Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 663dc24

Browse files
RasmusWLRasmusWL
committed
Python: Apply suggestion from Taus
rewrote the qldoc to explain it as well.
1 parent dc9dbf3 commit 663dc24

1 file changed

Lines changed: 10 additions & 12 deletions

File tree

  • python/ql/test/library-tests/examples/custom-sanitizer

python/ql/test/library-tests/examples/custom-sanitizer/Taint.qll

Lines changed: 10 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -33,33 +33,31 @@ class MySanitizerHandlingNot extends Sanitizer {
3333
/** The test `if is_safe(arg):` sanitizes `arg` on its `true` edge. */
3434
override predicate sanitizingEdge(TaintKind taint, PyEdgeRefinement test) {
3535
taint instanceof ExternalStringKind and
36-
clears_taint_on_true(_, test.getTest(), test.getSense(), test)
36+
clears_taint_on_true(test.getTest(), test.getSense(), test)
3737
}
3838

3939
/**
4040
* Helper predicate that recurses into any nesting of `not`
4141
*
4242
* To reduce the number of tuples this predicate holds for, we include the `PyEdgeRefinement` and
43-
* ensure that `test` is a part of this `PyEdgeRefinement`. Without including `PyEdgeRefinement` as an argument
44-
* *any* `CallNode c` to `test.is_safe` would be a result of this predicate, since (c, c, true) would hold.
43+
* ensure that `test` is a part of this `PyEdgeRefinement` (instead of just taking the
44+
* `edge_refinement.getInput().getAUse()` part as a part of the predicate). Without including
45+
* `PyEdgeRefinement` as an argument *any* `CallNode c` to `test.is_safe` would be a result of
46+
* this predicate, since the tuple where `test = c` and `sense = true` would hold.
4547
*/
4648
private predicate clears_taint_on_true(
47-
CallNode final_test, ControlFlowNode test, boolean sense, PyEdgeRefinement edge_refinement
49+
ControlFlowNode test, boolean sense, PyEdgeRefinement edge_refinement
4850
) {
51+
edge_refinement.getTest().getNode().(Expr).getASubExpression*() = test.getNode() and
4952
(
50-
edge_refinement.getTest().getNode().(Expr).getASubExpression*() = test.getNode() and
51-
test.getNode().(Expr).getASubExpression*() = final_test.getNode()
52-
) and
53-
(
54-
final_test = test and
55-
final_test = Value::named("test.is_safe").getACall() and
56-
edge_refinement.getInput().getAUse() = final_test.getAnArg() and
53+
test = Value::named("test.is_safe").getACall() and
54+
edge_refinement.getInput().getAUse() = test.(CallNode).getAnArg() and
5755
sense = true
5856
or
5957
test.(UnaryExprNode).getNode().getOp() instanceof Not and
6058
exists(ControlFlowNode nested_test |
6159
nested_test = test.(UnaryExprNode).getOperand() and
62-
clears_taint_on_true(final_test, nested_test, sense.booleanNot(), edge_refinement)
60+
clears_taint_on_true(nested_test, sense.booleanNot(), edge_refinement)
6361
)
6462
)
6563
}

0 commit comments

Comments
 (0)