@@ -157,7 +157,8 @@ predicate containerStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
157157 or
158158 // constructor call
159159 exists ( CallNode call | call = nodeTo .getNode ( ) |
160- call .getFunction ( ) .( NameNode ) .getId ( ) in [ "list" , "set" , "frozenset" , "dict" , "defaultdict" , "tuple" ] and
160+ call .getFunction ( ) .( NameNode ) .getId ( ) in [ "list" , "set" , "frozenset" , "dict" , "defaultdict" ,
161+ "tuple" ] and
161162 call .getArg ( 0 ) = nodeFrom .getNode ( )
162163 )
163164 or
@@ -169,17 +170,15 @@ predicate containerStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
169170 or
170171 // methods
171172 exists ( CallNode call , string name | call = nodeTo .getNode ( ) |
172- name in [
173- // general
174- "copy" , "pop" ,
175- // dict
176- "values" , "items" , "get" , "popitem"
177- ] and
173+ name in [ "copy" ,
174+ // general
175+ "pop" ,
176+ // dict
177+ "values" , "items" , "get" , "popitem" ] and
178178 call .getFunction ( ) .( AttrNode ) .getObject ( name ) = nodeFrom .getNode ( )
179179 )
180180}
181181
182-
183182/**
184183 * Holds if taint can flow from `nodeFrom` to `nodeTo` with a step related to copying.
185184 */
@@ -195,7 +194,6 @@ predicate copyStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
195194 )
196195}
197196
198-
199197/**
200198 * Holds if taint can flow from `nodeFrom` to `nodeTo` with a step related to `for`-iteration,
201199 * for example `for x in xs`, or `for x,y in points`.
@@ -208,7 +206,6 @@ predicate forStep(DataFlow::CfgNode nodeFrom, DataFlow::EssaNode nodeTo) {
208206 )
209207}
210208
211-
212209/**
213210 * Holds if taint can flow from `nodeFrom` to `nodeTo` with a step related to iterable unpacking.
214211 * Only handles normal assignment (`x,y = calc_point()`), since `for x,y in points` is handled by `forStep`.
0 commit comments