Merge pull request #2040 from RasmusWL/python-modernise-cherrypy

Python: Modernise cherrypy library
2026-05-02 04:05:14 +02:00 · 2019-09-30 11:53:59 +02:00
parent fc4a583cd9 bc8e4d2005
commit 04f14f1fe7
4 changed files with 20 additions and 66 deletions
--- a/python/ql/src/semmle/python/web/cherrypy/General.qll
+++ b/python/ql/src/semmle/python/web/cherrypy/General.qll
@@ -2,31 +2,24 @@ import python
 import semmle.python.web.Http

 module CherryPy {
-
-    FunctionObject expose() {
-        result = ModuleObject::named("cherrypy").attr("expose")
-    }
-
+    FunctionValue expose() { result = Value::named("cherrypy.expose") }
 }

 class CherryPyExposedFunction extends Function {
-
    CherryPyExposedFunction() {
-        this.getADecorator().refersTo(CherryPy::expose())
+        this.getADecorator().pointsTo(CherryPy::expose())
        or
-        this.getADecorator().(Call).getFunc().refersTo(CherryPy::expose())
+        this.getADecorator().(Call).getFunc().pointsTo(CherryPy::expose())
    }
-
 }

 class CherryPyRoute extends CallNode {
-
    CherryPyRoute() {
        /* cherrypy.quickstart(root, script_name, config) */
-        ModuleObject::named("cherrypy").attr("quickstart").(FunctionObject).getACall() = this
+        Value::named("cherrypy.quickstart").(FunctionValue).getACall() = this
        or
        /* cherrypy.tree.mount(root, script_name, config) */
-        this.getFunction().(AttrNode).getObject("mount").refersTo(ModuleObject::named("cherrypy").attr("tree"))
+        this.getFunction().(AttrNode).getObject("mount").pointsTo(Value::named("cherrypy.tree"))
    }

    ClassObject getAppClass() {
@@ -36,9 +29,7 @@ class CherryPyRoute extends CallNode {
    }

    string getPath() {
-        exists(StringObject path |
-            result = path.getText() 
-            |
+        exists(StringObject path | result = path.getText() |
            this.getArg(1).refersTo(path)
            or
            this.getArgByName("script_name").refersTo(path)
@@ -50,7 +41,4 @@ class CherryPyRoute extends CallNode {
        or
        this.getArgByName("config").refersTo(_, result, _)
    }
-
 }
-
-
--- a/python/ql/src/semmle/python/web/cherrypy/Request.qll
+++ b/python/ql/src/semmle/python/web/cherrypy/Request.qll
@@ -1,5 +1,4 @@
 import python
-
 import semmle.python.security.TaintTracking
 import semmle.python.security.strings.Basic
 import semmle.python.web.Http
@@ -7,10 +6,7 @@ import semmle.python.web.cherrypy.General

 /** The cherrypy.request local-proxy object */
 class CherryPyRequest extends TaintKind {
-
-    CherryPyRequest() {
-        this = "cherrypy.request"
-    }
+    CherryPyRequest() { this = "cherrypy.request" }

    override TaintKind getTaintOfAttribute(string name) {
        name = "params" and result instanceof ExternalStringDictKind
@@ -19,20 +15,17 @@ class CherryPyRequest extends TaintKind {
    }

    override TaintKind getTaintOfMethodResult(string name) {
-            (
-                name = "getHeader" or
-                name = "getCookie" or
-                name = "getUser" or
-                name = "getPassword"
-            ) and
-            result instanceof ExternalStringKind
+        (
+            name = "getHeader" or
+            name = "getCookie" or
+            name = "getUser" or
+            name = "getPassword"
+        ) and
+        result instanceof ExternalStringKind
    }
-
 }

-
 class CherryPyExposedFunctionParameter extends TaintSource {
-
    CherryPyExposedFunctionParameter() {
        exists(Parameter p |
            p = any(CherryPyExposedFunction f).getAnArg() and
@@ -41,29 +34,13 @@ class CherryPyExposedFunctionParameter extends TaintSource {
        )
    }

-    override string toString() {
-        result = "CherryPy handler function parameter"
-    }
-
-    override predicate isSourceOf(TaintKind kind) {
-        kind instanceof ExternalStringKind
-    }
+    override string toString() { result = "CherryPy handler function parameter" }

+    override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind }
 }

 class CherryPyRequestSource extends TaintSource {
+    CherryPyRequestSource() { this.(ControlFlowNode).pointsTo(Value::named("cherrypy.request")) }

-    CherryPyRequestSource() {
-        this.(ControlFlowNode).refersTo(ModuleObject::named("cherrypy").attr("request"))
-    }
-
-    override predicate isSourceOf(TaintKind kind) {
-        kind instanceof CherryPyRequest
-    }
-
+    override predicate isSourceOf(TaintKind kind) { kind instanceof CherryPyRequest }
 }
-
-
-
-
-
--- a/python/ql/src/semmle/python/web/cherrypy/Response.qll
+++ b/python/ql/src/semmle/python/web/cherrypy/Response.qll
@@ -1,14 +1,10 @@
 import python
-
 import semmle.python.security.TaintTracking
 import semmle.python.security.strings.Untrusted
 import semmle.python.web.Http
 import semmle.python.web.cherrypy.General

-
-
 class CherryPyExposedFunctionResult extends HttpResponseTaintSink {
-
    CherryPyExposedFunctionResult() {
        exists(Return ret |
            ret.getScope() instanceof CherryPyExposedFunction and
@@ -16,13 +12,7 @@ class CherryPyExposedFunctionResult extends HttpResponseTaintSink {
        )
    }

-    override predicate sinks(TaintKind kind) {
-        kind instanceof StringKind
-    }
-
-    override string toString() {
-        result = "cherrypy handler function result"
-    }
+    override predicate sinks(TaintKind kind) { kind instanceof StringKind }

+    override string toString() { result = "cherrypy handler function result" }
 }
-
--- a/python/ql/test/library-tests/web/cherrypy/Sources.expected
+++ b/python/ql/test/library-tests/web/cherrypy/Sources.expected
@@ -1,4 +1,3 @@
 | ../../../query-tests/Security/lib/cherrypy/__init__.py:10 | _ThreadLocalProxy() | cherrypy.request |
-| ../../../query-tests/Security/lib/cherrypy/__init__.py:10 | request | cherrypy.request |
 | test.py:10 | arg | externally controlled string |
 | test.py:16 | arg | externally controlled string |