python: fix qldocs and clean-up dead code

yoff · yoff · commit 40b61fa85fef · 2022-06-15T14:07:35.000+02:00
diff --git a/python/ql/lib/semmle/python/security/dataflow/TarSlipCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/TarSlipCustomizations.qll
@@ -90,7 +90,7 @@ module TarSlip {
     }
   }
 
-  /* Members argument to extract method */
+  /** The `members` argument `extractall` is considered a sink. */
   class ExtractMembersSink extends Sink {
     ExtractMembersSink() {
       exists(DataFlow::CallCfgNode call |
@@ -105,6 +105,10 @@ module TarSlip {
     }
   }
 
+  /**
+   * For a "check-like function name" (matching `"%path"`), `checkPath`,
+   * and a call `checkPath(info.name)`, the variable `info` is considered checked.
+   */
   class TarFileInfoSanitizer extends SanitizerGuard {
     ControlFlowNode tarInfo;
 
@@ -117,29 +121,15 @@ module TarSlip {
         attr.getObject() = tarInfo
       |
         // Assume that any test with "path" in it is a sanitizer
-        call.getAChild*().(AttrNode).getName().matches("%path")
+        call.getAChild*().(AttrNode).getName().toLowerCase().matches("%path")
         or
-        call.getAChild*().(NameNode).getId().matches("%path")
+        call.getAChild*().(NameNode).getId().toLowerCase().matches("%path")
       )
     }
 
     override predicate checks(ControlFlowNode checked, boolean branch) {
       checked = tarInfo and
       branch in [true, false]
     }
-
-    DataFlow::ExprNode shouldGuard() {
-      tarInfo.dominates(result.asCfgNode()) and
-      // exists(EssaDefinition def |
-      //   def.getAUse() = tarInfo and
-      //   def.getAUse() = result.asCfgNode()
-      // ) and
-      exists(SsaSourceVariable v |
-        v.getAUse() = tarInfo and
-        v.getAUse() = result.asCfgNode()
-      )
-    }
   }
-
-  DataFlow::ExprNode getAGuardedNode(TarFileInfoSanitizer tfis) { result = tfis.getAGuardedNode() }
 }

Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,7 @@ module TarSlip {`
`90`	`90`	`}`
`91`	`91`	`}`
`92`	`92`
`93`		`- /* Members argument to extract method */`
	`93`	+ /** The `members` argument `extractall` is considered a sink. */
`94`	`94`	`class ExtractMembersSink extends Sink {`
`95`	`95`	`ExtractMembersSink() {`
`96`	`96`	`exists(DataFlow::CallCfgNode call \|`
`@@ -105,6 +105,10 @@ module TarSlip {`
`105`	`105`	`}`
`106`	`106`	`}`
`107`	`107`
	`108`	`+ /**`
	`109`	+ * For a "check-like function name" (matching `"%path"`), `checkPath`,
	`110`	+ * and a call `checkPath(info.name)`, the variable `info` is considered checked.
	`111`	`+ */`
`108`	`112`	`class TarFileInfoSanitizer extends SanitizerGuard {`
`109`	`113`	`ControlFlowNode tarInfo;`
`110`	`114`
`@@ -117,29 +121,15 @@ module TarSlip {`
`117`	`121`	`attr.getObject() = tarInfo`
`118`	`122`	`\|`
`119`	`123`	`// Assume that any test with "path" in it is a sanitizer`
`120`		`- call.getAChild*().(AttrNode).getName().matches("%path")`
	`124`	`+ call.getAChild*().(AttrNode).getName().toLowerCase().matches("%path")`
`121`	`125`	`or`
`122`		`- call.getAChild*().(NameNode).getId().matches("%path")`
	`126`	`+ call.getAChild*().(NameNode).getId().toLowerCase().matches("%path")`
`123`	`127`	`)`
`124`	`128`	`}`
`125`	`129`
`126`	`130`	`override predicate checks(ControlFlowNode checked, boolean branch) {`
`127`	`131`	`checked = tarInfo and`
`128`	`132`	`branch in [true, false]`
`129`	`133`	`}`
`130`		`-`
`131`		`- DataFlow::ExprNode shouldGuard() {`
`132`		`- tarInfo.dominates(result.asCfgNode()) and`
`133`		`- // exists(EssaDefinition def \|`
`134`		`- // def.getAUse() = tarInfo and`
`135`		`- // def.getAUse() = result.asCfgNode()`
`136`		`- // ) and`
`137`		`- exists(SsaSourceVariable v \|`
`138`		`- v.getAUse() = tarInfo and`
`139`		`- v.getAUse() = result.asCfgNode()`
`140`		`- )`
`141`		`- }`
`142`	`134`	`}`
`143`		`-`
`144`		`- DataFlow::ExprNode getAGuardedNode(TarFileInfoSanitizer tfis) { result = tfis.getAGuardedNode() }`
`145`	`135`	`}`