Merge pull request #1798 from taus-semmle/python-regex-support-short-mode-flags

Python: Support short mode flags (e.g. `re.M`) in regexes. (ODASA-8056)

python/ql/src/semmle/python/types/Extensions.qll

@@ -128,6 +128,20 @@ class BottleRoutePointToExtension extends PointsToExtension {
 
 /* Python 3.6+ regex module constants */
 
+string short_flag(string flag) {
+    (flag = "ASCII" or
+     flag = "IGNORECASE" or
+     flag = "LOCALE" or
+     flag = "UNICODE" or
+     flag = "MULTILINE" or
+     flag = "TEMPLATE")
+    and result = flag.prefix(1)
+    or
+    flag = "DOTALL" and result = "S"
+    or
+    flag = "VERBOSE" and result = "X"
+}
+
 class ReModulePointToExtension extends PointsToExtension {
 
     string name;
@@ -139,9 +153,10 @@ class ReModulePointToExtension extends PointsToExtension {
     }
 
     override predicate pointsTo(Context context, ObjectInternal value, ControlFlowNode origin) {
-        exists(ModuleObjectInternal sre_constants, CfgOrigin orig |
+        exists(ModuleObjectInternal sre_constants, CfgOrigin orig, string flag |
+            (name = flag or name = short_flag(flag)) and
             sre_constants.getName() = "sre_constants" and
-            sre_constants.attribute("SRE_FLAG_" + name, value, orig) and
+            sre_constants.attribute("SRE_FLAG_" + flag, value, orig) and
             origin = orig.asCfgNodeOrHere(this)
         )
         and pointsTo_helper(context)

python/ql/test/library-tests/regex/Mode.expected

@@ -7,3 +7,4 @@
 | 50 | VERBOSE |
 | 51 | UNICODE |
 | 52 | UNICODE |
+| 64 | MULTILINE |

python/ql/test/library-tests/regex/test.py

@@ -60,3 +60,5 @@ re.compile(r'(?:(?P<n1>^(?:|x)))')
 
 #Misparsed on LGTM
 re.compile(r"\[(?P<txt>[^[]*)\]\((?P<uri>[^)]*)")
+
+re.compile("", re.M) # ODASA-8056