Python: Limit self argument for PotentialLibraryCall

Using the object from `MethodCallNode` meant that in the code below, `lib` from the import expression would be considered a self argument (this showed up in dataflow-consistency query results, that were not comitted... sorry) ``` from lib import func func() ```
2025-12-21 03:06:31 +01:00 · 2022-11-01 10:03:23 +01:00
parent c4122275dc
commit 478f5ffe96
2 changed files with 2 additions and 2 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll
@@ -1311,7 +1311,7 @@ class PotentialLibraryCall extends ExtractedDataFlowCall, TPotentialLibraryCall
    // potential self argument, from `foo.bar()` -- note that this could also just be a
    // module reference, but we really don't have a good way of knowing :|
    apos.isSelf() and
-    result = any(MethodCallNode mc | mc.getFunction().asCfgNode() = call.getFunction()).getObject()
+    result.asCfgNode() = call.getFunction().(AttrNode).getObject()
  }

  override ControlFlowNode getNode() { result = call }
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
@@ -348,7 +348,7 @@ class ExtractedArgumentNode extends ArgumentNode {
    normalCallArg(_, this, _)
    or
    // and self arguments
-    this = any(MethodCallNode mc).getObject()
+    this.asCfgNode() = any(CallNode c).getFunction().(AttrNode).getObject()
  }

  final override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) {