Python: Add CodeExecution concept

python/ql/src/experimental/semmle/python/Concepts.qll

@@ -38,3 +38,32 @@ module SystemCommandExecution {
     abstract DataFlow::Node getCommand();
   }
 }
+
+/**
+ * A data-flow node that dynamically executes Python code.
+ *
+ * Extend this class to refine existing API models. If you want to model new APIs,
+ * extend `CodeExecution::Range` instead.
+ */
+class CodeExecution extends DataFlow::Node {
+  CodeExecution::Range range;
+
+  CodeExecution() { this = range }
+
+  /** Gets the argument that specifies the code to be executed. */
+  DataFlow::Node getCode() { result = range.getCode() }
+}
+
+/** Provides a class for modeling new dynamic code execution APIs. */
+module CodeExecution {
+  /**
+   * A data-flow node that dynamically executes Python code.
+   *
+   * Extend this class to model new APIs. If you want to refine existing API models,
+   * extend `CodeExecution` instead.
+   */
+  abstract class Range extends DataFlow::Node {
+    /** Gets the argument that specifies the code to be executed. */
+    abstract DataFlow::Node getCode();
+  }
+}

python/ql/test/experimental/meta/ConceptsTest.qll

@@ -32,3 +32,20 @@ class SystemCommandExecutionTest extends InlineExpectationsTest {
     )
   }
 }
+
+class CodeExecutionTest extends InlineExpectationsTest {
+  CodeExecutionTest() { this = "CodeExecutionTest" }
+
+  override string getARelevantTag() { result = "getCode" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(CodeExecution ce, DataFlow::Node code |
+      exists(location.getFile().getRelativePath()) and
+      code = ce.getCode() and
+      location = code.getLocation() and
+      element = code.toString() and
+      value = value_from_expr(code.asExpr()) and
+      tag = "getCode"
+    )
+  }
+}