Merge pull request #10076 from erik-krogh/ql-for-ql-fixes

various QL-for-QL fixes
2025-12-21 03:06:31 +01:00 · 2022-08-18 15:46:48 +02:00
parent 61a2c0dab5 9e7c0c6ab9
commit 4f93f2b9ba
30 changed files with 51 additions and 65 deletions
--- a/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
+++ b/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
@@ -2,7 +2,6 @@ private import python
 private import semmle.python.Concepts
 private import semmle.python.ApiGraphs
 private import semmle.python.dataflow.new.RemoteFlowSources
-private import semmle.python.dataflow.new.DataFlow

 /**
 * A data flow source of the client ip obtained according to the remote endpoint identifier specified
--- a/python/ql/test/TestUtilities/VerifyApiGraphs.qll
+++ b/python/ql/test/TestUtilities/VerifyApiGraphs.qll
@@ -84,8 +84,8 @@ class Assertion extends Comment {
  string tryExplainFailure() {
    exists(int i, API::Node nd, string prefix, string suffix |
      nd = this.lookup(i) and
-      i < getPathLength() and
-      not exists(this.lookup([i + 1 .. getPathLength()])) and
+      i < this.getPathLength() and
+      not exists(this.lookup([i + 1 .. this.getPathLength()])) and
      prefix = nd + " has no outgoing edge labelled " + this.getEdgeLabel(i) + ";" and
      if exists(nd.getASuccessor())
      then
--- a/python/tools/recorded-call-graph-metrics/ql/lib/RecordedCalls.qll
+++ b/python/tools/recorded-call-graph-metrics/ql/lib/RecordedCalls.qll
@@ -11,7 +11,7 @@ class XmlRecordedCall extends XMLElement {
  XmlCall getXmlCall() { result.getParent() = this }

  /** DEPRECATED: Alias for getXmlCall */
-  deprecated XMLCall getXMLCall() { result = getXmlCall() }
+  deprecated XMLCall getXMLCall() { result = this.getXmlCall() }

  /** Gets a call matching the recorded information. */
  Call getACall() { result = this.getXmlCall().getACall() }
@@ -20,7 +20,7 @@ class XmlRecordedCall extends XMLElement {
  XmlCallee getXmlCallee() { result.getParent() = this }

  /** DEPRECATED: Alias for getXmlCallee */
-  deprecated XMLCallee getXMLCallee() { result = getXmlCallee() }
+  deprecated XMLCallee getXMLCallee() { result = this.getXmlCallee() }

  /** Gets a python function matching the recorded information of the callee. */
  Function getAPythonCallee() { result = this.getXmlCallee().(XmlPythonCallee).getACallee() }
@@ -90,10 +90,10 @@ class XmlCall extends XMLElement {
      expr.(Name).getId() = bytecode.(XmlBytecodeVariableName).get_name_data()
      or
      expr.(Attribute).getName() = bytecode.(XmlBytecodeAttribute).get_attr_name_data() and
-      matchBytecodeExpr(expr.(Attribute).getObject(),
+      this.matchBytecodeExpr(expr.(Attribute).getObject(),
        bytecode.(XmlBytecodeAttribute).get_object_data())
      or
-      matchBytecodeExpr(expr.(Call).getFunc(), bytecode.(XmlBytecodeCall).get_function_data())
+      this.matchBytecodeExpr(expr.(Call).getFunc(), bytecode.(XmlBytecodeCall).get_function_data())
      //
      // I considered allowing a partial match as well. That is, if the bytecode
      // expression information only tells us `<unknown>.foo()`, and we find an AST