinaryExprNode slash, DataFlow::Node pathOperand |
10301030
slash.getOp() instanceof Div and
10311031
pathOperand.asCfgNode() = slash.getAnOperand() and
1032-
pathOperand.getALocalSource() = pathlibPath()
1032+
pathlibPath().flowsTo(pathOperand)
10331033
|
10341034
nodeTo.asCfgNode() = slash and
10351035
// Taint can flow either from the left or the right operand as long as one of them is a path.
@@ -1052,7 +1052,7 @@ private module Stdlib {
10521052
)
10531053
or
10541054
// Export data from type
1055-
nodeFrom.getALocalSource() = pathlibPath() and
1055+
pathlibPath().flowsTo(nodeFrom) and
10561056
(
10571057
// exporting attribute
10581058
exists(DataFlow::AttrRead export |

0 commit comments

Comments
 (0)