Python: Make exception info concept local

2026-04-29 10:45:15 +02:00 · 2021-03-03 16:47:31 +01:00
parent 4196dc2291
commit f02a19669f
12 changed files with 88 additions and 140 deletions
--- a/python/ql/src/semmle/python/Concepts.qll
+++ b/python/ql/src/semmle/python/Concepts.qll
@@ -293,54 +293,6 @@ module SqlExecution {
  }
 }

-/**
- * A data-flow node that carries information about an error. Such information should
- * rarely be exposed directly to the user.
- *
- * Extend this class to refine existing API models. If you want to model new APIs,
- * extend `ErrorInfoSource::Range` instead.
- */
-class ErrorInfoSource extends DataFlow::Node {
-  ErrorInfoSource::Range range;
-
-  ErrorInfoSource() { this = range }
-}
-
-/** Provides a class for modeling new sources of error information, say via APIs. */
-module ErrorInfoSource {
-  /**
-   * A data-flow node that carries information about an error. Such information should
-   * rarely be exposed directly to the user.
-   *
-   * Extend this class to model new APIs. If you want to refine existing API models,
-   * extend `ErrorInfoSource` instead.
-   */
-  abstract class Range extends DataFlow::Node { }
-}
-
-/**
- * A data-flow node that represents the creation or introduction of an exception.
- *
- * Extend this class to refine existing API models. If you want to model new APIs,
- * extend `ExceptionSource::Range` instead.
- */
-class ExceptionSource extends ErrorInfoSource::Range {
-  ExceptionSource::Range range;
-
-  ExceptionSource() { this = range }
-}
-
-/** Provides a class for modeling new sources of exceptions, say via APIs. */
-module ExceptionSource {
-  /**
-   * A data-flow node that represents the creation or introduction of an exception.
-   *
-   * Extend this class to model new APIs. If you want to refine existing API models,
-   * extend `ExceptionSource` instead.
-   */
-  abstract class Range extends DataFlow::Node { }
-}
-
 /** Provides classes for modeling HTTP-related APIs. */
 module HTTP {
  import semmle.python.web.HttpConstants
--- a/python/ql/src/semmle/python/frameworks/Stdlib.qll
+++ b/python/ql/src/semmle/python/frameworks/Stdlib.qll
@@ -1657,33 +1657,6 @@ private module Stdlib {
  class Sqlite3 extends PEP249Module {
    Sqlite3() { this = sqlite3() }
  }
-
-  // ---------------------------------------------------------------------------
-  // traceback
-  // ---------------------------------------------------------------------------
-  /** Provides models for the `traceback` module. */
-  module traceback {
-    private class TracebackFunctionCall extends ErrorInfoSource::Range, DataFlow::CallCfgNode {
-      TracebackFunctionCall() {
-        this =
-          API::moduleImport("traceback")
-              .getMember([
-                  "extract_tb", "extract_stack", "format_list", "format_exception_only",
-                  "format_exception", "format_exc", "format_tb", "format_stack"
-                ])
-              .getACall()
-      }
-    }
-  }
-}
-
-private class CaughtException extends ExceptionSource::Range {
-  CaughtException() { this.asExpr() = any(ExceptStmt s).getName() }
-}
-
-/** A call to `sys.exc_info` */
-private class SysExcInfoCall extends ErrorInfoSource::Range, DataFlow::CallCfgNode {
-  SysExcInfoCall() { this = API::moduleImport("sys").getMember("exc_info").getACall() }
 }

 // ---------------------------------------------------------------------------
--- a/python/ql/src/semmle/python/security/dataflow/ExceptionInfo.qll
+++ b/python/ql/src/semmle/python/security/dataflow/ExceptionInfo.qll
@@ -0,0 +1,34 @@
+/** Provides classes representing various sources of information about raised exceptions. */
+
+import python
+import semmle.python.dataflow.new.DataFlow
+private import semmle.python.ApiGraphs
+
+/**
+ * A data-flow node that carries information about a raised exception.
+ * Such information should rarely be exposed directly to the user.
+ */
+abstract class ExceptionInfo extends DataFlow::Node { }
+
+/** A call to a function from the `traceback` module revealing information about a raised exception. */
+private class TracebackFunctionCall extends ExceptionInfo, DataFlow::CallCfgNode {
+  TracebackFunctionCall() {
+    this =
+      API::moduleImport("traceback")
+          .getMember([
+              "extract_tb", "extract_stack", "format_list", "format_exception_only",
+              "format_exception", "format_exc", "format_tb", "format_stack"
+            ])
+          .getACall()
+  }
+}
+
+/** A caught exception. */
+private class CaughtException extends ExceptionInfo {
+  CaughtException() { this.asExpr() = any(ExceptStmt s).getName() }
+}
+
+/** A call to `sys.exc_info`. */
+private class SysExcInfoCall extends ExceptionInfo, DataFlow::CallCfgNode {
+  SysExcInfoCall() { this = API::moduleImport("sys").getMember("exc_info").getACall() }
+}
--- a/python/ql/src/semmle/python/security/dataflow/StackTraceExposure.qll
+++ b/python/ql/src/semmle/python/security/dataflow/StackTraceExposure.qll
@@ -7,6 +7,7 @@ import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import semmle.python.Concepts
+private import ExceptionInfo

 /**
 * A taint-tracking configuration for detecting stack trace exposure.
@@ -14,7 +15,7 @@ import semmle.python.Concepts
 class StackTraceExposureConfiguration extends TaintTracking::Configuration {
  StackTraceExposureConfiguration() { this = "StackTraceExposureConfiguration" }

-  override predicate isSource(DataFlow::Node source) { source instanceof ErrorInfoSource }
+  override predicate isSource(DataFlow::Node source) { source instanceof ExceptionInfo }

  override predicate isSink(DataFlow::Node sink) {
    sink = any(HTTP::Server::HttpResponse response).getBody()