-
Hi, I have the following false positive Python code. if not ( eee.is_awesome() or eee.is_cool() ):
raise ValueError("Bad") I am using the override predicate isSanitizer(DataFlow::Node sanitizer) {
not exists(MethodCallNode call | call.calls(sanitizer, "is_awesome") or call.calls(sanitizer, "is_cool"))
} But, I am getting the wrong results. Any help please is a welcome. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
As an initial solution : exists(MethodCallNode call, UnaryExpr u |
(call.calls(sanitizer, "is_awesome")
or
call.calls(sanitizer, "is_cool"))
and u.getOp() instanceof Not and u.getOperand() = call.asExpr()
) What could be improved please ? |
Beta Was this translation helpful? Give feedback.
-
tl;dr: Do like here Hi, you have the right approach, defining a sanitiser is what will help you here. However, I think you want to write it in the form of a barrier guard, since sanitation depends on the results of The way to achieve this is in two steps. First you write a predicate identifying those method calls and then you feed that predicate to the private predicate checksEee(DataFlow::GuardNode g, ControlFlowNode eee, boolean branch) {
exists(DataFlow::MethodCallNode mc |
g = mc.asCfgNode() and
mc.calls(_, ["is_awesome", "is_cool"]) and
eee = mc.getObject().asCfgNode() and
branch = true
)
} Notice how you are able to specify which result leads to sanitation via the boolean override predicate isSanitizer(DataFlow::Node sanitizer) {
sanitizer = DataFlow::BarrierGuard<checksEee/3>::getABarrierNode()
} |
Beta Was this translation helpful? Give feedback.
tl;dr: Do like here
Hi, you have the right approach, defining a sanitiser is what will help you here. However, I think you want to write it in the form of a barrier guard, since sanitation depends on the results of
eee.is_awesome
oreee.is_cool
. Only if such a method returns true do you want to considereee
safe.The way to achieve this is in two steps. First you write a predicate identifying those method calls and then you feed that predicate to the
BarrierGuard
module. This requires the first predicate to be of a specific form: