changes based on review

python/ql/lib/semmle/python/Concepts.qll

@@ -422,9 +422,8 @@ module RegexExecution {
 }
 
 /**
- * A node that is not a regular expression literal, but is used in places that
- * may interpret it as one. Instances of this class are typically strings that
- * flow to method calls like `re.compile`.
+ * A node where a string is interpreted as a regular expression,
+ * for instance an argument to `re.compile`.
  *
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `RegExpInterpretation::Range` instead.
@@ -434,9 +433,8 @@ class RegExpInterpretation extends DataFlow::Node instanceof RegExpInterpretatio
 /** Provides a class for modeling regular expression interpretations. */
 module RegExpInterpretation {
   /**
-   * A node that is not a regular expression literal, but is used in places that
-   * may interpret it as one. Instances of this class are typically strings that
-   * flow to method calls like `re.compile`.
+   * A node where a string is interpreted as a regular expression,
+   * for instance an argument to `re.compile`.
    */
   abstract class Range extends DataFlow::Node { }
 }

python/ql/lib/semmle/python/dataflow/new/Regexp.qll

@@ -26,7 +26,7 @@ deprecated module RegExpPatterns {
  * as a part of a regular expression.
  */
 class RegExpPatternSource extends DataFlow::CfgNode {
-  private DataFlow::Node sink;
+  private RegExpSink sink;
 
   RegExpPatternSource() { this = regExpSource(sink) }
 
@@ -34,7 +34,7 @@ class RegExpPatternSource extends DataFlow::CfgNode {
    * Gets a node where the pattern of this node is parsed as a part of
    * a regular expression.
    */
-  DataFlow::Node getAParse() { result = sink }
+  RegExpSink getAParse() { result = sink }
 
   /**
    * Gets the root term of the regular expression parsed from this pattern.

python/ql/lib/semmle/python/regexp/RegexTreeView.qll

@@ -525,6 +525,10 @@ module Impl implements RegexTreeViewSig {
      */
     private predicate isUnicode() { this.getText().prefix(2) = ["\\u", "\\U"] }
 
+    /**
+     * Gets the unicode char for this escape.
+     * E.g. for `\u0061` this returns "a".
+     */
     private string getUnicode() {
       result = Numbers::parseHexInt(this.getText().suffix(2)).toUnicode()
     }

python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll

@@ -26,15 +26,11 @@ private module FindRegexMode {
         call.getArg(_) = sink and
         sink instanceof Concepts::RegExpInterpretation::Range
       |
-        exists(DataFlow::CallCfgNode callNode |
-          call = callNode and
-          result =
-            mode_from_node([
-                callNode
-                    .getArg(re_member_flags_arg(callNode.(DataFlow::MethodCallNode).getMethodName())),
-                callNode.getArgByName("flags")
-              ])
-        )
+        result =
+          mode_from_node([
+              call.getArg(re_member_flags_arg(call.(DataFlow::MethodCallNode).getMethodName())),
+              call.getArgByName("flags")
+            ])
       )
     )
   }

python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll

@@ -19,11 +19,13 @@ DataFlow::LocalSourceNode strStart() { result.asExpr() instanceof StrConst }
 
 private import semmle.python.regex as Regex
 
-/** Gets a node where regular expressions that flow to the node are used. */
-DataFlow::Node regSink() {
-  result = any(Concepts::RegexExecution exec).getRegex()
-  or
-  result instanceof Concepts::RegExpInterpretation
+/** A node where regular expressions that flow to the node are used. */
+class RegExpSink extends DataFlow::Node {
+  RegExpSink() {
+    this = any(Concepts::RegexExecution exec).getRegex()
+    or
+    this instanceof Concepts::RegExpInterpretation
+  }
 }
 
 /**
@@ -32,7 +34,7 @@ DataFlow::Node regSink() {
  */
 private DataFlow::TypeTrackingNode backwards(DataFlow::TypeBackTracker t) {
   t.start() and
-  result = regSink().getALocalSource()
+  result = any(RegExpSink sink).getALocalSource()
   or
   exists(DataFlow::TypeBackTracker t2 | result = backwards(t2).backtrack(t2, t))
 }
@@ -69,7 +71,6 @@ private DataFlow::TypeTrackingNode regexTracking(DataFlow::Node start, DataFlow:
 
 /** Gets a node holding a value for the regular expression that is evaluated at `re`. */
 cached
-DataFlow::Node regExpSource(DataFlow::Node re) {
-  re = regSink() and
+DataFlow::Node regExpSource(RegExpSink re) {
   regexTracking(result, DataFlow::TypeTracker::end()).flowsTo(re)
 }