Python: Make exception info concept local

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/manage.py

@@ -9,7 +9,7 @@ def main():
     os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'testproj.settings')
     try:
         from django.core.management import execute_from_command_line
-    except ImportError as exc:  #$ errorInfoSource exceptionSource
+    except ImportError as exc:
         raise ImportError(
             "Couldn't import Django. Are you sure it's installed and "
             "available on your PYTHONPATH environment variable? Did you "

python/ql/test/experimental/library-tests/frameworks/stdlib-py3/Exceptions.py

@@ -1,10 +0,0 @@
-try:
-    1+2
-except Exception as e:  #$ exceptionSource errorInfoSource
-    e
-
-def test_exception():
-    try:
-        1+2
-    except Exception as e:  #$ exceptionSource errorInfoSource
-        e

python/ql/test/experimental/library-tests/frameworks/stdlib-py3/Stacktrace.py

@@ -1,15 +0,0 @@
-import sys, traceback
-
-try:
-    1/0
-except:
-    exc_type, exc_value, exc_traceback = sys.exc_info() #$ errorInfoSource
-
-    tb = traceback.extract_tb(exc_traceback) #$ errorInfoSource
-    stack = traceback.extract_stack() #$ errorInfoSource
-    print(traceback.format_exc(1, tb)) #$ errorInfoSource
-    print(traceback.format_exception(exc_type, exc_value, exc_traceback)) #$ errorInfoSource
-    print(traceback.format_exception_only(None, exc_value)) #$ errorInfoSource
-    print(traceback.format_list(stack)) #$ errorInfoSource
-    print(traceback.format_stack()) #$ errorInfoSource
-    print(traceback.format_tb(exc_traceback)) #$ errorInfoSource

python/ql/test/experimental/meta/ConceptsTest.qll

@@ -319,35 +319,3 @@ class SafeAccessCheckTest extends InlineExpectationsTest {
     )
   }
 }
-
-class ErrorInfoSourceTest extends InlineExpectationsTest {
-  ErrorInfoSourceTest() { this = "ErrorInfoSourceTest" }
-
-  override string getARelevantTag() { result = "errorInfoSource" }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(location.getFile().getRelativePath()) and
-    exists(ErrorInfoSource e |
-      location = e.getLocation() and
-      element = e.toString() and
-      value = "" and
-      tag = "errorInfoSource"
-    )
-  }
-}
-
-class ExceptionSourceTest extends InlineExpectationsTest {
-  ExceptionSourceTest() { this = "ExceptionSourceTest" }
-
-  override string getARelevantTag() { result = "exceptionSource" }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(location.getFile().getRelativePath()) and
-    exists(ExceptionSource e |
-      location = e.getLocation() and
-      element = e.toString() and
-      value = "" and
-      tag = "exceptionSource"
-    )
-  }
-}

python/ql/test/query-tests/Security/CWE-209/ExceptionInfo.ql

@@ -0,0 +1,20 @@
+import python
+import semmle.python.dataflow.new.DataFlow
+import TestUtilities.InlineExpectationsTest
+import semmle.python.security.dataflow.ExceptionInfo
+
+class ExceptionInfoTest extends InlineExpectationsTest {
+  ExceptionInfoTest() { this = "ExceptionInfoTest" }
+
+  override string getARelevantTag() { result = "exceptionInfo" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(location.getFile().getRelativePath()) and
+    exists(ExceptionInfo e |
+      location = e.getLocation() and
+      element = e.toString() and
+      value = "" and
+      tag = "exceptionInfo"
+    )
+  }
+}

python/ql/test/query-tests/Security/CWE-209/Exceptions.py

@@ -0,0 +1,10 @@
+try:
+    1+2
+except Exception as e:  #$ exceptionInfo
+    e
+
+def test_exception():
+    try:
+        1+2
+    except Exception as e:  #$ exceptionInfo
+        e

python/ql/test/query-tests/Security/CWE-209/Stacktrace.py

@@ -0,0 +1,15 @@
+import sys, traceback
+
+try:
+    1/0
+except:
+    exc_type, exc_value, exc_traceback = sys.exc_info() #$ exceptionInfo
+
+    tb = traceback.extract_tb(exc_traceback) #$ exceptionInfo
+    stack = traceback.extract_stack() #$ exceptionInfo
+    print(traceback.format_exc(1, tb)) #$ exceptionInfo
+    print(traceback.format_exception(exc_type, exc_value, exc_traceback)) #$ exceptionInfo
+    print(traceback.format_exception_only(None, exc_value)) #$ exceptionInfo
+    print(traceback.format_list(stack)) #$ exceptionInfo
+    print(traceback.format_stack()) #$ exceptionInfo
+    print(traceback.format_tb(exc_traceback)) #$ exceptionInfo

python/ql/test/query-tests/Security/CWE-209/test.py

@@ -12,16 +12,16 @@ def do_computation():
 def server_bad():
     try:
         do_computation()
-    except Exception as e:
-        return traceback.format_exc()
+    except Exception as e:  #$ exceptionInfo
+        return traceback.format_exc()  #$ exceptionInfo
 
 # GOOD
 @app.route('/good')
 def server_good():
     try:
         do_computation()
-    except Exception as e:
-        log(traceback.format_exc())
+    except Exception as e:  #$ exceptionInfo
+        log(traceback.format_exc())  #$ exceptionInfo
         return "An internal error has occurred!"
 
 #BAD
@@ -29,8 +29,8 @@ def server_good():
 def server_bad_flow():
     try:
         do_computation()
-    except Exception as e:
-        err = traceback.format_exc()
+    except Exception as e:  #$ exceptionInfo
+        err = traceback.format_exc()  #$ exceptionInfo
         return format_error(err)
 
 def format_error(msg):