Python: Highlight problem picking DataFlow::Node for Assign

RasmusWL · RasmusWL · commit 94bcda3bae74 · 2021-06-29T15:32:16.000+02:00
diff --git a/python/ql/src/semmle/python/frameworks/Aiohttp.qll b/python/ql/src/semmle/python/frameworks/Aiohttp.qll
@@ -646,8 +646,9 @@ module AiohttpWebModel {
 
     AiohttpResponseCookieSubscriptWrite() {
       exists(Assign assign, Subscript subscript |
-        // there doesn't seem to be any _good_ choice for `this`, so just picking the
-        // whole subscript...
+        // Since there is no `DataFlow::Node` for the assign (since it's a statement,
+        // and not an expression) there doesn't seem to be any _good_ choice for `this`,
+        // so just picking the whole subscript...
         this.asExpr() = subscript
       |
         assign.getATarget() = subscript and
diff --git a/python/ql/src/semmle/python/frameworks/Django.qll b/python/ql/src/semmle/python/frameworks/Django.qll
@@ -1413,8 +1413,9 @@ private module PrivateDjango {
 
           DjangoResponseCookieSubscriptWrite() {
             exists(Assign assign, Subscript subscript, DataFlow::AttrRead cookieLookup |
-              // there doesn't seem to be any _good_ choice for `this`, so just picking the
-              // whole subscript...
+              // Since there is no `DataFlow::Node` for the assign (since it's a statement,
+              // and not an expression) there doesn't seem to be any _good_ choice for `this`,
+              // so just picking the whole subscript...
               this.asExpr() = subscript
             |
               cookieLookup.getAttributeName() = "cookies" and
