hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix CompiledRegex

Browse Source
This commit is contained in:
jorgectf
2021-03-26 17:19:01 +01:00
parent 35f1c45d32
commit 36cc7b5e3f
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
View File

@@ -31,6 +31,7 @@ private module Re {
override DataFlow::Node getRegexNode() { result = regexNode }
// pending obj.this discussion
override DataFlow::CallCfgNode getRegexMethod() { result = regexMethod }
}
@@ -39,13 +40,13 @@ private module Re {
DataFlow::CallCfgNode regexMethod;
CompiledRegex() {
exists(DataFlow::CallCfgNode patternCall, DirectRegex reMethod |
this = reMethod and
exists(DataFlow::CallCfgNode patternCall, DataFlow::AttrRead reMethod |
this.getFunction() = reMethod and
patternCall = API::moduleImport("re").getMember("compile").getACall() and
patternCall = reMethod.(DataFlow::AttrRead).getObject().getALocalSource() and
patternCall = reMethod.getObject().getALocalSource() and
reMethod.getAttributeName() instanceof ReMethods and
regexNode = patternCall.getArg(0) and
// regexMethod is *not* worked out outside class instanciation because `CompiledRegex` focuses on re.compile(pattern).ReMethod
regexMethod = reMethod.getRegexMethod()
regexMethod = this
)
}