codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

python: Remove `TaintStepFromSummary`

Open yoff opened this issue 1 year ago • 1 comments
trafficstars

as it should be covered by SummarizedCallableFromModel

Also move things around, to look more like the Ruby code.

Thanks to @aschackmull for finding this.

yoff avatar Feb 08 '24 11:02 yoff

So the test reveal that we lose some results by this. Specifically, we lose support for the Argument[n..] syntax. This is supported via getNodeFromInputOutputPath in ApiGraphModelsSpecific, we follow Javascript here and end up calling parseIntWithArity from the shared library. I have made this a draft until I can investigate what we need to add in order for summarized callables to support this syntax also.

yoff avatar Feb 09 '24 12:02 yoff

So the test reveal that we lose some results by this. Specifically, we lose support for the Argument[n..] syntax. This is supported via getNodeFromInputOutputPath in ApiGraphModelsSpecific, we follow Javascript here and end up calling parseIntWithArity from the shared library. I have made this a draft until I can investigate what we need to add in order for summarized callables to support this syntax also.

So what we need is to make Argument[n..] a parameter position as in Ruby. I do not immediately see any unwanted consequences of doing this, let me know if you think of any..

yoff avatar Mar 09 '24 20:03 yoff

Evaluation was uneventful. (Perhaps we could have seen some steps not being duplicated if I had turned on tuple counting..)

yoff avatar Mar 09 '24 20:03 yoff