Apply suggestions

Co-authored-by: yoff <lerchedahl@gmail.com>
2026-05-01 03:35:13 +02:00 · 2021-03-24 09:34:04 +01:00
parent b27b77c38f
commit 0f20eeb395
3 changed files with 20 additions and 10 deletions
--- a/python/ql/src/semmle/python/Concepts.qll
+++ b/python/ql/src/semmle/python/Concepts.qll
@@ -666,7 +666,7 @@ module RegexExecution {
 }

 class RegexExecution extends DataFlow::Node {
-  override RegexExecution::Range range;
+  RegexExecution::Range range;

  RegexExecution() { this = range }

--- a/python/ql/src/semmle/python/frameworks/Stdlib.qll
+++ b/python/ql/src/semmle/python/frameworks/Stdlib.qll
@@ -875,25 +875,32 @@ private module Stdlib {
    }

    /** re.ReMethod(pattern, string) */
-    private class DirectRegex extends RegexExecution::Range {
+    private class DirectRegex extends DataFlow::CallCfgNode, RegexExecution::Range {
+      DataFlow::Node regexNode;
+
      DirectRegex() {
-        exists(ReMethods reMethod, DataFlow::CallCfgNode reCall |
-          reCall = API::moduleImport("re").getMember(reMethod).getACall() and
-          this = reCall.getArg(0)
-        )
+        this = API::moduleImport("re").getMember(any(ReMethods m)).getACall() and
+        regexNode = this.getArg(0)
      }
+
+      override DataFlow::Node getRegexNode() { result = regexNode }
    }

    /** re.compile(pattern).ReMethod */
-    private class CompiledRegex extends RegexExecution::Range {
+    private class CompiledRegex extends DataFlow::CallCfgNode, RegexExecution::Range {
+      DataFlow::Node regexNode;
+
      CompiledRegex() {
        exists(DataFlow::CallCfgNode patternCall, DataFlow::AttrRead reMethod |
+          this.getFunction() = reMethod and
          patternCall = API::moduleImport("re").getMember("compile").getACall() and
          patternCall = reMethod.getObject().getALocalSource() and
          reMethod.getAttributeName() instanceof ReMethods and
-          this = patternCall.getArg(0)
+          regexNode = patternCall.getArg(0)
        )
      }
+
+      override DataFlow::Node getRegexNode() { result = regexNode }
    }

    private class RegexEscape extends DataFlow::Node {
--- a/python/ql/src/semmle/python/security/dataflow/RegexInjection.qll
+++ b/python/ql/src/semmle/python/security/dataflow/RegexInjection.qll
@@ -17,7 +17,10 @@ class RegexInjectionFlowConfig extends TaintTracking::Configuration {

  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }

-  override predicate isSink(DataFlow::Node sink) { sink instanceof RegexExecution }
+ override predicate isSink(DataFlow::Node sink) { sink = any(RegexExecution re).getRegexNode() }

-  override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof RegexEscape }
+  override predicate isSanitizer(DataFlow::Node sanitizer) {
+    sanitizer =
+      API::moduleImport("re").getMember("escape").getACall().(DataFlow::CallCfgNode).getArg(0)
+  }
 }