Python: Modernise twisted library

2026-04-30 11:15:13 +02:00 · 2019-11-28 14:27:58 +01:00
parent 4e3c183676
commit ac55e6aba6
5 changed files with 27 additions and 26 deletions
--- a/python/ql/src/semmle/python/web/twisted/Response.qll
+++ b/python/ql/src/semmle/python/web/twisted/Response.qll
@@ -8,11 +8,12 @@ import Request

 class TwistedResponse extends TaintSink {
    TwistedResponse() {
-        exists(PyFunctionObject func, string name |
+        exists(PythonFunctionValue func, string name, Return ret |
            isKnownRequestHandlerMethodName(name) and
            name = func.getName() and
            func = getTwistedRequestHandlerMethod(name) and
-            this = func.getAReturnedNode()
+            func.getScope() = ret.getScope() and
+            ret.getValue().getAFlowNode() = this
        )
    }

@@ -51,4 +52,4 @@ class TwistedResponse extends TaintSink {
    override string toString() {
        result = "Twisted request setter"
    }
-}
+}
--- a/python/ql/src/semmle/python/web/twisted/Twisted.qll
+++ b/python/ql/src/semmle/python/web/twisted/Twisted.qll
@@ -2,19 +2,19 @@ import python

 import semmle.python.security.TaintTracking

-private ClassObject theTwistedHttpRequestClass() {
-    result = ModuleObject::named("twisted.web.http").attr("Request")
+private ClassValue theTwistedHttpRequestClass() {
+    result = Value::named("twisted.web.http.Request")
 }

-private ClassObject theTwistedHttpResourceClass() {
-    result = ModuleObject::named("twisted.web.resource").attr("Resource")
+private ClassValue theTwistedHttpResourceClass() {
+    result = Value::named("twisted.web.resource.Resource")
 }

-ClassObject aTwistedRequestHandlerClass() {
-    result.getASuperType() = theTwistedHttpResourceClass()
+ClassValue aTwistedRequestHandlerClass() {
+    result.getABaseType+() = theTwistedHttpResourceClass()
 }

-FunctionObject getTwistedRequestHandlerMethod(string name) {
+FunctionValue getTwistedRequestHandlerMethod(string name) {
    result = aTwistedRequestHandlerClass().declaredAttribute(name)
 }

@@ -28,7 +28,7 @@ predicate isKnownRequestHandlerMethodName(string name) {
 * `Request` class.
 */
 predicate isTwistedRequestInstance(NameNode node) {
-    node.refersTo(_, theTwistedHttpRequestClass(), _)
+    node.pointsTo().getClass() = theTwistedHttpRequestClass()
    or
    /* In points-to analysis cannot infer that a given object is an instance of
     * the `twisted.web.http.Request` class, we also include any parameter
@@ -36,7 +36,7 @@ predicate isTwistedRequestInstance(NameNode node) {
     * class, and the appropriate arguments of known request handler methods.
     */
    exists(Function func | func = node.getScope() |
-        func.getEnclosingScope().(Class).getClassObject() = aTwistedRequestHandlerClass()
+        func.getEnclosingScope() = aTwistedRequestHandlerClass().getScope()
    ) and
    (
    /* Any parameter called `request` */
@@ -44,9 +44,9 @@ predicate isTwistedRequestInstance(NameNode node) {
    node.isParameter()
    or
    /* Any request parameter of a known request handler method */
-    exists(FunctionObject func | node.getScope() = func.getFunction() | 
+    exists(Function func | node.getScope() = func |
        isKnownRequestHandlerMethodName(func.getName()) and
-        node.getNode() = func.getFunction().getArg(1)
+        node.getNode() = func.getArg(1)
        )
    )
 }
--- a/python/ql/test/library-tests/web/twisted/Classes.ql
+++ b/python/ql/test/library-tests/web/twisted/Classes.ql
@@ -2,6 +2,6 @@ import python
 import semmle.python.TestUtils
 import semmle.python.web.twisted.Twisted

-from ClassObject cls
+from ClassValue cls
 where cls = aTwistedRequestHandlerClass()
-select cls.toString(), remove_library_prefix(cls.getPyClass().getLocation())
+select cls.toString(), remove_library_prefix(cls.getScope().getLocation())
--- a/python/ql/test/library-tests/web/twisted/Methods.expected
+++ b/python/ql/test/library-tests/web/twisted/Methods.expected
@@ -1,8 +1,8 @@
-| myrender | Function myrender | test.py:24 |
-| render | Function render | test.py:4 |
-| render | Function render | test.py:28 |
-| render | Function render | test.py:39 |
-| render | Function render | test.py:43 |
-| render_GET | Function render_GET | test.py:9 |
-| render_POST | Function render_POST | test.py:16 |
-| render_POST | Function render_POST | test.py:31 |
+| myrender | Function MyRequestHandler2.myrender | test.py:24 |
+| render | Function MyRequestHandler1.render | test.py:4 |
+| render | Function MyRequestHandler3.render | test.py:28 |
+| render | Function MyRequestHandler4.render | test.py:39 |
+| render | Function MyRequestHandler5.render | test.py:43 |
+| render_GET | Function MyRequestHandler1.render_GET | test.py:9 |
+| render_POST | Function MyRequestHandler1.render_POST | test.py:16 |
+| render_POST | Function MyRequestHandler3.render_POST | test.py:31 |
--- a/python/ql/test/library-tests/web/twisted/Methods.ql
+++ b/python/ql/test/library-tests/web/twisted/Methods.ql
@@ -2,6 +2,6 @@ import python
 import semmle.python.TestUtils
 import semmle.python.web.twisted.Twisted

-from FunctionObject func, string name
+from FunctionValue func, string name
 where func = getTwistedRequestHandlerMethod(name)
-select name, func.toString(), remove_library_prefix(func.getFunction().getLocation())
+select name, func.toString(), remove_library_prefix(func.getScope().getLocation())