python: switch to using concepts

2025-12-21 19:26:31 +01:00 · 2022-02-09 14:36:48 +01:00
parent 17aa2898f9
commit 313f9f056c
1 changed files with 6 additions and 56 deletions
--- a/python/ql/lib/semmle/python/security/dataflow/XpathInjectionCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/XpathInjectionCustomizations.qll
@@ -6,7 +6,6 @@
 */

 private import python
-private import semmle.python.Concepts
 private import semmle.python.dataflow.new.TaintTracking
 private import semmle.python.Concepts
 private import semmle.python.ApiGraphs
@@ -40,66 +39,17 @@ module XpathInjection {
   */
  class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { }

-  /** Returns an API node referring to `lxml.etree` */
-  API::Node etree() { result = API::moduleImport("lxml").getMember("etree") }
-
-  /** Returns an API node referring to `lxml.etree` */
-  API::Node etreeFromString() { result = etree().getMember("fromstring") }
-
-  /** Returns an API node referring to `lxml.etree.parse` */
-  API::Node etreeParse() { result = etree().getMember("parse") }
-
-  /** Returns an API node referring to `lxml.etree.parse` */
-  API::Node libxml2parseFile() { result = API::moduleImport("libxml2").getMember("parseFile") }
-
  /**
-   * A Sink representing an argument to `etree.XPath` or `etree.ETXPath` call.
-   *
-   *    from lxml import etree
-   *    root = etree.XML("<xmlContent>")
-   *    find_text = etree.XPath("`sink`")
-   *    find_text = etree.ETXPath("`sink`")
+   * A construction of an XPath expression, considered as a sink.
   */
-  private class EtreeXpathArgument extends Sink {
-    EtreeXpathArgument() { this = etree().getMember(["XPath", "ETXPath"]).getACall().getArg(0) }
+  class XPathConstructionArg extends Sink {
+    XPathConstructionArg() { this = any(XPathConstruction c).getXPath() }
  }

  /**
-   * A Sink representing an argument to the `etree.XPath` call.
-   *
-   *    from lxml import etree
-   *    root =  etree.fromstring(file(XML_DB).read(), XMLParser())
-   *    find_text = root.xpath("`sink`")
+   * An execution of an XPath expression, considered as a sink.
   */
-  private class EtreeFromstringXpathArgument extends Sink {
-    EtreeFromstringXpathArgument() {
-      this = etreeFromString().getReturn().getMember("xpath").getACall().getArg(0)
-    }
-  }
-
-  /**
-   * A Sink representing an argument to the `xpath` call to a parsed xml document.
-   *
-   *    from lxml import etree
-   *    from io import StringIO
-   *    f = StringIO('<foo><bar></bar></foo>')
-   *    tree = etree.parse(f)
-   *    r = tree.xpath('`sink`')
-   */
-  private class ParseXpathArgument extends Sink {
-    ParseXpathArgument() { this = etreeParse().getReturn().getMember("xpath").getACall().getArg(0) }
-  }
-
-  /**
-   * A Sink representing an argument to the `xpathEval` call to a parsed libxml2 document.
-   *
-   *    import libxml2
-   *    tree = libxml2.parseFile("file.xml")
-   *    r = tree.xpathEval('`sink`')
-   */
-  private class ParseFileXpathEvalArgument extends Sink {
-    ParseFileXpathEvalArgument() {
-      this = libxml2parseFile().getReturn().getMember("xpathEval").getACall().getArg(0)
-    }
+  class XPathExecutionArg extends Sink {
+    XPathExecutionArg() { this = any(XPathExecution e).getXPath() }
  }
 }