Revert "Python: Re-introduce syntactic handling of str/bytes/unicode"

RasmusWL · RasmusWL · commit 870389addb29 · 2021-06-14T14:22:40.000+02:00
This reverts commit c4987e9. Hoping that our new handling of builtins would solve this problem... but it did not :|
diff --git a/python/ql/src/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/src/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
@@ -77,11 +77,7 @@ predicate subscriptStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
 predicate stringManipulation(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
   // transforming something tainted into a string will make the string tainted
   exists(DataFlow::CallCfgNode call | call = nodeTo |
-    (
-      call = API::builtin(["str", "bytes", "unicode"]).getACall()
-      or
-      call.getFunction().asCfgNode().(NameNode).getId() in ["str", "bytes", "unicode"]
-    ) and
+    call = API::builtin(["str", "bytes", "unicode"]).getACall() and
     nodeFrom in [call.getArg(0), call.getArgByName("object")]
   )
   or
diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/InlineTaintTest.expected b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/InlineTaintTest.expected
@@ -1,3 +1,5 @@
 argumentToEnsureNotTaintedNotMarkedAsSpurious
 untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+| test_string.py:35:9:35:19 | test_string.py:35 | ERROR, you should add `# $ MISSING: tainted` annotation | unicode(..) |
 failures
+| test_string.py:35:22:35:32 | Comment # $ tainted | Missing result:tainted= |
