Python: Use MethodCallNode for MarkupSafe string-format

RasmusWL · RasmusWL · commit c84658dff1f3 · 2021-06-30T13:58:09.000+02:00
diff --git a/python/ql/src/semmle/python/frameworks/MarkupSafe.qll b/python/ql/src/semmle/python/frameworks/MarkupSafe.qll
@@ -67,13 +67,8 @@ private module MarkupSafeModel {
     }
 
     /** A string format with `markupsafe.Markup` as the format string. */
-    class StringFormat extends Markup::InstanceSource, DataFlow::CallCfgNode {
-      StringFormat() {
-        exists(DataFlow::AttrRead attr | this.getFunction() = attr |
-          attr.getAttributeName() = "format" and
-          attr.getObject() = instance()
-        )
-      }
+    class StringFormat extends Markup::InstanceSource, DataFlow::MethodCallNode {
+      StringFormat() { this.calls(instance(), "format") }
     }
 
     /** Taint propagation for `markupsafe.Markup`. */

Original file line number	Diff line number	Diff line change
`@@ -67,13 +67,8 @@ private module MarkupSafeModel {`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	/** A string format with `markupsafe.Markup` as the format string. */
`70`		`- class StringFormat extends Markup::InstanceSource, DataFlow::CallCfgNode {`
`71`		`- StringFormat() {`
`72`		`- exists(DataFlow::AttrRead attr \| this.getFunction() = attr \|`
`73`		`- attr.getAttributeName() = "format" and`
`74`		`- attr.getObject() = instance()`
`75`		`- )`
`76`		`- }`
	`70`	`+ class StringFormat extends Markup::InstanceSource, DataFlow::MethodCallNode {`
	`71`	`+ StringFormat() { this.calls(instance(), "format") }`
`77`	`72`	`}`
`78`	`73`
`79`	`74`	/** Taint propagation for `markupsafe.Markup`. */