Python: Move urllib and urllib2 to be part of stdlib modeling

python/ql/lib/semmle/python/frameworks/Stdlib/Urllib.qll

@@ -0,0 +1,71 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `urllib` module, part of
+ * the Python standard library.
+ *
+ * See
+ * - https://docs.python.org/2/library/urllib.html
+ * - https://docs.python.org/3/library/urllib.html
+ */
+
+private import python
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+
+/**
+ * Provides models for the `urllib` module, part of
+ * the Python standard library.
+ *
+ * See
+ * - https://docs.python.org/2/library/urllib.html
+ * - https://docs.python.org/3/library/urllib.html
+ */
+private module Urllib {
+  /**
+   * Provides models for the `urllib.request` extension library
+   *
+   * See https://docs.python.org/3.9/library/urllib.request.html
+   */
+  module Request {
+    /**
+     * See
+     * - https://docs.python.org/3.9/library/urllib.request.html#urllib.request.Request
+     */
+    private class RequestCall extends HTTP::Client::Request::Range, DataFlow::CallCfgNode {
+      RequestCall() {
+        this = API::moduleImport("urllib").getMember("request").getMember("Request").getACall()
+      }
+
+      override DataFlow::Node getAUrlPart() { result in [this.getArg(0), this.getArgByName("url")] }
+
+      override string getFramework() { result = "urllib.request.Request" }
+
+      override predicate disablesCertificateValidation(
+        DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
+      ) {
+        // TODO: Look into disabling certificate validation
+        none()
+      }
+    }
+
+    /**
+     * See
+     * - https://docs.python.org/3.9/library/urllib.request.html#urllib.request.urlopen
+     */
+    private class UrlOpenCall extends HTTP::Client::Request::Range, DataFlow::CallCfgNode {
+      UrlOpenCall() {
+        this = API::moduleImport("urllib").getMember("request").getMember("urlopen").getACall()
+      }
+
+      override DataFlow::Node getAUrlPart() { result in [this.getArg(0), this.getArgByName("url")] }
+
+      override string getFramework() { result = "urllib.request.urlopen" }
+
+      override predicate disablesCertificateValidation(
+        DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
+      ) {
+        // TODO: Look into disabling certificate validation
+        none()
+      }
+    }
+  }
+}

python/ql/lib/semmle/python/frameworks/Stdlib/Urllib2.qll

@@ -0,0 +1,56 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `urllib2` module, part of
+ * the Python 2 standard library.
+ *
+ * See https://docs.python.org/2/library/urllib2.html
+ */
+
+private import python
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+
+/**
+ * Provides models for the the `urllib2` module, part of
+ * the Python 2 standard library.
+ *
+ * See https://docs.python.org/2/library/urllib2.html
+ */
+private module Urllib2 {
+  /**
+   * See
+   * - https://docs.python.org/2/library/urllib2.html#urllib2.Request
+   */
+  private class RequestCall extends HTTP::Client::Request::Range, DataFlow::CallCfgNode {
+    RequestCall() { this = API::moduleImport("urllib2").getMember("Request").getACall() }
+
+    override DataFlow::Node getAUrlPart() { result in [this.getArg(0), this.getArgByName("url")] }
+
+    override string getFramework() { result = "urllib2.Request" }
+
+    override predicate disablesCertificateValidation(
+      DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
+    ) {
+      // TODO: Look into disabling certificate validation
+      none()
+    }
+  }
+
+  /**
+   * See
+   * - https://docs.python.org/2/library/urllib2.html#urllib2.urlopen
+   */
+  private class UrlOpenCall extends HTTP::Client::Request::Range, DataFlow::CallCfgNode {
+    UrlOpenCall() { this = API::moduleImport("urllib2").getMember("urlopen").getACall() }
+
+    override DataFlow::Node getAUrlPart() { result in [this.getArg(0), this.getArgByName("url")] }
+
+    override string getFramework() { result = "urllib2.urlopen" }
+
+    override predicate disablesCertificateValidation(
+      DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
+    ) {
+      // TODO: Look into disabling certificate validation
+      none()
+    }
+  }
+}