From ce4b192caaf29f663fb77cd7063d5f310ea03946 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Wed, 21 Jul 2021 16:31:46 +0200 Subject: [PATCH] Python: Improve usefulness of RemoteFlowSourcesReach meta query Before, results from `dca` would look something like ## + py/meta/alerts/remote-flow-sources-reach - django/django@c2250cf_cb8f: tests/messages_tests/urls.py:38:16:38:48 reachable with taint-tracking from RemoteFlowSource - django/django@c2250cf_cb8f: tests/messages_tests/urls.py:38:9:38:12 reachable with taint-tracking from RemoteFlowSource now it should make it easier to spot _what_ it is that actually changed, since we pretty-print the node. --- .../src/meta/alerts/RemoteFlowSourcesReach.ql | 3 ++- .../dataflow/new/internal}/PrintNode.qll | 26 ++++++++++++++++--- .../dataflow/TestUtil/FlowTest.qll | 2 +- .../dataflow/TestUtil/RoutingTest.qll | 2 +- .../dataflow/method-calls/test.ql | 2 +- .../dataflow/tainttracking/TestTaintLib.qll | 2 +- .../test/experimental/meta/ConceptsTest.qll | 2 +- .../experimental/meta/InlineTaintTest.qll | 2 +- 8 files changed, 30 insertions(+), 11 deletions(-) rename python/ql/{test/experimental/dataflow/TestUtil => src/semmle/python/dataflow/new/internal}/PrintNode.qll (73%) diff --git a/python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql b/python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql index 1919385b165..2bece15b4b9 100644 --- a/python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql +++ b/python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql @@ -14,6 +14,7 @@ private import semmle.python.dataflow.new.DataFlow private import semmle.python.dataflow.new.TaintTracking private import semmle.python.dataflow.new.RemoteFlowSources private import meta.MetaMetrics +private import semmle.python.dataflow.new.internal.PrintNode class RemoteFlowSourceReach extends TaintTracking::Configuration { RemoteFlowSourceReach() { this = "RemoteFlowSourceReach" } @@ -43,4 +44,4 @@ class RemoteFlowSourceReach extends TaintTracking::Configuration { from RemoteFlowSourceReach cfg, DataFlow::Node reachable where cfg.hasFlow(_, reachable) -select reachable, "reachable with taint-tracking from RemoteFlowSource" +select reachable, prettyNode(reachable) diff --git a/python/ql/test/experimental/dataflow/TestUtil/PrintNode.qll b/python/ql/src/semmle/python/dataflow/new/internal/PrintNode.qll similarity index 73% rename from python/ql/test/experimental/dataflow/TestUtil/PrintNode.qll rename to python/ql/src/semmle/python/dataflow/new/internal/PrintNode.qll index 6b55beada17..234019a498c 100644 --- a/python/ql/test/experimental/dataflow/TestUtil/PrintNode.qll +++ b/python/ql/src/semmle/python/dataflow/new/internal/PrintNode.qll @@ -1,6 +1,20 @@ -import python -import semmle.python.dataflow.new.DataFlow +/** + * INTERNAL: Do not use. + * + * Provides helper predicates for pretty-printing `DataFlow::Node`s. + * + * Since these have not been performance optimized, please only use them for + * debug-queries or in tests. + */ +private import python +private import semmle.python.dataflow.new.DataFlow + +/** + * INTERNAL: Do not use. + * + * Gets the pretty-printed version of the Expr `e`. + */ string prettyExpr(Expr e) { not e instanceof Num and not e instanceof StrConst and @@ -27,7 +41,9 @@ string prettyExpr(Expr e) { } /** - * Gets pretty-printed version of the DataFlow::Node `node` + * INTERNAL: Do not use. + * + * Gets the pretty-printed version of the DataFlow::Node `node` */ bindingset[node] string prettyNode(DataFlow::Node node) { @@ -35,7 +51,9 @@ string prettyNode(DataFlow::Node node) { } /** - * Gets pretty-printed version of the DataFlow::Node `node`, that is suitable for use + * INTERNAL: Do not use. + * + * Gets the pretty-printed version of the DataFlow::Node `node`, that is suitable for use * with `TestUtilities.InlineExpectationsTest` (that is, no spaces unless required). */ bindingset[node] diff --git a/python/ql/test/experimental/dataflow/TestUtil/FlowTest.qll b/python/ql/test/experimental/dataflow/TestUtil/FlowTest.qll index f6985bf4a1e..76abcd4217f 100644 --- a/python/ql/test/experimental/dataflow/TestUtil/FlowTest.qll +++ b/python/ql/test/experimental/dataflow/TestUtil/FlowTest.qll @@ -1,7 +1,7 @@ import python import semmle.python.dataflow.new.DataFlow import TestUtilities.InlineExpectationsTest -import experimental.dataflow.TestUtil.PrintNode +private import semmle.python.dataflow.new.internal.PrintNode abstract class FlowTest extends InlineExpectationsTest { bindingset[this] diff --git a/python/ql/test/experimental/dataflow/TestUtil/RoutingTest.qll b/python/ql/test/experimental/dataflow/TestUtil/RoutingTest.qll index 03f4f8056eb..4f7e4dc3fe1 100644 --- a/python/ql/test/experimental/dataflow/TestUtil/RoutingTest.qll +++ b/python/ql/test/experimental/dataflow/TestUtil/RoutingTest.qll @@ -1,7 +1,7 @@ import python import semmle.python.dataflow.new.DataFlow import TestUtilities.InlineExpectationsTest -import experimental.dataflow.TestUtil.PrintNode +private import semmle.python.dataflow.new.internal.PrintNode /** * A routing test is designed to test that values are routed to the diff --git a/python/ql/test/experimental/dataflow/method-calls/test.ql b/python/ql/test/experimental/dataflow/method-calls/test.ql index f0cde1a1008..583dcd7e0b5 100644 --- a/python/ql/test/experimental/dataflow/method-calls/test.ql +++ b/python/ql/test/experimental/dataflow/method-calls/test.ql @@ -1,6 +1,6 @@ import python import semmle.python.dataflow.new.DataFlow -import experimental.dataflow.TestUtil.PrintNode +private import semmle.python.dataflow.new.internal.PrintNode query predicate conjunctive_lookup( DataFlow::MethodCallNode methCall, string call, string object, string methodName diff --git a/python/ql/test/experimental/dataflow/tainttracking/TestTaintLib.qll b/python/ql/test/experimental/dataflow/tainttracking/TestTaintLib.qll index f0e57d66787..40c7b245870 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/TestTaintLib.qll +++ b/python/ql/test/experimental/dataflow/tainttracking/TestTaintLib.qll @@ -1,7 +1,7 @@ import python import semmle.python.dataflow.new.TaintTracking import semmle.python.dataflow.new.DataFlow -import experimental.dataflow.TestUtil.PrintNode +private import semmle.python.dataflow.new.internal.PrintNode class TestTaintTrackingConfiguration extends TaintTracking::Configuration { TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" } diff --git a/python/ql/test/experimental/meta/ConceptsTest.qll b/python/ql/test/experimental/meta/ConceptsTest.qll index d23e3961d95..de53f053eb9 100644 --- a/python/ql/test/experimental/meta/ConceptsTest.qll +++ b/python/ql/test/experimental/meta/ConceptsTest.qll @@ -2,7 +2,7 @@ import python import semmle.python.dataflow.new.DataFlow import semmle.python.Concepts import TestUtilities.InlineExpectationsTest -import experimental.dataflow.TestUtil.PrintNode +private import semmle.python.dataflow.new.internal.PrintNode class SystemCommandExecutionTest extends InlineExpectationsTest { SystemCommandExecutionTest() { this = "SystemCommandExecutionTest" } diff --git a/python/ql/test/experimental/meta/InlineTaintTest.qll b/python/ql/test/experimental/meta/InlineTaintTest.qll index da1f084f97d..e82d1249733 100644 --- a/python/ql/test/experimental/meta/InlineTaintTest.qll +++ b/python/ql/test/experimental/meta/InlineTaintTest.qll @@ -14,7 +14,7 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import semmle.python.dataflow.new.RemoteFlowSources import TestUtilities.InlineExpectationsTest -import experimental.dataflow.TestUtil.PrintNode +private import semmle.python.dataflow.new.internal.PrintNode DataFlow::Node shouldBeTainted() { exists(DataFlow::CallCfgNode call |