hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

RegexExecution restructuring

Browse Source
This commit is contained in:
jorgectf
2021-03-19 18:07:39 +01:00
parent 3daec8e6a2
commit b207929e0a
2 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
python/ql/src/semmle/python/Concepts.qll
View File

@@ -656,9 +656,21 @@ class CompiledRegex extends DataFlow::Node {
class RegexExecution extends DataFlow::Node {
RegexExecution() { this instanceof DirectRegex or this instanceof CompiledRegex } // How should this be cross-imported with Stdlib?
}
/*
*/
class RegexEscape extends DataFlow::Node {
RegexEscape() {
this = API::moduleImport("re").getMember("escape").getACall().(DataFlow::CallCfgNode).getArg(0)
module RegexExecution {
abstract class Range extends DataFlow::Node {
DataFlow::Node getRegexNode() {
result instanceof DirectRegex or result instanceof CompiledRegex
}
}
}
class RegexExecution extends DataFlow::Node {
override RegexExecution::Range range;
RegexExecution() { this = range }
DataFlow::Node getRegexNode() { result = range.getRegexNode() }
}

9
python/ql/src/semmle/python/frameworks/Stdlib.qll
View File

@@ -885,7 +885,7 @@ private module Stdlib {
}
/** re.compile(pattern).ReMethod */
class CompiledRegex extends DataFlow::Node {
private class CompiledRegex extends DataFlow::Node {
CompiledRegex() {
exists(DataFlow::CallCfgNode patternCall, DataFlow::AttrRead reMethod |
patternCall = API::moduleImport("re").getMember("compile").getACall() and
@@ -895,6 +895,13 @@ private module Stdlib {
)
}
}
private class RegexEscape extends Concepts::RegexExecution {
RegexEscape() {
this =
API::moduleImport("re").getMember("escape").getACall().(DataFlow::CallCfgNode).getArg(0)
}
}
}
}