Python: Use StringValue instead of Value::forString

RasmusWL · RasmusWL · commit f3ab52b1febf · 2020-02-17T14:41:32.000+01:00
diff --git a/python/ql/src/Security/CWE-022/TarSlip.ql b/python/ql/src/Security/CWE-022/TarSlip.ql
@@ -40,7 +40,7 @@ class TarfileOpen extends TaintSource {
          * this tarfile is safe.
          */
 
-        not this.(CallNode).getAnArg().pointsTo(Value::forString(_)) and
+        not this.(CallNode).getAnArg().pointsTo(any(StringValue str)) and
         /* Ignore opens within the tarfile module itself */
         not this.(ControlFlowNode).getLocation().getFile().getBaseName() = "tarfile.py"
     }

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ class TarfileOpen extends TaintSource {`
`40`	`40`	`* this tarfile is safe.`
`41`	`41`	`*/`
`42`	`42`
`43`		`- not this.(CallNode).getAnArg().pointsTo(Value::forString(_)) and`
	`43`	`+ not this.(CallNode).getAnArg().pointsTo(any(StringValue str)) and`
`44`	`44`	`/* Ignore opens within the tarfile module itself */`
`45`	`45`	`not this.(ControlFlowNode).getLocation().getFile().getBaseName() = "tarfile.py"`
`46`	`46`	`}`