Apply suggestion: use exists(var | range | formula) idiom in OsPathBasenameCall

Copilot · hvitved · web-flow · commit 3229b9052ea1 · 2026-04-16T09:46:07.000Z
Agent-Logs-Url: https://github.com/github/codeql/sessions/a319e151-8e8f-4770-b87c-12b5cdb268b8 Co-authored-by: hvitved <3667920+hvitved@users.noreply.github.com>
diff --git a/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll
@@ -118,11 +118,10 @@ module PathInjection {
   private class OsPathBasenameCall extends Sanitizer, DataFlow::CallCfgNode {
     OsPathBasenameCall() {
       exists(API::Node osPathModule |
-        (
-          osPathModule = API::moduleImport("os").getMember("path")
-          or
-          osPathModule = API::moduleImport(["posixpath", "ntpath", "genericpath"])
-        ) and
+        osPathModule = API::moduleImport("os").getMember("path")
+        or
+        osPathModule = API::moduleImport(["posixpath", "ntpath", "genericpath"])
+      |
         this = osPathModule.getMember("basename").getACall()
       )
     }
