Python: Remove getALocalTaintSource

yoff · yoff · commit a9af135d7e89 · 2021-03-24T01:22:21.000+01:00
and `taintFlowsTo` for now..
diff --git a/python/change-notes/2021-03-12-small-api-enhancements.md b/python/change-notes/2021-03-12-small-api-enhancements.md
@@ -1,4 +1,3 @@
 lgtm,codescanning
 * The class ParameterNode now extends LocalSourceNode, thus making methods like flowsTo available.
-* Local taint tracking can now be performed using the `taintFlowsTo` method on the `LocalSourceNode` class. Conversely, the new member predicate `getALocalTaintSource` can be called on a `DataFlow::Node` to obtain a `LocalSourceNode` from which taint can be tracked locally to that data-flow node.
 * The new predicate `parameterNode` can now be used to map from a `Parameter` to a data-flow node.
diff --git a/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll b/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
@@ -139,11 +139,6 @@ class Node extends TNode {
    * Gets a local source node from which data may flow to this node in zero or more local data-flow steps.
    */
   LocalSourceNode getALocalSource() { result.flowsTo(this) }
-
-  /**
-   * Gets a local source node from which data may flow to this node in zero or more local taint-flow steps.
-   */
-  LocalSourceNode getALocalTaintSource() { result.taintFlowsTo(this) }
 }
 
 /** A data-flow node corresponding to an SSA variable. */
diff --git a/python/ql/src/semmle/python/dataflow/new/internal/LocalSources.qll b/python/ql/src/semmle/python/dataflow/new/internal/LocalSources.qll
@@ -9,7 +9,6 @@
 import python
 import DataFlowPublic
 private import DataFlowPrivate
-private import TaintTrackingPublic
 
 /**
  * A data flow node that is a source of local flow. This includes things like
@@ -28,10 +27,6 @@ class LocalSourceNode extends Node {
   pragma[inline]
   predicate flowsTo(Node nodeTo) { Cached::hasLocalSource(nodeTo, this) }
 
-  /** Holds if this `LocalSourceNode` can flow to `nodeTo` in one or more local taint steps. */
-  pragma[inline]
-  predicate taintFlowsTo(Node nodeTo) { Cached::hasLocalTaintSource(nodeTo, this) }
-
   /**
    * Gets a reference (read or write) of attribute `attrName` on this node.
    */
@@ -82,24 +77,6 @@ private module Cached {
     )
   }
 
-  /**
-   * Holds if `source` is a `LocalSourceNode` that can reach `sink` via local taint steps.
-   *
-   * The slightly backwards parametering ordering is to force correct indexing.
-   */
-  cached
-  predicate hasLocalTaintSource(Node sink, Node source) {
-    // Declaring `source` to be a `LocalSourceNode` currently causes a redundant check in the
-    // recursive case, so instead we check it explicitly here.
-    source = sink and
-    source instanceof LocalSourceNode
-    or
-    exists(Node mid |
-      hasLocalTaintSource(mid, source) and
-      localTaintStep(mid, sink)
-    )
-  }
-
   /**
    * Holds if `base` flows to the base of `ref` and `ref` has attribute name `attr`.
    */
diff --git a/python/ql/test/2/library-tests/locations/general/Locations.expected b/python/ql/test/2/library-tests/locations/general/Locations.expected
@@ -55,7 +55,6 @@
 | Dict | 46 | 54 | 46 | 55 |
 | Dict | 48 | 9 | 48 | 19 |
 | DictUnpacking | 46 | 52 | 46 | 55 |
-| DjangoViewClassHelper | 4 | 1 | 4 | 8 |
 | Ellipsis | 7 | 7 | 7 | 9 |
 | Ellipsis | 50 | 14 | 50 | 16 |
 | ExceptStmt | 32 | 9 | 32 | 31 |
diff --git a/python/ql/test/3/library-tests/locations/general/Locations.expected b/python/ql/test/3/library-tests/locations/general/Locations.expected
@@ -44,7 +44,6 @@
 | Dict | 46 | 54 | 46 | 55 |
 | Dict | 48 | 9 | 48 | 19 |
 | DictUnpacking | 46 | 52 | 46 | 55 |
-| DjangoViewClassHelper | 4 | 1 | 4 | 8 |
 | Ellipsis | 7 | 7 | 7 | 9 |
 | Ellipsis | 50 | 14 | 50 | 16 |
 | ExceptStmt | 32 | 9 | 32 | 31 |
