Merge pull request #2469 from RasmusWL/python-modernise-twisted-library

Python: modernise twisted library

Author: tausbn

python/ql/src/semmle/python/objects/ObjectAPI.qll

@@ -211,7 +211,7 @@ module Value {
     }
 
     /** Gets the `Value` for the integer constant `i`, if it exists.
-     * There will be no `Value` for most integers, but the following are 
+     * There will be no `Value` for most integers, but the following are
      * guaranteed to exist:
      * * From zero to 511 inclusive.
      * * All powers of 2 (up to 2**30)
@@ -486,6 +486,11 @@ class PythonFunctionValue extends FunctionValue {
         )
     }
 
+    /** Gets a control flow node corresponding to a return statement in this function */
+    ControlFlowNode getAReturnedNode() {
+        result = this.getScope().getAReturnValueFlowNode()
+    }
+
 }
 
 /** Class representing builtin functions, such as `len` or `print` */

python/ql/src/semmle/python/web/flask/Response.qll

@@ -9,8 +9,8 @@ import semmle.python.web.flask.General
  */
 class FlaskRoutedResponse extends HttpResponseTaintSink {
     FlaskRoutedResponse() {
-        exists(PyFunctionObject response |
-            flask_routing(_, response.getFunction()) and
+        exists(PythonFunctionValue response |
+            flask_routing(_, response.getScope()) and
             this = response.getAReturnedNode()
         )
     }

python/ql/src/semmle/python/web/pyramid/Response.qll

@@ -11,8 +11,8 @@ private import semmle.python.web.Http
  */
 class PyramidRoutedResponse extends HttpResponseTaintSink {
     PyramidRoutedResponse() {
-        exists(PyFunctionObject view |
-            is_pyramid_view_function(view.getFunction()) and
+        exists(PythonFunctionValue view |
+            is_pyramid_view_function(view.getScope()) and
             this = view.getAReturnedNode()
         )
     }

python/ql/src/semmle/python/web/twisted/Request.qll

@@ -1,53 +1,35 @@
 import python
-
 import semmle.python.security.TaintTracking
 import semmle.python.web.Http
 import Twisted
 
 /** A twisted.web.http.Request object */
 class TwistedRequest extends TaintKind {
-
-    TwistedRequest() {
-        this = "twisted.request.http.Request"
-    }
+    TwistedRequest() { this = "twisted.request.http.Request" }
 
     override TaintKind getTaintOfAttribute(string name) {
         result instanceof ExternalStringSequenceDictKind and
-        (
-            name = "args"
-        )
+        name = "args"
         or
         result instanceof ExternalStringKind and
-        (
-            name = "uri"
-        )
+        name = "uri"
     }
 
     override TaintKind getTaintOfMethodResult(string name) {
-            (
-                name = "getHeader" or
-                name = "getCookie" or
-                name = "getUser" or
-                name = "getPassword"
-            ) and
-            result instanceof ExternalStringKind
+        (
+            name = "getHeader" or
+            name = "getCookie" or
+            name = "getUser" or
+            name = "getPassword"
+        ) and
+        result instanceof ExternalStringKind
     }
-
 }
 
-
 class TwistedRequestSource extends TaintSource {
+    TwistedRequestSource() { isTwistedRequestInstance(this) }
 
-    TwistedRequestSource() {
-        isTwistedRequestInstance(this)
-    }
-
-    override string toString() {
-        result = "Twisted request source"
-    }
-
-    override predicate isSourceOf(TaintKind kind) {
-        kind instanceof TwistedRequest
-    }
+    override string toString() { result = "Twisted request source" }
 
+    override predicate isSourceOf(TaintKind kind) { kind instanceof TwistedRequest }
 }

python/ql/src/semmle/python/web/twisted/Response.qll

@@ -1,5 +1,4 @@
 import python
-
 import semmle.python.security.TaintTracking
 import semmle.python.web.Http
 import semmle.python.security.strings.Basic
@@ -8,29 +7,25 @@ import Request
 
 class TwistedResponse extends TaintSink {
     TwistedResponse() {
-        exists(PyFunctionObject func, string name |
+        exists(PythonFunctionValue func, string name, Return ret |
             isKnownRequestHandlerMethodName(name) and
             name = func.getName() and
             func = getTwistedRequestHandlerMethod(name) and
             this = func.getAReturnedNode()
         )
     }
 
-    override predicate sinks(TaintKind kind) {
-      kind instanceof ExternalStringKind
-    }
+    override predicate sinks(TaintKind kind) { kind instanceof ExternalStringKind }
 
-    override string toString() {
-        result = "Twisted response"
-    }
+    override string toString() { result = "Twisted response" }
 }
 
 /**
  * A sink of taint in the form of a "setter" method on a twisted request
  * object, which affects the properties of the subsequent response sent to this
  * request.
  */
- class TwistedRequestSetter extends HttpResponseTaintSink {
+class TwistedRequestSetter extends HttpResponseTaintSink {
     TwistedRequestSetter() {
         exists(CallNode call, ControlFlowNode node, string name |
             (
@@ -44,11 +39,7 @@ class TwistedResponse extends TaintSink {
         )
     }
 
-    override predicate sinks(TaintKind kind) {
-        kind instanceof ExternalStringKind
-    }
+    override predicate sinks(TaintKind kind) { kind instanceof ExternalStringKind }
 
-    override string toString() {
-        result = "Twisted request setter"
-    }
-}
+    override string toString() { result = "Twisted request setter" }
+}

python/ql/src/semmle/python/web/twisted/Twisted.qll

@@ -1,20 +1,17 @@
 import python
-
 import semmle.python.security.TaintTracking
 
-private ClassObject theTwistedHttpRequestClass() {
-    result = ModuleObject::named("twisted.web.http").attr("Request")
+private ClassValue theTwistedHttpRequestClass() {
+    result = Value::named("twisted.web.http.Request")
 }
 
-private ClassObject theTwistedHttpResourceClass() {
-    result = ModuleObject::named("twisted.web.resource").attr("Resource")
+private ClassValue theTwistedHttpResourceClass() {
+    result = Value::named("twisted.web.resource.Resource")
 }
 
-ClassObject aTwistedRequestHandlerClass() {
-    result.getASuperType() = theTwistedHttpResourceClass()
-}
+ClassValue aTwistedRequestHandlerClass() { result.getABaseType+() = theTwistedHttpResourceClass() }
 
-FunctionObject getTwistedRequestHandlerMethod(string name) {
+FunctionValue getTwistedRequestHandlerMethod(string name) {
     result = aTwistedRequestHandlerClass().declaredAttribute(name)
 }
 
@@ -24,29 +21,30 @@ predicate isKnownRequestHandlerMethodName(string name) {
     name.matches("render_%")
 }
 
-/** Holds if `node` is likely to refer to an instance of the twisted
+/**
+ * Holds if `node` is likely to refer to an instance of the twisted
  * `Request` class.
  */
 predicate isTwistedRequestInstance(NameNode node) {
-    node.refersTo(_, theTwistedHttpRequestClass(), _)
+    node.pointsTo().getClass() = theTwistedHttpRequestClass()
     or
-    /* In points-to analysis cannot infer that a given object is an instance of
+    /*
+     * In points-to analysis cannot infer that a given object is an instance of
      * the `twisted.web.http.Request` class, we also include any parameter
      * called `request` that appears inside a subclass of a request handler
      * class, and the appropriate arguments of known request handler methods.
      */
-    exists(Function func | func = node.getScope() |
-        func.getEnclosingScope().(Class).getClassObject() = aTwistedRequestHandlerClass()
-    ) and
-    (
-    /* Any parameter called `request` */
-    node.getId() = "request" and
-    node.isParameter()
-    or
-    /* Any request parameter of a known request handler method */
-    exists(FunctionObject func | node.getScope() = func.getFunction() | 
+
+    exists(Function func |
+        func = node.getScope() and
+        func.getEnclosingScope() = aTwistedRequestHandlerClass().getScope()
+    |
+        /* Any parameter called `request` */
+        node.getId() = "request" and
+        node.isParameter()
+        or
+        /* Any request parameter of a known request handler method */
         isKnownRequestHandlerMethodName(func.getName()) and
-        node.getNode() = func.getFunction().getArg(1)
-        )
+        node.getNode() = func.getArg(1)
     )
 }

python/ql/test/library-tests/web/twisted/Classes.expected

@@ -0,0 +1,5 @@
+| class MyRequestHandler1 | test.py:3 |
+| class MyRequestHandler2 | test.py:23 |
+| class MyRequestHandler3 | test.py:27 |
+| class MyRequestHandler4 | test.py:38 |
+| class MyRequestHandler5 | test.py:42 |

python/ql/test/library-tests/web/twisted/Classes.ql

@@ -0,0 +1,7 @@
+import python
+import semmle.python.TestUtils
+import semmle.python.web.twisted.Twisted
+
+from ClassValue cls
+where cls = aTwistedRequestHandlerClass()
+select cls.toString(), remove_library_prefix(cls.getScope().getLocation())

python/ql/test/library-tests/web/twisted/Methods.expected

@@ -0,0 +1,8 @@
+| myrender | Function MyRequestHandler2.myrender | test.py:24 |
+| render | Function MyRequestHandler1.render | test.py:4 |
+| render | Function MyRequestHandler3.render | test.py:28 |
+| render | Function MyRequestHandler4.render | test.py:39 |
+| render | Function MyRequestHandler5.render | test.py:43 |
+| render_GET | Function MyRequestHandler1.render_GET | test.py:9 |
+| render_POST | Function MyRequestHandler1.render_POST | test.py:16 |
+| render_POST | Function MyRequestHandler3.render_POST | test.py:31 |

python/ql/test/library-tests/web/twisted/Methods.ql

@@ -0,0 +1,7 @@
+import python
+import semmle.python.TestUtils
+import semmle.python.web.twisted.Twisted
+
+from FunctionValue func, string name
+where func = getTwistedRequestHandlerMethod(name)
+select name, func.toString(), remove_library_prefix(func.getScope().getLocation())