Python: Modernise StringKind files

2026-05-01 03:35:13 +02:00 · 2020-03-06 14:45:03 +01:00
parent 3ae1aada37
commit 2416cac8f4
3 changed files with 15 additions and 19 deletions
--- a/python/ql/src/semmle/python/security/strings/Basic.qll
+++ b/python/ql/src/semmle/python/security/strings/Basic.qll
@@ -74,6 +74,7 @@ private predicate str_format(ControlFlowNode fromnode, CallNode tonode) {
    (
        tonode.getAnArg() = fromnode
        or
+        // TODO: if this case is not covered by tonode.getAnArg(), we should change it so it is :\
        tonode.getNode().getAKeyword().getValue() = fromnode.getNode()
    )
 }
@@ -93,10 +94,13 @@ private predicate encode_decode(ControlFlowNode fromnode, CallNode tonode) {
 /* tonode = str(fromnode)*/
 private predicate to_str(ControlFlowNode fromnode, CallNode tonode) {
    tonode.getAnArg() = fromnode and
-    exists(ClassObject str |
-        tonode.getFunction().refersTo(str) |
-        str = theUnicodeType() or str = theBytesType()
-    )
+    tonode = ClassValue::str().getACall()
+    // TODO: should it instead be this?
+    // (
+    //     tonode = ClassValue::bytes().getACall()
+    //     or
+    //     tonode = ClassValue::unicode().getACall()
+    // )
 }

 /* tonode = fromnode[:] */
@@ -110,11 +114,8 @@ private predicate slice(ControlFlowNode fromnode, SubscriptNode tonode) {

 /* tonode = os.path.join(..., fromnode, ...) */
 private predicate os_path_join(ControlFlowNode fromnode, CallNode tonode) {
-    exists(FunctionObject path_join |
-        path_join = ModuleObject::named("os").attr("path").(ModuleObject).attr("join")
-        and
-        tonode = path_join.getACall() and tonode.getAnArg() = fromnode 
-    )
+    tonode = Value::named("os.path.join").getACall()
+    and tonode.getAnArg() = fromnode
 }

 /** A kind of "taint", representing a dictionary mapping str->"taint" */
@@ -125,5 +126,3 @@ class StringDictKind extends DictKind {
    }

 }
-
-
--- a/python/ql/src/semmle/python/security/strings/Common.qll
+++ b/python/ql/src/semmle/python/security/strings/Common.qll
@@ -5,12 +5,12 @@ import python
 predicate copy_call(ControlFlowNode fromnode, CallNode tonode) {
    tonode.getFunction().(AttrNode).getObject("copy") = fromnode
    or
-    exists(ModuleObject copy, string name |
+    exists(ModuleValue copy, string name |
        name = "copy" or name = "deepcopy" |
-        copy.attr(name).(FunctionObject).getACall() = tonode and
+        copy.attr(name).(FunctionValue).getACall() = tonode and
        tonode.getArg(0) = fromnode
    )
    or
-    tonode.getFunction().refersTo(Object::builtin("reversed")) and
+    tonode.getFunction().pointsTo(Value::named("reversed")) and
    tonode.getArg(0) = fromnode
 }
--- a/python/ql/src/semmle/python/security/strings/External.qll
+++ b/python/ql/src/semmle/python/security/strings/External.qll
@@ -139,11 +139,8 @@ private predicate json_subscript_taint(
 }

 private predicate json_load(ControlFlowNode fromnode, CallNode tonode) {
-    exists(FunctionObject json_loads |
-        ModuleObject::named("json").attr("loads") = json_loads and
-        json_loads.getACall() = tonode and
-        tonode.getArg(0) = fromnode
-    )
+    tonode = Value::named("json.loads").getACall() and
+    tonode.getArg(0) = fromnode
 }

 private predicate urlsplit(ControlFlowNode fromnode, CallNode tonode) {