Merge pull request github#5253 from RasmusWL/no-getAnArg

codeql-ci · web-flow · commit bf66bdbb9528 · 2021-02-24T06:34:31.000-08:00
Approved by tausbn
diff --git a/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql b/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql
@@ -24,8 +24,9 @@ private API::Node paramikoSSHClientInstance() {
 
 from DataFlow::CallCfgNode call, DataFlow::Node arg, string name
 where
+  // see http://docs.paramiko.org/en/stable/api/client.html#paramiko.client.SSHClient.set_missing_host_key_policy
   call = paramikoSSHClientInstance().getMember("set_missing_host_key_policy").getACall() and
-  arg = call.getAnArg() and
+  arg in [call.getArg(0), call.getArgByName("policy")] and
   (
     arg = unsafe_paramiko_policy(name).getAUse() or
     arg = unsafe_paramiko_policy(name).getReturn().getAUse()
diff --git a/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll b/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
@@ -193,13 +193,6 @@ class CallCfgNode extends CfgNode {
 
   /** Gets the data-flow node corresponding to the named argument of the call corresponding to this data-flow node */
   Node getArgByName(string name) { result.asCfgNode() = node.getArgByName(name) }
-
-  /** Gets the data-flow node corresponding to an argument of the call corresponding to this data-flow node */
-  Node getAnArg() {
-    exists(int n | result = this.getArg(n))
-    or
-    exists(string name | result = this.getArgByName(name))
-  }
 }
 
 /**
