codeql/python/ql/lib/semmle/python/frameworks/Libxml2.qll

/**
 * Provides classes modeling security-relevant aspects of the `libxml2` PyPI package.
 *
 * See
 * - https://pypi.org/project/libxml2-python3/
 * - http://xmlsoft.org/python.html
 */

private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.Concepts
private import semmle.python.ApiGraphs

/**
 * Provides classes modeling security-relevant aspects of the `libxml2` PyPI package
 *
 * See
 * - https://pypi.org/project/libxml2-python3/
 * - http://xmlsoft.org/python.html
 */
private module Libxml2 {
  /**
   * A call to the `xpathEval` method of a parsed document.
   *
   *    import libxml2
   *    tree = libxml2.parseFile("file.xml")
   *    r = tree.xpathEval('`sink`')
   *
   * See http://xmlsoft.org/python.html
   */
  class XpathEvalCall extends XML::XPathExecution::Range, DataFlow::CallCfgNode {
    XpathEvalCall() {
      this =
        API::moduleImport("libxml2")
            .getMember("parseFile")
            .getReturn()
            .getMember("xpathEval")
            .getACall()
    }

    override DataFlow::Node getXPath() { result = this.getArg(0) }

    override string getName() { result = "libxml2" }
  }
}