Skip to content

Commit b083c01

Browse files
committed
Python: Deprecate StringDictKind
This QL ```codeql import python import semmle.python.dataflow.TaintTracking import semmle.python.security.strings.Untrusted from CollectionKind ck where ck.(DictKind).getMember() instanceof StringKind or ck.getMember().(DictKind).getMember() instanceof StringKind select ck, ck.getAQlClass(), ck.getMember().getAQlClass() ``` generates these 6 results. ``` 1 {externally controlled string} ExternalStringDictKind UntrustedStringKind 2 {externally controlled string} StringDictKind UntrustedStringKind 3 [{externally controlled string}] SequenceKind ExternalStringDictKind 4 [{externally controlled string}] SequenceKind StringDictKind 5 {{externally controlled string}} DictKind ExternalStringDictKind 6 {{externally controlled string}} DictKind StringDictKind ``` StringDictKind was only used in *one* place in our library code. As illustrated above, it pollutes our set of TaintKinds. Effectively, every time we make a flow-step for dictionaries with tainted strings as values, we do it TWICE -- once for ExternalStringDictKind, and once for StringDictKind... that is just a waste.
1 parent 87bc8ae commit b083c01

File tree

2 files changed

+7
-3
lines changed

2 files changed

+7
-3
lines changed

python/ql/src/semmle/python/security/strings/Basic.qll

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -107,7 +107,11 @@ private predicate os_path_join(ControlFlowNode fromnode, CallNode tonode) {
107107
tonode.getAnArg() = fromnode
108108
}
109109

110-
/** A kind of "taint", representing a dictionary mapping str->"taint" */
111-
class StringDictKind extends DictKind {
110+
/**
111+
* A kind of "taint", representing a dictionary mapping str->"taint"
112+
*
113+
* DEPRECATED: Use `ExternalStringKind` instead.
114+
*/
115+
deprecated class StringDictKind extends DictKind {
112116
StringDictKind() { this.getValue() instanceof StringKind }
113117
}

python/ql/src/semmle/python/web/turbogears/Response.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,5 +27,5 @@ class ControllerMethodTemplatedReturnValue extends HttpResponseTaintSink {
2727
)
2828
}
2929

30-
override predicate sinks(TaintKind kind) { kind instanceof StringDictKind }
30+
override predicate sinks(TaintKind kind) { kind instanceof ExternalStringDictKind }
3131
}

0 commit comments

Comments
 (0)