introduce, and use, API::APICallNode

python/ql/src/Security/CWE-295/RequestWithoutValidation.ql

@@ -15,41 +15,11 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.Concepts
 private import semmle.python.ApiGraphs
 
-/**
- * Gets a call to a method that makes an outgoing request using the `requests` module,
- * such as `requests.get` or `requests.put`, with the specified HTTP verb `verb`
- */
-DataFlow::CallCfgNode outgoingRequestCall(string verb) {
-  verb = HTTP::httpVerbLower() and
-  result = API::moduleImport("requests").getMember(verb).getACall()
-}
-
-/** Gets the "verfiy" argument to a outgoingRequestCall. */
-DataFlow::Node verifyArg(DataFlow::CallCfgNode call) {
-  call = outgoingRequestCall(_) and
-  result = call.getArgByName("verify")
-}
-
-/** Gets a back-reference to the verify argument `arg`. */
-private DataFlow::TypeTrackingNode verifyArgBacktracker(
-  DataFlow::TypeBackTracker t, DataFlow::Node arg
-) {
-  t.start() and
-  arg = verifyArg(_) and
-  result = arg.getALocalSource()
-  or
-  exists(DataFlow::TypeBackTracker t2 | result = verifyArgBacktracker(t2, arg).backtrack(t2, t))
-}
-
-/** Gets a back-reference to the verify argument `arg`. */
-DataFlow::LocalSourceNode verifyArgBacktracker(DataFlow::Node arg) {
-  result = verifyArgBacktracker(DataFlow::TypeBackTracker::end(), arg)
-}
-
-from DataFlow::CallCfgNode call, DataFlow::Node falseyOrigin, string verb
+from API::CallNode call, DataFlow::Node falseyOrigin, string verb
 where
-  call = outgoingRequestCall(verb) and
-  falseyOrigin = verifyArgBacktracker(verifyArg(call)) and
+  verb = HTTP::httpVerbLower() and
+  call = API::moduleImport("requests").getMember(verb).getACall() and
+  falseyOrigin = call.getNamedParameter("verify").getAValueReachingRhs() and
   // requests treats `None` as the default and all other "falsey" values as `False`.
   falseyOrigin.asExpr().(ImmutableLiteral).booleanValue() = false and
   not falseyOrigin.asExpr() instanceof None