Python: Use Value API for sensitive data analysis.

python/ql/src/semmle/python/objects/Modules.qll

@@ -398,8 +398,11 @@ class AbsentModuleAttributeObjectInternal extends ObjectInternal, TAbsentModuleA
 
     override predicate subscriptUnknown() { any() }
 
-    /* We know what this is called, but not its innate name */
-    override string getName() { none() }
+    /* We know what this is called, but not its innate name.
+     * However, if we are looking for things by name, this is a reasonable approximation */
+    override string getName() {
+        this = TAbsentModuleAttribute(_, result)
+    }
 
     override predicate contextSensitiveCallee() { none() }
 

python/ql/src/semmle/python/security/SensitiveData.qll

@@ -110,12 +110,12 @@ module SensitiveData {
         override string repr() { result = "a certificate or key" }
     }
 
-    private SensitiveData fromFunction(FunctionObject f) {
-        result = HeuristicNames::getSensitiveDataForName(f.getName())
+    private SensitiveData fromFunction(Value func) {
+        result = HeuristicNames::getSensitiveDataForName(func.getName())
         or
         // This is particularly to pick up methods with an argument like "password", which
         // may indicate a lookup.
-        exists(string name | name = f.getFunction().getAnArg().asName().getId() |
+        exists(string name | name = func.(PythonFunctionValue).getScope().getAnArg().asName().getId() |
             result = HeuristicNames::getSensitiveDataForName(name)
         )
     }
@@ -131,7 +131,7 @@ module SensitiveData {
         SensitiveData data;
 
         SensitiveCallSource() {
-            exists(FunctionObject callee |
+            exists(Value callee |
                 callee.getACall() = this |
                 data = fromFunction(callee)
             )