Python: Modernise StringKind files

RasmusWL · RasmusWL · commit 2416cac8f4d3 · 2020-03-06T14:45:03.000+01:00
diff --git a/python/ql/src/semmle/python/security/strings/Basic.qll b/python/ql/src/semmle/python/security/strings/Basic.qll
@@ -74,6 +74,7 @@ private predicate str_format(ControlFlowNode fromnode, CallNode tonode) {
     (
         tonode.getAnArg() = fromnode
         or
+        // TODO: if this case is not covered by tonode.getAnArg(), we should change it so it is :\
         tonode.getNode().getAKeyword().getValue() = fromnode.getNode()
     )
 }
@@ -93,10 +94,13 @@ private predicate encode_decode(ControlFlowNode fromnode, CallNode tonode) {
 /* tonode = str(fromnode)*/
 private predicate to_str(ControlFlowNode fromnode, CallNode tonode) {
     tonode.getAnArg() = fromnode and
-    exists(ClassObject str |
-        tonode.getFunction().refersTo(str) |
-        str = theUnicodeType() or str = theBytesType()
-    )
+    tonode = ClassValue::str().getACall()
+    // TODO: should it instead be this?
+    // (
+    //     tonode = ClassValue::bytes().getACall()
+    //     or
+    //     tonode = ClassValue::unicode().getACall()
+    // )
 }
 
 /* tonode = fromnode[:] */
@@ -110,11 +114,8 @@ private predicate slice(ControlFlowNode fromnode, SubscriptNode tonode) {
 
 /* tonode = os.path.join(..., fromnode, ...) */
 private predicate os_path_join(ControlFlowNode fromnode, CallNode tonode) {
-    exists(FunctionObject path_join |
-        path_join = ModuleObject::named("os").attr("path").(ModuleObject).attr("join")
-        and
-        tonode = path_join.getACall() and tonode.getAnArg() = fromnode 
-    )
+    tonode = Value::named("os.path.join").getACall()
+    and tonode.getAnArg() = fromnode
 }
 
 /** A kind of "taint", representing a dictionary mapping str->"taint" */
@@ -125,5 +126,3 @@ class StringDictKind extends DictKind {
     }
 
 }
-
-
diff --git a/python/ql/src/semmle/python/security/strings/Common.qll b/python/ql/src/semmle/python/security/strings/Common.qll
@@ -5,12 +5,12 @@ import python
 predicate copy_call(ControlFlowNode fromnode, CallNode tonode) {
     tonode.getFunction().(AttrNode).getObject("copy") = fromnode
     or
-    exists(ModuleObject copy, string name |
+    exists(ModuleValue copy, string name |
         name = "copy" or name = "deepcopy" |
-        copy.attr(name).(FunctionObject).getACall() = tonode and
+        copy.attr(name).(FunctionValue).getACall() = tonode and
         tonode.getArg(0) = fromnode
     )
     or
-    tonode.getFunction().refersTo(Object::builtin("reversed")) and
+    tonode.getFunction().pointsTo(Value::named("reversed")) and
     tonode.getArg(0) = fromnode
 }
diff --git a/python/ql/src/semmle/python/security/strings/External.qll b/python/ql/src/semmle/python/security/strings/External.qll
@@ -139,11 +139,8 @@ private predicate json_subscript_taint(
 }
 
 private predicate json_load(ControlFlowNode fromnode, CallNode tonode) {
-    exists(FunctionObject json_loads |
-        ModuleObject::named("json").attr("loads") = json_loads and
-        json_loads.getACall() = tonode and
-        tonode.getArg(0) = fromnode
-    )
+    tonode = Value::named("json.loads").getACall() and
+    tonode.getArg(0) = fromnode
 }
 
 private predicate urlsplit(ControlFlowNode fromnode, CallNode tonode) {

Original file line number	Diff line number	Diff line change
`@@ -74,6 +74,7 @@ private predicate str_format(ControlFlowNode fromnode, CallNode tonode) {`
`74`	`74`	`(`
`75`	`75`	`tonode.getAnArg() = fromnode`
`76`	`76`	`or`
	`77`	`+ // TODO: if this case is not covered by tonode.getAnArg(), we should change it so it is :\`
`77`	`78`	`tonode.getNode().getAKeyword().getValue() = fromnode.getNode()`
`78`	`79`	`)`
`79`	`80`	`}`
`@@ -93,10 +94,13 @@ private predicate encode_decode(ControlFlowNode fromnode, CallNode tonode) {`
`93`	`94`	`/* tonode = str(fromnode)*/`
`94`	`95`	`private predicate to_str(ControlFlowNode fromnode, CallNode tonode) {`
`95`	`96`	`tonode.getAnArg() = fromnode and`
`96`		`- exists(ClassObject str \|`
`97`		`- tonode.getFunction().refersTo(str) \|`
`98`		`- str = theUnicodeType() or str = theBytesType()`
`99`		`- )`
	`97`	`+ tonode = ClassValue::str().getACall()`
	`98`	`+ // TODO: should it instead be this?`
	`99`	`+ // (`
	`100`	`+ // tonode = ClassValue::bytes().getACall()`
	`101`	`+ // or`
	`102`	`+ // tonode = ClassValue::unicode().getACall()`
	`103`	`+ // )`
`100`	`104`	`}`
`101`	`105`
`102`	`106`	`/* tonode = fromnode[:] */`
`@@ -110,11 +114,8 @@ private predicate slice(ControlFlowNode fromnode, SubscriptNode tonode) {`
`110`	`114`
`111`	`115`	`/* tonode = os.path.join(..., fromnode, ...) */`
`112`	`116`	`private predicate os_path_join(ControlFlowNode fromnode, CallNode tonode) {`
`113`		`- exists(FunctionObject path_join \|`
`114`		`- path_join = ModuleObject::named("os").attr("path").(ModuleObject).attr("join")`
`115`		`- and`
`116`		`- tonode = path_join.getACall() and tonode.getAnArg() = fromnode`
`117`		`- )`
	`117`	`+ tonode = Value::named("os.path.join").getACall()`
	`118`	`+ and tonode.getAnArg() = fromnode`
`118`	`119`	`}`
`119`	`120`
`120`	`121`	`/** A kind of "taint", representing a dictionary mapping str->"taint" */`
`@@ -125,5 +126,3 @@ class StringDictKind extends DictKind {`
`125`	`126`	`}`
`126`	`127`
`127`	`128`	`}`
`128`		`-`
`129`		`-`
Original file line number	Diff line number	Diff line change
`@@ -139,11 +139,8 @@ private predicate json_subscript_taint(`
`139`	`139`	`}`
`140`	`140`
`141`	`141`	`private predicate json_load(ControlFlowNode fromnode, CallNode tonode) {`
`142`		`- exists(FunctionObject json_loads \|`
`143`		`- ModuleObject::named("json").attr("loads") = json_loads and`
`144`		`- json_loads.getACall() = tonode and`
`145`		`- tonode.getArg(0) = fromnode`
`146`		`- )`
	`142`	`+ tonode = Value::named("json.loads").getACall() and`
	`143`	`+ tonode.getArg(0) = fromnode`
`147`	`144`	`}`
`148`	`145`
`149`	`146`	`private predicate urlsplit(ControlFlowNode fromnode, CallNode tonode) {`