python: make DataFlowCall "publicly usable"

- add `getCallable`, `getArg` and `getNode` - these are `none` for summary calls - revert "external" uses (they had been changed to `DataFlowSourceCall`)
2025-12-21 19:26:31 +01:00 · 2022-06-23 08:32:23 +00:00
parent dd69100dcd
commit cedf9ef538
6 changed files with 27 additions and 15 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatchPointsTo.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatchPointsTo.qll
@@ -459,6 +459,18 @@ abstract class DataFlowCall extends TDataFlowCall {
  /** Gets the enclosing callable of this call. */
  abstract DataFlowCallable getEnclosingCallable();

+  /** Get the callable to which this call goes. */
+  abstract DataFlowCallable getCallable();
+
+  /**
+   * Gets the argument to this call that will be sent
+   * to the `n`th parameter of the callable.
+   */
+  abstract Node getArg(int n);
+
+  /** Get the control flow node representing this call. */
+  abstract ControlFlowNode getNode();
+
  /** Gets the location of this dataflow call. */
  abstract Location getLocation();

@@ -480,17 +492,11 @@ abstract class DataFlowCall extends TDataFlowCall {
 abstract class DataFlowSourceCall extends DataFlowCall, TDataFlowSourceCall {
  final override Location getLocation() { result = this.getNode().getLocation() }

-  /** Get the callable to which this call goes. */
-  abstract DataFlowCallable getCallable();
+  abstract override DataFlowCallable getCallable();

-  /**
-   * Gets the argument to this call that will be sent
-   * to the `n`th parameter of the callable.
-   */
-  abstract Node getArg(int n);
+  abstract override Node getArg(int n);

-  /** Get the control flow node representing this call. */
-  abstract ControlFlowNode getNode();
+  abstract override ControlFlowNode getNode();
 }

 /** A call associated with a `CallNode`. */
@@ -652,6 +658,12 @@ class SummaryCall extends DataFlowCall, TSummaryCall {

  override DataFlowCallable getEnclosingCallable() { result = c }

+  override DataFlowCallable getCallable() { none() }
+
+  override Node getArg(int n) { none() }
+
+  override ControlFlowNode getNode() { none() }
+
  override string toString() { result = "[summary] call to " + receiver + " in " + c }

  override Location getLocation() { result = c.getLocation() }
--- a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
+++ b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
@@ -69,7 +69,7 @@ class ExternalApiDataNode extends DataFlow::Node {
  int i;

  ExternalApiDataNode() {
-    exists(DataFlowPrivate::DataFlowSourceCall call |
+    exists(DataFlowPrivate::DataFlowCall call |
      exists(call.getLocation().getFile().getRelativePath())
    |
      callable = call.getCallable() and
--- a/python/ql/src/meta/analysis-quality/CallGraph.ql
+++ b/python/ql/src/meta/analysis-quality/CallGraph.ql
@@ -11,6 +11,6 @@
 import python
 import semmle.python.dataflow.new.internal.DataFlowPrivate

-from DataFlowSourceCall c, DataFlowCallableValue f
+from DataFlowCall c, DataFlowCallableValue f
 where c.getCallable() = f
 select c, "Call to $@", f.getScope(), f.toString()
--- a/python/ql/test/experimental/dataflow/TestUtil/UnresolvedCalls.qll
+++ b/python/ql/test/experimental/dataflow/TestUtil/UnresolvedCalls.qll
@@ -12,8 +12,8 @@ class UnresolvedCallExpectations extends InlineExpectationsTest {
  override predicate hasActualResult(Location location, string element, string tag, string value) {
    exists(location.getFile().getRelativePath()) and
    exists(CallNode call |
-      not exists(DataFlowPrivate::DataFlowSourceCall dfc | dfc.getNode() = call |
-        // For every `CallNode`, there is a `DataFlowSourceCall` in the form of a `NonSpecialCall`.
+      not exists(DataFlowPrivate::DataFlowCall dfc | dfc.getNode() = call |
+        // For every `CallNode`, there is a `DataFlowCall` in the form of a `NonSpecialCall`.
        // It does not really count, as it has some abstract overrides. For instance, it does not
        // define `getCallable`, so checking for the existence of this guarantees that we are in a
        // properly resolved call.
--- a/python/ql/test/experimental/dataflow/calls/DataFlowCallTest.ql
+++ b/python/ql/test/experimental/dataflow/calls/DataFlowCallTest.ql
@@ -15,7 +15,7 @@ class DataFlowCallTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    exists(location.getFile().getRelativePath()) and
-    exists(DataFlowSourceCall call |
+    exists(DataFlowCall call |
      location = call.getLocation() and
      element = call.toString()
    |
--- a/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql
+++ b/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql
@@ -22,7 +22,7 @@ class Argument1RoutingConfig extends DataFlow::Configuration {
  override predicate isSource(DataFlow::Node node) {
    node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg1"
    or
-    exists(AssignmentDefinition def, DataFlowPrivate::DataFlowSourceCall call |
+    exists(AssignmentDefinition def, DataFlowPrivate::DataFlowCall call |
      def.getVariable() = node.(DataFlow::EssaNode).getVar() and
      def.getValue() = call.getNode() and
      call.getNode().(CallNode).getFunction().(NameNode).getId().matches("With\\_%")