Python: add comment with ref

yoff · yoff · commit 4a9023b98980 · 2021-03-08T08:17:23.000+01:00
diff --git a/python/ql/src/semmle/python/security/dataflow/StackTraceExposure.qll b/python/ql/src/semmle/python/security/dataflow/StackTraceExposure.qll
@@ -22,6 +22,8 @@ class StackTraceExposureConfiguration extends TaintTracking::Configuration {
     sink = any(HTTP::Server::HttpResponse response).getBody()
   }
 
+  // A stack trace is accessible as the `__traceback__` attribute of a caught exception.
+  //  seehttps://docs.python.org/3/reference/datamodel.html#traceback-objects
   override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     exists(AttrRead attr | attr.getAttributeName() = "__traceback__" |
       nodeFrom = attr.getObject() and

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,8 @@ class StackTraceExposureConfiguration extends TaintTracking::Configuration {`
`22`	`22`	`sink = any(HTTP::Server::HttpResponse response).getBody()`
`23`	`23`	`}`
`24`	`24`
	`25`	+ // A stack trace is accessible as the `__traceback__` attribute of a caught exception.
	`26`	`+ // seehttps://docs.python.org/3/reference/datamodel.html#traceback-objects`
`25`	`27`	`override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {`
`26`	`28`	`exists(AttrRead attr \| attr.getAttributeName() = "__traceback__" \|`
`27`	`29`	`nodeFrom = attr.getObject() and`