python: model (xpathEval from) libxml2

python/ql/lib/semmle/python/Frameworks.qll

@@ -22,6 +22,7 @@ private import semmle.python.frameworks.FlaskSqlAlchemy
 private import semmle.python.frameworks.Idna
 private import semmle.python.frameworks.Invoke
 private import semmle.python.frameworks.Jmespath
+private import semmle.python.frameworks.Libxml2
 private import semmle.python.frameworks.Lxml
 private import semmle.python.frameworks.MarkupSafe
 private import semmle.python.frameworks.Multidict

python/ql/lib/semmle/python/frameworks/Libxml2.qll

@@ -0,0 +1,48 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `libxml2` PyPI package.
+ *
+ * See
+ * - https://pypi.org/project/libxml2-python3/
+ * - http://xmlsoft.org/python.html
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+
+/**
+ * Provides classes modeling security-relevant aspects of the `libxml2` PyPI package
+ *
+ * See
+ * - https://pypi.org/project/libxml2-python3/
+ * - http://xmlsoft.org/python.html
+ */
+private module Libxml2 {
+  /**
+   * A call to the `xpathEval` method of a parsed document.
+   *
+   *    import libxml2
+   *    tree = libxml2.parseFile("file.xml")
+   *    r = tree.xpathEval('`sink`')
+   *
+   * See http://xmlsoft.org/python.html
+   */
+  class XpathEvalCall extends XPathExecution::Range, DataFlow::CallCfgNode {
+    XpathEvalCall() {
+      this =
+        API::moduleImport("libxml2")
+            .getMember("parseFile")
+            .getReturn()
+            .getMember("xpathEval")
+            .getACall()
+    }
+
+    override DataFlow::Node getXPath() { result = this.getArg(0) }
+
+    // TODO: implement when we get call nodes
+    override DataFlow::Node getTree() { none() }
+
+    override string getName() { result = "libxml2" }
+  }
+}