update from pre/postUpdate node to new forms

hohn · hohn · commit bc7cda527427 · 2025-03-05T11:12:35.000-08:00
diff --git a/SqlInjection.ql b/SqlInjection.ql
@@ -15,28 +15,12 @@ module SqliFlowConfig implements DataFlow::ConfigSig {
         // count = read(STDIN_FILENO, buf, BUFSIZE);
         exists(FunctionCall read |
             read.getTarget().getName() = "read" and
-            read.getArgument(1) = source.(DataFlow::PostUpdateNode).getPreUpdateNode().asIndirectArgument()
+            read.getArgument(1) = source.asDefiningArgument()
         )
     }
 
     predicate isBarrier(DataFlow::Node sanitizer) { none() }
 
-    // predicate isAdditionalFlowStep(DataFlow::Node into, DataFlow::Node out) {
-    //     // Extra taint step
-    //     //     snprintf(query, bufsize, "INSERT INTO users VALUES (%d, '%s')", id, info);
-    //     // But snprintf is a macro on mac os.  The actual function's name is
-    //     //     #undef snprintf
-    //     //     #define snprintf(str, len, ...) \
-    //     //       __builtin___snprintf_chk (str, len, 0, __darwin_obsz(str), __VA_ARGS__)
-    //     //     #endif
-    //     exists(FunctionCall printf |
-    //         printf.getTarget().getName().matches("%snprintf%") and
-    //         printf.getArgument(0) = out.(DataFlow::PostUpdateNode).getPreUpdateNode().asIndirectArgument() and
-    //         // very specific: shifted index for macro.
-    //         printf.getArgument(6) = into.asExpr()
-    //     )
-    // }
-
     predicate isSink(DataFlow::Node sink) {
         // rc = sqlite3_exec(db, query, NULL, 0, &zErrMsg);
         exists(FunctionCall exec |
