Merge branch 'main' into redosPrefix

2026-05-01 03:35:13 +02:00 · 2022-08-19 19:22:49 +02:00
parent d052b1e3c9 e39475d778
commit bcf4c57060
159 changed files with 1805 additions and 1575 deletions
--- a/python/ql/lib/semmle/python/Comprehensions.qll
+++ b/python/ql/lib/semmle/python/Comprehensions.qll
@@ -68,8 +68,6 @@ class ListComp extends ListComp_, Comp {

  override Expr getIterable() { result = ListComp_.super.getIterable() }

-  override string toString() { result = ListComp_.super.toString() }
-
  override Expr getElt() { result = Comp.super.getElt() }
 }

--- a/python/ql/lib/semmle/python/Keywords.qll
+++ b/python/ql/lib/semmle/python/Keywords.qll
@@ -2,8 +2,6 @@ import python

 class KeyValuePair extends KeyValuePair_, DictDisplayItem {
  /* syntax: Expr : Expr */
-  override Location getLocation() { result = KeyValuePair_.super.getLocation() }
-
  override string toString() { result = KeyValuePair_.super.toString() }

  /** Gets the value of this dictionary unpacking. */
@@ -20,8 +18,6 @@ class KeyValuePair extends KeyValuePair_, DictDisplayItem {

 /** A double-starred expression in a call or dict literal. */
 class DictUnpacking extends DictUnpacking_, DictUnpackingOrKeyword, DictDisplayItem {
-  override Location getLocation() { result = DictUnpacking_.super.getLocation() }
-
  override string toString() { result = DictUnpacking_.super.toString() }

  /** Gets the value of this dictionary unpacking. */
@@ -47,8 +43,6 @@ abstract class DictDisplayItem extends DictItem {
 /** A keyword argument in a call. For example `arg=expr` in `foo(0, arg=expr)` */
 class Keyword extends Keyword_, DictUnpackingOrKeyword {
  /* syntax: name = Expr */
-  override Location getLocation() { result = Keyword_.super.getLocation() }
-
  override string toString() { result = Keyword_.super.toString() }

  /** Gets the value of this keyword argument. */
--- a/python/ql/lib/semmle/python/dataflow/new/internal/Attributes.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/Attributes.qll
@@ -70,9 +70,7 @@ abstract class AttrWrite extends AttrRef {
 * ```
 * Also gives access to the `value` being written, by extending `DefinitionNode`.
 */
-private class AttributeAssignmentNode extends DefinitionNode, AttrNode {
-  override ControlFlowNode getValue() { result = DefinitionNode.super.getValue() }
-}
+private class AttributeAssignmentNode extends DefinitionNode, AttrNode { }

 /** A simple attribute assignment: `object.attr = value`. */
 private class AttributeAssignmentAsAttrWrite extends AttrWrite, CfgNode {
--- a/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
+++ b/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
@@ -2,7 +2,6 @@ private import python
 private import semmle.python.Concepts
 private import semmle.python.ApiGraphs
 private import semmle.python.dataflow.new.RemoteFlowSources
-private import semmle.python.dataflow.new.DataFlow

 /**
 * A data flow source of the client ip obtained according to the remote endpoint identifier specified
--- a/python/ql/test/TestUtilities/VerifyApiGraphs.qll
+++ b/python/ql/test/TestUtilities/VerifyApiGraphs.qll
@@ -84,8 +84,8 @@ class Assertion extends Comment {
  string tryExplainFailure() {
    exists(int i, API::Node nd, string prefix, string suffix |
      nd = this.lookup(i) and
-      i < getPathLength() and
-      not exists(this.lookup([i + 1 .. getPathLength()])) and
+      i < this.getPathLength() and
+      not exists(this.lookup([i + 1 .. this.getPathLength()])) and
      prefix = nd + " has no outgoing edge labelled " + this.getEdgeLabel(i) + ";" and
      if exists(nd.getASuccessor())
      then
--- a/python/tools/recorded-call-graph-metrics/ql/lib/RecordedCalls.qll
+++ b/python/tools/recorded-call-graph-metrics/ql/lib/RecordedCalls.qll
@@ -11,7 +11,7 @@ class XmlRecordedCall extends XMLElement {
  XmlCall getXmlCall() { result.getParent() = this }

  /** DEPRECATED: Alias for getXmlCall */
-  deprecated XMLCall getXMLCall() { result = getXmlCall() }
+  deprecated XMLCall getXMLCall() { result = this.getXmlCall() }

  /** Gets a call matching the recorded information. */
  Call getACall() { result = this.getXmlCall().getACall() }
@@ -20,7 +20,7 @@ class XmlRecordedCall extends XMLElement {
  XmlCallee getXmlCallee() { result.getParent() = this }

  /** DEPRECATED: Alias for getXmlCallee */
-  deprecated XMLCallee getXMLCallee() { result = getXmlCallee() }
+  deprecated XMLCallee getXMLCallee() { result = this.getXmlCallee() }

  /** Gets a python function matching the recorded information of the callee. */
  Function getAPythonCallee() { result = this.getXmlCallee().(XmlPythonCallee).getACallee() }
@@ -90,10 +90,10 @@ class XmlCall extends XMLElement {
      expr.(Name).getId() = bytecode.(XmlBytecodeVariableName).get_name_data()
      or
      expr.(Attribute).getName() = bytecode.(XmlBytecodeAttribute).get_attr_name_data() and
-      matchBytecodeExpr(expr.(Attribute).getObject(),
+      this.matchBytecodeExpr(expr.(Attribute).getObject(),
        bytecode.(XmlBytecodeAttribute).get_object_data())
      or
-      matchBytecodeExpr(expr.(Call).getFunc(), bytecode.(XmlBytecodeCall).get_function_data())
+      this.matchBytecodeExpr(expr.(Call).getFunc(), bytecode.(XmlBytecodeCall).get_function_data())
      //
      // I considered allowing a partial match as well. That is, if the bytecode
      // expression information only tells us `<unknown>.foo()`, and we find an AST