hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Rename getAUse -> getAValueReachableFromSource

Browse Source
This commit is contained in:
Asger F
2022-06-13 10:02:14 +02:00
parent 181a53bd03
commit b096f9ec72
25 changed files with 103 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/lib/semmle/python/ApiGraphs.qll
View File

@@ -106,7 +106,7 @@ module API {
* ```
* both `obj.foo` and `x` are uses of the `foo` member from `obj`.
*/
DataFlow::Node getAUse() {
DataFlow::Node getAValueReachableFromSource() {
exists(DataFlow::LocalSourceNode src | Impl::use(this, src) |
Impl::trackUseNode(src).flowsTo(result)
)

3
python/ql/lib/semmle/python/frameworks/Aiohttp.qll
View File

@@ -626,7 +626,8 @@ module AiohttpWebModel {
// and just go with the LHS
this.asCfgNode() = subscript
|
subscript.getObject() = aiohttpResponseInstance().getMember("cookies").getAUse().asCfgNode() and
subscript.getObject() =
aiohttpResponseInstance().getMember("cookies").getAValueReachableFromSource().asCfgNode() and
value.asCfgNode() = subscript.(DefinitionNode).getValue() and
index.asCfgNode() = subscript.getIndex()
)

2
python/ql/lib/semmle/python/frameworks/Cryptodome.qll
View File

@@ -164,7 +164,7 @@ private module CryptodomeModel {
.getMember("Cipher")
.getMember(cipherName)
.getMember(modeName)
.getAUse()
.getAValueReachableFromSource()
|
result = modeName.splitAt("_", 1)
)

12
python/ql/lib/semmle/python/frameworks/Cryptography.qll
View File

@@ -145,9 +145,9 @@ private module CryptographyModel {
override int getKeySizeWithOrigin(DataFlow::Node origin) {
exists(API::Node n | n = Ecc::predefinedCurveClass(result) and origin = n.asSource() |
this.getCurveArg() = n.getAUse()
this.getCurveArg() = n.getAValueReachableFromSource()
or
this.getCurveArg() = n.getReturn().getAUse()
this.getCurveArg() = n.getReturn().getAValueReachableFromSource()
)
}
@@ -189,12 +189,12 @@ private module CryptographyModel {
.getMember("ciphers")
.getMember("Cipher")
.getACall() and
algorithmClassRef(algorithmName).getReturn().getAUse() in [
algorithmClassRef(algorithmName).getReturn().getAValueReachableFromSource() in [
call.getArg(0), call.getArgByName("algorithm")
] and
exists(DataFlow::Node modeArg | modeArg in [call.getArg(1), call.getArgByName("mode")] |
if modeArg = modeClassRef(_).getReturn().getAUse()
then modeArg = modeClassRef(modeName).getReturn().getAUse()
if modeArg = modeClassRef(_).getReturn().getAValueReachableFromSource()
then modeArg = modeClassRef(modeName).getReturn().getAValueReachableFromSource()
else modeName = "<None or unknown>"
)
)
@@ -252,7 +252,7 @@ private module CryptographyModel {
.getMember("hashes")
.getMember("Hash")
.getACall() and
algorithmClassRef(algorithmName).getReturn().getAUse() in [
algorithmClassRef(algorithmName).getReturn().getAValueReachableFromSource() in [
call.getArg(0), call.getArgByName("algorithm")
]
)

2
python/ql/lib/semmle/python/frameworks/Django.qll
View File

@@ -2799,7 +2799,7 @@ module PrivateDjango {
.getMember("decorators")
.getMember("csrf")
.getMember(decoratorName)
.getAUse() and
.getAValueReachableFromSource() and
this.asExpr() = function.getADecorator()
}

2
python/ql/lib/semmle/python/frameworks/Fabric.qll
View File

@@ -179,7 +179,7 @@ private module FabricV2 {
DataFlow::ParameterNode {
FabricTaskFirstParamConnectionInstance() {
exists(Function func |
func.getADecorator() = Fabric::Tasks::task().getAUse().asExpr() and
func.getADecorator() = Fabric::Tasks::task().getAValueReachableFromSource().asExpr() and
this.getParameter() = func.getArg(0)
)
}

16
python/ql/lib/semmle/python/frameworks/FastApi.qll
View File

@@ -90,7 +90,8 @@ private module FastApi {
private class PydanticModelRequestHandlerParam extends Pydantic::BaseModel::InstanceSource,
DataFlow::ParameterNode {
PydanticModelRequestHandlerParam() {
this.getParameter().getAnnotation() = Pydantic::BaseModel::subclassRef().getAUse().asExpr() and
this.getParameter().getAnnotation() =
Pydantic::BaseModel::subclassRef().getAValueReachableFromSource().asExpr() and
any(FastApiRouteSetup rs).getARequestHandler().getArgByName(_) = this.getParameter()
}
}
@@ -104,7 +105,8 @@ private module FastApi {
private class WebSocketRequestHandlerParam extends Starlette::WebSocket::InstanceSource,
DataFlow::ParameterNode {
WebSocketRequestHandlerParam() {
this.getParameter().getAnnotation() = Starlette::WebSocket::classRef().getAUse().asExpr() and
this.getParameter().getAnnotation() =
Starlette::WebSocket::classRef().getAValueReachableFromSource().asExpr() and
any(FastApiRouteSetup rs).getARequestHandler().getArgByName(_) = this.getParameter()
}
}
@@ -165,7 +167,7 @@ private module FastApi {
// user-defined subclasses
exists(Class cls, API::Node base |
base = getModeledResponseClass(_).getASubclass*() and
cls.getABase() = base.getAUse().asExpr() and
cls.getABase() = base.getAValueReachableFromSource().asExpr() and
responseClass.asSource().asExpr() = cls.getParent()
|
exists(Assign assign | assign = cls.getAStmt() |
@@ -257,7 +259,7 @@ private module FastApi {
override string getMimetypeDefault() {
exists(API::Node responseClass |
responseClass.getAUse() = routeSetup.getResponseClassArg() and
responseClass.getAValueReachableFromSource() = routeSetup.getResponseClassArg() and
result = getDefaultMimeType(responseClass)
)
or
@@ -274,7 +276,7 @@ private module FastApi {
FileSystemAccess::Range {
FastApiRequestHandlerFileResponseReturn() {
exists(API::Node responseClass |
responseClass.getAUse() = routeSetup.getResponseClassArg() and
responseClass.getAValueReachableFromSource() = routeSetup.getResponseClassArg() and
responseClass = getModeledResponseClass("FileResponse").getASubclass*()
)
}
@@ -292,7 +294,7 @@ private module FastApi {
HTTP::Server::HttpRedirectResponse::Range {
FastApiRequestHandlerRedirectReturn() {
exists(API::Node responseClass |
responseClass.getAUse() = routeSetup.getResponseClassArg() and
responseClass.getAValueReachableFromSource() = routeSetup.getResponseClassArg() and
responseClass = getModeledResponseClass("RedirectResponse").getASubclass*()
)
}
@@ -311,7 +313,7 @@ private module FastApi {
class RequestHandlerParam extends InstanceSource, DataFlow::ParameterNode {
RequestHandlerParam() {
this.getParameter().getAnnotation() =
getModeledResponseClass(_).getASubclass*().getAUse().asExpr() and
getModeledResponseClass(_).getASubclass*().getAValueReachableFromSource().asExpr() and
any(FastApiRouteSetup rs).getARequestHandler().getArgByName(_) = this.getParameter()
}
}

11
python/ql/lib/semmle/python/frameworks/Flask.qll
View File

@@ -305,7 +305,7 @@ module Flask {
)
or
exists(FlaskViewClass vc |
this.getViewArg() = vc.asViewResult().getAUse() and
this.getViewArg() = vc.asViewResult().getAValueReachableFromSource() and
result = vc.getARequestHandler()
)
}
@@ -339,7 +339,7 @@ module Flask {
*/
private class FlaskRequestSource extends RemoteFlowSource::Range {
FlaskRequestSource() {
this = request().getAUse() and
this = request().getAValueReachableFromSource() and
not any(Import imp).contains(this.asExpr()) and
not exists(ControlFlowNode def | this.asVar().getSourceVariable().hasDefiningNode(def) |
any(Import imp).contains(def.getNode())
@@ -357,7 +357,7 @@ module Flask {
private class InstanceTaintSteps extends InstanceTaintStepsHelper {
InstanceTaintSteps() { this = "flask.Request" }
override DataFlow::Node getInstance() { result = request().getAUse() }
override DataFlow::Node getInstance() { result = request().getAValueReachableFromSource() }
override string getAttributeName() {
result in [
@@ -415,12 +415,13 @@ module Flask {
// be able to do something more structured for providing modeling of the members
// of a container-object.
exists(API::Node files | files = request().getMember("files") |
this.asCfgNode().(SubscriptNode).getObject() = files.getAUse().asCfgNode()
this.asCfgNode().(SubscriptNode).getObject() =
files.getAValueReachableFromSource().asCfgNode()
or
this = files.getMember("get").getACall()
or
this.asCfgNode().(SubscriptNode).getObject() =
files.getMember("getlist").getReturn().getAUse().asCfgNode()
files.getMember("getlist").getReturn().getAValueReachableFromSource().asCfgNode()
)
}
}

3
python/ql/lib/semmle/python/frameworks/Invoke.qll
View File

@@ -39,7 +39,8 @@ private module Invoke {
result = InvokeModule::Context::ContextClass::classRef().getACall()
or
exists(Function func |
func.getADecorator() = invoke().getMember("task").getAUse().asExpr() and
func.getADecorator() =
invoke().getMember("task").getAValueReachableFromSource().asExpr() and
result.(DataFlow::ParameterNode).getParameter() = func.getArg(0)
)
)

2
python/ql/lib/semmle/python/frameworks/RuamelYaml.qll
View File

@@ -44,7 +44,7 @@ private module RuamelYaml {
API::moduleImport("ruamel")
.getMember("yaml")
.getMember(["SafeLoader", "BaseLoader", "CSafeLoader", "CBaseLoader"])
.getAUse()
.getAValueReachableFromSource()
)
}

32
python/ql/lib/semmle/python/frameworks/Stdlib.qll
View File

@@ -1727,15 +1727,16 @@ private module StdlibPrivate {
private DataFlow::TypeTrackingNode fieldList(DataFlow::TypeTracker t) {
t.start() and
// TODO: Should have better handling of subscripting
result.asCfgNode().(SubscriptNode).getObject() = instance().getAUse().asCfgNode()
result.asCfgNode().(SubscriptNode).getObject() =
instance().getAValueReachableFromSource().asCfgNode()
or
exists(DataFlow::TypeTracker t2 | result = fieldList(t2).track(t2, t))
}
/** Gets a reference to a list of fields. */
DataFlow::Node fieldList() {
result = getlistResult().getAUse() or
result = getvalueResult().getAUse() or
result = getlistResult().getAValueReachableFromSource() or
result = getvalueResult().getAValueReachableFromSource() or
fieldList(DataFlow::TypeTracker::end()).flowsTo(result)
}
@@ -1744,16 +1745,16 @@ private module StdlibPrivate {
t.start() and
// TODO: Should have better handling of subscripting
result.asCfgNode().(SubscriptNode).getObject() =
[instance().getAUse(), fieldList()].asCfgNode()
[instance().getAValueReachableFromSource(), fieldList()].asCfgNode()
or
exists(DataFlow::TypeTracker t2 | result = field(t2).track(t2, t))
}
/** Gets a reference to a field. */
DataFlow::Node field() {
result = getfirstResult().getAUse()
result = getfirstResult().getAValueReachableFromSource()
or
result = getvalueResult().getAUse()
result = getvalueResult().getAValueReachableFromSource()
or
field(DataFlow::TypeTracker::end()).flowsTo(result)
}
@@ -1762,20 +1763,23 @@ private module StdlibPrivate {
override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
// Methods
nodeFrom = nodeTo.(DataFlow::AttrRead).getObject() and
nodeFrom = instance().getAUse() and
nodeTo = [getvalueRef(), getfirstRef(), getlistRef()].getAUse()
nodeFrom = instance().getAValueReachableFromSource() and
nodeTo = [getvalueRef(), getfirstRef(), getlistRef()].getAValueReachableFromSource()
or
nodeFrom.asCfgNode() = nodeTo.asCfgNode().(CallNode).getFunction() and
(
nodeFrom = getvalueRef().getAUse() and nodeTo = getvalueResult().asSource()
nodeFrom = getvalueRef().getAValueReachableFromSource() and
nodeTo = getvalueResult().asSource()
or
nodeFrom = getfirstRef().getAUse() and nodeTo = getfirstResult().asSource()
nodeFrom = getfirstRef().getAValueReachableFromSource() and
nodeTo = getfirstResult().asSource()
or
nodeFrom = getlistRef().getAUse() and nodeTo = getlistResult().asSource()
nodeFrom = getlistRef().getAValueReachableFromSource() and
nodeTo = getlistResult().asSource()
)
or
// Indexing
nodeFrom in [instance().getAUse(), fieldList()] and
nodeFrom in [instance().getAValueReachableFromSource(), fieldList()] and
nodeTo.asCfgNode().(SubscriptNode).getObject() = nodeFrom.asCfgNode()
or
// Attributes on Field
@@ -3438,7 +3442,7 @@ private module StdlibPrivate {
.getMember("sax")
.getMember("handler")
.getMember("feature_external_ges")
.getAUse() and
.getAValueReachableFromSource() and
call.getStateArg().getAValueReachingRhs().asExpr().(BooleanLiteral).booleanValue() = true and
result = call.getObject()
)
@@ -3454,7 +3458,7 @@ private module StdlibPrivate {
.getMember("sax")
.getMember("handler")
.getMember("feature_external_ges")
.getAUse() and
.getAValueReachableFromSource() and
call.getStateArg().getAValueReachingRhs().asExpr().(BooleanLiteral).booleanValue() = false
)
}

6
python/ql/lib/semmle/python/frameworks/Werkzeug.qll
View File

@@ -285,7 +285,7 @@ private module WerkzeugOld {
* See https://werkzeug.palletsprojects.com/en/1.0.x/datastructures/#werkzeug.datastructures.Headers.getlist
*/
deprecated DataFlow::Node getlist() {
result = any(InstanceSourceApiNode a).getMember("getlist").getAUse()
result = any(InstanceSourceApiNode a).getMember("getlist").getAValueReachableFromSource()
}
private class MultiDictAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
@@ -331,7 +331,9 @@ private module WerkzeugOld {
abstract deprecated class InstanceSourceApiNode extends API::Node { }
/** Gets a reference to an instance of `werkzeug.datastructures.FileStorage`. */
deprecated DataFlow::Node instance() { result = any(InstanceSourceApiNode a).getAUse() }
deprecated DataFlow::Node instance() {
result = any(InstanceSourceApiNode a).getAValueReachableFromSource()
}
private class FileStorageAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {

2
python/ql/lib/semmle/python/frameworks/Yaml.qll
View File

@@ -64,7 +64,7 @@ private module Yaml {
loader_arg =
API::moduleImport("yaml")
.getMember(["SafeLoader", "BaseLoader", "CSafeLoader", "CBaseLoader"])
.getAUse()
.getAValueReachableFromSource()
)
}

4
python/ql/lib/semmle/python/frameworks/internal/PEP249Impl.qll
View File

@@ -33,7 +33,9 @@ module PEP249 {
}
/** Gets a reference to the `connect` function of a module that implements PEP 249. */
DataFlow::Node connect() { result = any(PEP249ModuleApiNode a).getMember("connect").getAUse() }
DataFlow::Node connect() {
result = any(PEP249ModuleApiNode a).getMember("connect").getAValueReachableFromSource()
}
/**
* Provides models for database connections (following PEP 249).

4
python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll
View File

@@ -152,7 +152,7 @@ private module NotExposed {
FindSubclassesSpec spec, string newAliasFullyQualified, ImportMember importMember, Module mod,
Location loc
) {
importMember = newOrExistingModeling(spec).getAUse().asExpr() and
importMember = newOrExistingModeling(spec).getAValueReachableFromSource().asExpr() and
importMember.getScope() = mod and
loc = importMember.getLocation() and
(
@@ -182,7 +182,7 @@ private module NotExposed {
// WHAT A HACK :D :D
relevantClass.getPath() =
relevantClass.getAPredecessor().getPath() + ".getMember(\"" + relevantName + "\")" and
relevantClass.getAPredecessor().getAUse().asExpr() = importStar.getModule() and
relevantClass.getAPredecessor().getAValueReachableFromSource().asExpr() = importStar.getModule() and
(
mod.isPackageInit() and
newAliasFullyQualified = mod.getPackageName() + "." + relevantName

2
python/ql/lib/semmle/python/internal/CachedStages.qll
View File

@@ -121,7 +121,7 @@ module Stages {
or
exists(any(NewDataFlow::TypeTracker t).append(_))
or
exists(any(API::Node n).getAMember().getAUse())
exists(any(API::Node n).getAMember().getAValueReachableFromSource())
}
}