hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Make "..Call" modeling classes extend DataFlow::CfgNode

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-10-14 10:53:18 +02:00
parent bfa5d18476
commit b0cfa1d92d
1 changed files with 8 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
View File

@@ -394,30 +394,24 @@ private module Stdlib {
* A call to the builtin `exec` function.
* See https://docs.python.org/3/library/functions.html#exec
*/
private class BuiltinsExecCall extends CodeExecution::Range {
CallNode call;
private class BuiltinsExecCall extends CodeExecution::Range, DataFlow::CfgNode {
override CallNode node;
BuiltinsExecCall() {
this.asCfgNode() = call and
call.getFunction() = builtins_attr("exec").asCfgNode()
}
BuiltinsExecCall() { node.getFunction() = builtins_attr("exec").asCfgNode() }
override DataFlow::Node getCode() { result.asCfgNode() = call.getArg(0) }
override DataFlow::Node getCode() { result.asCfgNode() = node.getArg(0) }
}
/**
* A call to the builtin `eval` function.
* See https://docs.python.org/3/library/functions.html#eval
*/
private class BuiltinsEvalCall extends CodeExecution::Range {
CallNode call;
private class BuiltinsEvalCall extends CodeExecution::Range, DataFlow::CfgNode {
override CallNode node;
BuiltinsEvalCall() {
this.asCfgNode() = call and
call.getFunction() = builtins_attr("eval").asCfgNode()
}
BuiltinsEvalCall() { node.getFunction() = builtins_attr("eval").asCfgNode() }
override DataFlow::Node getCode() { result.asCfgNode() = call.getArg(0) }
override DataFlow::Node getCode() { result.asCfgNode() = node.getArg(0) }
}
/** An additional taint step for calls to the builtin function `compile` */