Merge pull request #2840 from BekaValentine/python-objectapi-to-valueapi-useofapply

Python: ObjectAPI to ValueAPI: UseofApply

Author: tausbn

python/ql/src/Expressions/UseofApply.ql

@@ -10,8 +10,8 @@
  */
 
 import python
+private import semmle.python.types.Builtins
 
 from CallNode call, ControlFlowNode func
-where
-major_version() = 2 and call.getFunction() = func and func.refersTo(Object::builtin("apply"))
+where major_version() = 2 and call.getFunction() = func and func.pointsTo(Value::named("apply"))
 select call, "Call to the obsolete builtin function 'apply'."

python/ql/test/2/query-tests/Expressions/UseofApply.expected

@@ -1 +1,2 @@
+| UseofApply.py:19:3:19:17 | ControlFlowNode for apply() | Call to the obsolete builtin function 'apply'. |
 | expressions_test.py:3:5:3:21 | ControlFlowNode for apply() | Call to the obsolete builtin function 'apply'. |

python/ql/test/2/query-tests/Expressions/UseofApply.py

@@ -0,0 +1,30 @@
+#### UseofApply.ql
+
+# Use of the builtin function `apply` is generally considered bad now that the
+# ability to destructure lists of arguments is possible, but we should not flag
+# cases where the function is merely named `apply` rather than being the actual
+# builtin `apply` function.
+
+def useofapply():
+
+  def foo():
+    pass
+
+
+
+  # Positive Cases
+
+  # This use of `apply` is a reference to the builtin function and so SHOULD be
+  # caught by the query.
+  apply(foo, [1])
+
+
+
+  # Negative Cases
+
+  # This use of `apply` is a reference to the locally defined function inside of
+  # `local`, and so SHOULD NOT be caught by the query.
+  def local():
+    def apply(f):
+      pass
+    apply(foo)([1])

python/ql/test/3/query-tests/Expressions/UseofApply/UseofApply.expected

@@ -0,0 +1,30 @@
+#### UseofApply.ql
+
+# Use of the builtin function `apply` is generally considered bad now that the
+# ability to destructure lists of arguments is possible, but we should not flag
+# cases where the function is merely named `apply` rather than being the actual
+# builtin `apply` function.
+
+def useofapply():
+
+  def foo():
+    pass
+
+
+
+  # Positive Cases
+
+  # This use of `apply` is a reference to the builtin function and so SHOULD be
+  # caught by the query.
+  apply(foo, [1])
+
+
+
+  # Negative Cases
+
+  # This use of `apply` is a reference to the locally defined function inside of
+  # `local`, and so SHOULD NOT be caught by the query.
+  def local():
+    def apply(f):
+      pass
+    apply(foo)([1])

python/ql/test/3/query-tests/Expressions/UseofApply/UseofApply.py

@@ -0,0 +1 @@
+Expressions/UseofApply.ql

python/ql/test/3/query-tests/Expressions/UseofApply/UseofApply.qlref

@@ -242,3 +242,40 @@ def func():
 
 def mpt_arg(d=MappingProxyType({})):
     return 1 in d
+
+
+
+
+
+
+
+#### UseofApply.ql
+
+# Use of the builtin function `apply` is generally considered bad now that the
+# ability to destructure lists of arguments is possible, but we should not flag
+# cases where the function is merely named `apply` rather than being the actual
+# builtin `apply` function.
+
+def useofapply():
+  
+  def foo():
+    pass
+
+
+
+  # Positive Cases
+
+  # This use of `apply` is a reference to the builtin function and so SHOULD be
+  # caught by the query.
+  apply(foo, [1])
+
+
+
+  # Negative Cases
+
+  # This use of `apply` is a reference to the locally defined function inside of
+  # `local`, and so SHOULD NOT be caught by the query.  
+  def local():
+    def apply(f):
+      pass
+    apply(foo)([1])