TokenBuiltFromUuid isAdditionalTaintStep refactor

Daniel Santos · Daniel Santos · commit b8d60edb49ee · 2022-10-25T09:51:07.000-05:00
diff --git a/python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql b/python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
@@ -50,11 +50,10 @@ class TokenBuiltFromUuidConfig extends TaintTracking::Configuration {
   override predicate isSink(DataFlow::Node sink) { sink instanceof TokenAssignmentValueSink }
 
   override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    exists(Call call, Name name |
-      call.getFunc() = name and
-      name.getId() = "str" and
-      nodeFrom = DataFlow::exprNode(call.getArg(0)) and
-      nodeTo = DataFlow::exprNode(call)
+    exists(DataFlow::CallCfgNode call |
+      call = API::builtin("str").getACall() and
+      nodeFrom = call.getArg(0) and
+      nodeTo = call
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -50,11 +50,10 @@ class TokenBuiltFromUuidConfig extends TaintTracking::Configuration {`
`50`	`50`	`override predicate isSink(DataFlow::Node sink) { sink instanceof TokenAssignmentValueSink }`
`51`	`51`
`52`	`52`	`override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {`
`53`		`- exists(Call call, Name name \|`
`54`		`- call.getFunc() = name and`
`55`		`- name.getId() = "str" and`
`56`		`- nodeFrom = DataFlow::exprNode(call.getArg(0)) and`
`57`		`- nodeTo = DataFlow::exprNode(call)`
	`53`	`+ exists(DataFlow::CallCfgNode call \|`
	`54`	`+ call = API::builtin("str").getACall() and`
	`55`	`+ nodeFrom = call.getArg(0) and`
	`56`	`+ nodeTo = call`
`58`	`57`	`)`
`59`	`58`	`}`
`60`	`59`	`}`