Enclose Sinks and ReMethods in a module

2026-04-30 11:15:13 +02:00 · 2021-03-19 17:46:32 +01:00
parent caaf5436c6
commit 3daec8e6a2
1 changed files with 24 additions and 22 deletions
--- a/python/ql/src/semmle/python/frameworks/Stdlib.qll
+++ b/python/ql/src/semmle/python/frameworks/Stdlib.qll
@@ -868,30 +868,32 @@ private module Stdlib {
  // ---------------------------------------------------------------------------
  // re
  // ---------------------------------------------------------------------------
-  /** List of re methods. */
-  private class ReMethods extends string {
-    ReMethods() { this in ["match", "fullmatch", "search", "split", "findall", "finditer"] }
-  }
-
-  /** re.ReMethod(pattern, string) */
-  private class DirectRegex extends DataFlow::Node {
-    DirectRegex() {
-      exists(ReMethods reMethod, DataFlow::CallCfgNode reCall |
-        reCall = API::moduleImport("re").getMember(reMethod).getACall() and
-        this = reCall.getArg(0)
-      )
+  private module Re {
+    /** List of re methods. */
+    private class ReMethods extends string {
+      ReMethods() { this in ["match", "fullmatch", "search", "split", "findall", "finditer"] }
    }
-  }

-  /** re.compile(pattern).ReMethod */
-  class CompiledRegex extends DataFlow::Node {
-    CompiledRegex() {
-      exists(DataFlow::CallCfgNode patternCall, DataFlow::AttrRead reMethod |
-        patternCall = API::moduleImport("re").getMember("compile").getACall() and
-        patternCall = reMethod.getObject().getALocalSource() and
-        reMethod.getAttributeName() instanceof ReMethods and
-        this = patternCall.getArg(0)
-      )
+    /** re.ReMethod(pattern, string) */
+    private class DirectRegex extends DataFlow::Node {
+      DirectRegex() {
+        exists(ReMethods reMethod, DataFlow::CallCfgNode reCall |
+          reCall = API::moduleImport("re").getMember(reMethod).getACall() and
+          this = reCall.getArg(0)
+        )
+      }
+    }
+
+    /** re.compile(pattern).ReMethod */
+    class CompiledRegex extends DataFlow::Node {
+      CompiledRegex() {
+        exists(DataFlow::CallCfgNode patternCall, DataFlow::AttrRead reMethod |
+          patternCall = API::moduleImport("re").getMember("compile").getACall() and
+          patternCall = reMethod.getObject().getALocalSource() and
+          reMethod.getAttributeName() instanceof ReMethods and
+          this = patternCall.getArg(0)
+        )
+      }
    }
  }
 }