Python: Modernise remaining web libraries.

python/ql/src/semmle/python/objects/ObjectAPI.qll

@@ -643,6 +643,11 @@ module ClassValue {
         result = TBuiltinClassObject(Builtin::special("bool"))
     }
 
+    /** Get the `ClassValue` for the `dict` class. */
+    ClassValue dict() {
+        result = TBuiltinClassObject(Builtin::special("dict"))
+    }
+
     /** Get the `ClassValue` for the class of Python functions. */
     ClassValue function() {
         result = TBuiltinClassObject(Builtin::special("FunctionType"))

python/ql/src/semmle/python/web/Http.qll

@@ -19,17 +19,17 @@ class WsgiEnvironment extends TaintKind {
         result = this and Implementation::copyCall(fromnode, tonode)
         or
         result = this and
-        tonode.(CallNode).getFunction().refersTo(theDictType()) and
+        tonode.(CallNode).getFunction().pointsTo(ClassValue::dict()) and
         tonode.(CallNode).getArg(0) = fromnode
         or
-        exists(StringObject key, string text |
+        exists(Value key, string text |
             tonode.(CallNode).getFunction().(AttrNode).getObject("get") = fromnode and
-            tonode.(CallNode).getArg(0).refersTo(key)
+            tonode.(CallNode).getArg(0).pointsTo(key)
             or
             tonode.(SubscriptNode).getValue() = fromnode and tonode.isLoad() and
-            tonode.(SubscriptNode).getIndex().refersTo(key)
+            tonode.(SubscriptNode).getIndex().pointsTo(key)
             |
-            text = key.getText() and result instanceof ExternalStringKind and
+            key = Value::forString(text) and result instanceof ExternalStringKind and
             (
                 text = "QUERY_STRING" or
                 text = "PATH_INFO" or

python/ql/src/semmle/python/web/cherrypy/General.qll

@@ -22,23 +22,23 @@ class CherryPyRoute extends CallNode {
         this.getFunction().(AttrNode).getObject("mount").pointsTo(Value::named("cherrypy.tree"))
     }
 
-    ClassObject getAppClass() {
-        this.getArg(0).refersTo(_, result, _)
+    ClassValue getAppClass() {
+        this.getArg(0).pointsTo().getClass() = result
         or
-        this.getArgByName("root").refersTo(_, result, _)
+        this.getArgByName("root").pointsTo().getClass() = result
     }
 
     string getPath() {
-        exists(StringObject path | result = path.getText() |
-            this.getArg(1).refersTo(path)
+        exists(Value path | path = Value::forString(result) |
+            this.getArg(1).pointsTo(path)
             or
-            this.getArgByName("script_name").refersTo(path)
+            this.getArgByName("script_name").pointsTo(path)
         )
     }
 
-    Object getConfig() {
-        this.getArg(2).refersTo(_, result, _)
+    ClassValue getConfig() {
+        this.getArg(2).pointsTo().getClass() = result
         or
-        this.getArgByName("config").refersTo(_, result, _)
+        this.getArgByName("config").pointsTo().getClass() = result
     }
 }