Change from Attribute to DataFlow::CallCfgNode in getRegexMethod()

2025-12-20 10:46:30 +01:00 · 2021-03-26 17:01:53 +01:00
parent c127b109d0
commit 35f1c45d32
2 changed files with 12 additions and 12 deletions
--- a/python/ql/src/experimental/semmle/python/Concepts.qll
+++ b/python/ql/src/experimental/semmle/python/Concepts.qll
@@ -26,7 +26,7 @@ module RegexExecution {
  abstract class Range extends DataFlow::Node {
    abstract DataFlow::Node getRegexNode();

-    abstract Attribute getRegexMethod();
+    abstract DataFlow::CallCfgNode getRegexMethod();
  }
 }

@@ -43,7 +43,7 @@ class RegexExecution extends DataFlow::Node {

  DataFlow::Node getRegexNode() { result = range.getRegexNode() }

-  Attribute getRegexMethod() { result = range.getRegexMethod() }
+  DataFlow::CallCfgNode getRegexMethod() { result = range.getRegexMethod() }
 }

 /** Provides classes for modeling Regular Expression escape-related APIs. */
@@ -57,7 +57,7 @@ module RegexEscape {
  abstract class Range extends DataFlow::Node {
    abstract DataFlow::Node getRegexNode();

-    abstract Attribute getEscapeMethod();
+    abstract DataFlow::CallCfgNode getEscapeMethod();
  }
 }

@@ -74,5 +74,5 @@ class RegexEscape extends DataFlow::Node {

  DataFlow::Node getRegexNode() { result = range.getRegexNode() }

-  Attribute getEscapeMethod() { result = range.getEscapeMethod() }
+  DataFlow::CallCfgNode getEscapeMethod() { result = range.getEscapeMethod() }
 }
--- a/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
@@ -21,22 +21,22 @@ private module Re {

  private class DirectRegex extends DataFlow::CallCfgNode, RegexExecution::Range {
    DataFlow::Node regexNode;
-    Attribute regexMethod;
+    DataFlow::CallCfgNode regexMethod;

    DirectRegex() {
      this = API::moduleImport("re").getMember(any(ReMethods m)).getACall() and
      regexNode = this.getArg(0) and
-      regexMethod = this.asExpr().(Attribute)
+      regexMethod = this
    }

    override DataFlow::Node getRegexNode() { result = regexNode }

-    override Attribute getRegexMethod() { result = regexMethod }
+    override DataFlow::CallCfgNode getRegexMethod() { result = regexMethod }
  }

  private class CompiledRegex extends DataFlow::CallCfgNode, RegexExecution::Range {
    DataFlow::Node regexNode;
-    Attribute regexMethod;
+    DataFlow::CallCfgNode regexMethod;

    CompiledRegex() {
      exists(DataFlow::CallCfgNode patternCall, DirectRegex reMethod |
@@ -51,21 +51,21 @@ private module Re {

    override DataFlow::Node getRegexNode() { result = regexNode }

-    override Attribute getRegexMethod() { result = regexMethod }
+    override DataFlow::CallCfgNode getRegexMethod() { result = regexMethod }
  }

  class ReEscape extends DataFlow::CallCfgNode, RegexEscape::Range {
    DataFlow::Node regexNode;
-    Attribute escapeMethod;
+    DataFlow::CallCfgNode escapeMethod;

    ReEscape() {
      this = API::moduleImport("re").getMember("escape").getACall() and
      regexNode = this.getArg(0) and
-      escapeMethod = this.asExpr().(Attribute)
+      escapeMethod = this
    }

    override DataFlow::Node getRegexNode() { result = regexNode }

-    override Attribute getEscapeMethod() { result = escapeMethod }
+    override DataFlow::CallCfgNode getEscapeMethod() { result = escapeMethod }
  }
 }