File tree Expand file tree Collapse file tree 2 files changed +10
-5
lines changed
src/semmle/python/dataflow/new/internal
test/experimental/dataflow/tainttracking/commonSanitizer Expand file tree Collapse file tree 2 files changed +10
-5
lines changed Original file line number Diff line number Diff line change @@ -360,17 +360,22 @@ module BarrierGuard {
360360 /** A validation of unknown node by comparing with a constant string value. */
361361 class StringConstCompare extends BarrierGuard , CompareNode {
362362 ControlFlowNode checked_node ;
363+ boolean safe_branch ;
363364
364365 StringConstCompare ( ) {
365- exists ( StrConst str_const |
366- this . operands ( str_const . getAFlowNode ( ) , any ( Eq eq ) , checked_node )
366+ exists ( StrConst str_const , Cmpop op |
367+ op = any ( Eq eq ) and safe_branch = true
367368 or
368- this .operands ( checked_node , any ( Eq eq ) , str_const .getAFlowNode ( ) )
369+ op = any ( NotEq ne ) and safe_branch = false
370+ |
371+ this .operands ( str_const .getAFlowNode ( ) , op , checked_node )
372+ or
373+ this .operands ( checked_node , op , str_const .getAFlowNode ( ) )
369374 )
370375 }
371376
372377 override predicate checks ( ControlFlowNode node , boolean branch ) {
373- node = checked_node and branch = true
378+ node = checked_node and branch = safe_branch
374379 }
375380 }
376381}
Original file line number Diff line number Diff line change 66| test_string_const_compare.py:35 | fail | test_eq_with_or | ts |
77| test_string_const_compare.py:37 | ok | test_eq_with_or | ts |
88| test_string_const_compare.py:43 | ok | test_non_eq1 | ts |
9- | test_string_const_compare.py:45 | fail | test_non_eq1 | ts |
9+ | test_string_const_compare.py:45 | ok | test_non_eq1 | ts |
1010| test_string_const_compare.py:51 | ok | test_non_eq2 | ts |
1111| test_string_const_compare.py:53 | fail | test_non_eq2 | ts |
1212| test_string_const_compare.py:59 | fail | test_in_list | ts |
You can’t perform that action at this time.
0 commit comments