Get rid of (get)regexMethod

2025-12-20 10:46:30 +01:00 · 2021-03-27 00:36:00 +01:00
parent 18ce257fc8
commit e78e2ac266
3 changed files with 4 additions and 22 deletions
--- a/python/ql/src/experimental/semmle/python/Concepts.qll
+++ b/python/ql/src/experimental/semmle/python/Concepts.qll
@@ -25,8 +25,6 @@ module RegexExecution {
   */
  abstract class Range extends DataFlow::Node {
    abstract DataFlow::Node getRegexNode();
    abstract DataFlow::CallCfgNode getRegexMethod();
  }
 }
@@ -42,8 +40,6 @@ class RegexExecution extends DataFlow::Node {
  RegexExecution() { this = range }
  DataFlow::Node getRegexNode() { result = range.getRegexNode() }
  DataFlow::CallCfgNode getRegexMethod() { result = range.getRegexMethod() }
 }
 /** Provides classes for modeling Regular Expression escape-related APIs. */
@@ -56,8 +52,6 @@ module RegexEscape {
   */
  abstract class Range extends DataFlow::Node {
    abstract DataFlow::Node getRegexNode();
    abstract DataFlow::CallCfgNode getEscapeMethod();
  }
 }
@@ -73,6 +67,4 @@ class RegexEscape extends DataFlow::Node {
  RegexEscape() { this = range }
  DataFlow::Node getRegexNode() { result = range.getRegexNode() }
  DataFlow::CallCfgNode getEscapeMethod() { result = range.getEscapeMethod() }
 }
--- a/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
@@ -26,14 +26,10 @@ private module Re {
    DirectRegex() {
      // this.getLocation().getFile().getBaseName().regexpMatch("^re_(good|bad)\\.py$") and // debug
      this = API::moduleImport("re").getMember(any(ReMethods m)).getACall() and
-      regexNode = this.getArg(0) and
+      regexNode = this.getArg(0)
      regexMethod = this
    }
    override DataFlow::Node getRegexNode() { result = regexNode }
    // pending obj.this discussion
    override DataFlow::CallCfgNode getRegexMethod() { result = regexMethod }
  }
  private class CompiledRegex extends DataFlow::CallCfgNode, RegexExecution::Range {
@@ -47,14 +43,11 @@ private module Re {
        patternCall = API::moduleImport("re").getMember("compile").getACall() and
        patternCall = reMethod.getObject().getALocalSource() and
        reMethod.getAttributeName() instanceof ReMethods and
-        regexNode = patternCall.getArg(0) and
+        regexNode = patternCall.getArg(0)
        regexMethod = this
      )
    }
    override DataFlow::Node getRegexNode() { result = regexNode }
    override DataFlow::CallCfgNode getRegexMethod() { result = regexMethod }
  }
  class ReEscape extends DataFlow::CallCfgNode, RegexEscape::Range {
@@ -63,12 +56,9 @@ private module Re {
    ReEscape() {
      this = API::moduleImport("re").getMember("escape").getACall() and
-      regexNode = this.getArg(0) and
+      regexNode = this.getArg(0)
      escapeMethod = this
    }
    override DataFlow::Node getRegexNode() { result = regexNode }
    override DataFlow::CallCfgNode getEscapeMethod() { result = escapeMethod }
  }
 }
--- a/python/ql/src/experimental/semmle/python/security/injection/RegexInjection.qll
+++ b/python/ql/src/experimental/semmle/python/security/injection/RegexInjection.qll
@@ -15,7 +15,7 @@ class RegexInjectionSink extends DataFlow::Node {
  RegexInjectionSink() {
    exists(RegexExecution reExec |
      this = reExec.getRegexNode() and
-      regexMethod = reExec.getRegexMethod().getFunction().asExpr().(Attribute)
+      regexMethod = reExec.asExpr().(Attribute)
    )
  }