Use getRegexModule to know used lib

python/ql/src/experimental/Security/CWE-730/RegexInjection.ql

@@ -18,11 +18,11 @@ import DataFlow::PathGraph
 
 from
   RegexInjectionFlowConfig config, DataFlow::PathNode source, DataFlow::PathNode sink,
-  Attribute sinkAttribute
+  RegexInjectionSink castedSink
 where
   config.hasFlowPath(source, sink) and
-  sinkAttribute = sink.getNode().(RegexInjectionSink).getRegexMethod()
+  castedSink = sink.getNode()
 select sink.getNode(), source, sink,
   "$@ regular expression is constructed from a $@ and executed by $@.", sink.getNode(), "This",
-  source.getNode(), "user-provided value", sinkAttribute,
-  sinkAttribute.getObject().toString() + "." + sinkAttribute.getName()
+  source.getNode(), "user-provided value", castedSink,
+  castedSink.getRegexModule() + "." + castedSink.asExpr().(Attribute).getName()

python/ql/src/experimental/semmle/python/Concepts.qll

@@ -25,6 +25,8 @@ module RegexExecution {
    */
   abstract class Range extends DataFlow::Node {
     abstract DataFlow::Node getRegexNode();
+
+    abstract string getRegexModule();
   }
 }
 
@@ -40,6 +42,8 @@ class RegexExecution extends DataFlow::Node {
   RegexExecution() { this = range }
 
   DataFlow::Node getRegexNode() { result = range.getRegexNode() }
+
+  string getRegexModule() { result = range.getRegexModule() }
 }
 
 /** Provides classes for modeling Regular Expression escape-related APIs. */

python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll

@@ -21,15 +21,15 @@ private module Re {
 
   private class DirectRegex extends DataFlow::CallCfgNode, RegexExecution::Range {
     DataFlow::Node regexNode;
-    DataFlow::CallCfgNode regexMethod;
 
     DirectRegex() {
-      // this.getLocation().getFile().getBaseName().regexpMatch("^re_(good|bad)\\.py$") and // debug
       this = API::moduleImport("re").getMember(any(ReMethods m)).getACall() and
       regexNode = this.getArg(0)
     }
 
     override DataFlow::Node getRegexNode() { result = regexNode }
+
+    override string getRegexModule() { result = "re" }
   }
 
   private class CompiledRegex extends DataFlow::CallCfgNode, RegexExecution::Range {
@@ -38,7 +38,6 @@ private module Re {
 
     CompiledRegex() {
       exists(DataFlow::CallCfgNode patternCall, DataFlow::AttrRead reMethod |
-        // this.getLocation().getFile().getBaseName().regexpMatch("^re_(good|bad)\\.py$") and // debug
         this.getFunction() = reMethod and
         patternCall = API::moduleImport("re").getMember("compile").getACall() and
         patternCall = reMethod.getObject().getALocalSource() and
@@ -48,6 +47,8 @@ private module Re {
     }
 
     override DataFlow::Node getRegexNode() { result = regexNode }
+
+    override string getRegexModule() { result = "re" }
   }
 
   class ReEscape extends DataFlow::CallCfgNode, RegexEscape::Range {

python/ql/src/experimental/semmle/python/security/injection/RegexInjection.qll

@@ -10,16 +10,16 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.dataflow.new.RemoteFlowSources
 
 class RegexInjectionSink extends DataFlow::Node {
-  Attribute regexMethod;
+  string regexModule;
 
   RegexInjectionSink() {
     exists(RegexExecution reExec |
       this = reExec.getRegexNode() and
-      regexMethod = reExec.asExpr().(Attribute)
+      regexModule = reExec.getRegexModule()
     )
   }
 
-  Attribute getRegexMethod() { result = regexMethod }
+  string getRegexModule() { result = regexModule }
 }
 
 /**