Python: Only interested in StrConst

Author: RasmusWL

python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeySource.qll

@@ -11,12 +11,12 @@ class WebAppConstantSecretKeySource extends DataFlow::Node {
         env = API::moduleImport("environ").getMember("Env") and
         // has default value
         exists(API::Node param | param = env.getKeywordParameter("SECRET_KEY") |
-          param.asSink().asExpr().getASubExpression*().isConstant()
+          param.asSink().asExpr().getASubExpression*() instanceof StrConst
         ) and
         this = env.getReturn().getReturn().asSource()
       )
       or
-      this.asExpr().isConstant()
+      this.asExpr() instanceof StrConst
       or
       exists(API::CallNode cn |
         cn =
@@ -25,7 +25,7 @@ class WebAppConstantSecretKeySource extends DataFlow::Node {
             API::moduleImport("os").getMember("environ").getMember("get").getACall()
           ] and
         cn.getNumArgument() = 2 and
-        DataFlow::localFlow(any(DataFlow::Node n | n.asExpr().isConstant()), cn.getArg(1)) and
+        DataFlow::localFlow(any(DataFlow::Node n | n.asExpr() instanceof StrConst), cn.getArg(1)) and
         this.asExpr() = cn.asExpr()
       )
     ) and