refactor uses of API::Node::getAUse() that should have been something else

Author: erik-krogh

python/ql/lib/semmle/python/frameworks/Asyncpg.qll

@@ -33,8 +33,8 @@ private module Asyncpg {
     string methodName;
 
     SqlExecutionOnConnection() {
-      methodName in ["copy_from_query", "execute", "fetch", "fetchrow", "fetchval", "executemany"] and
-      this.calls([connectionPool().getAUse(), connection().getAUse()], methodName)
+      this = [connectionPool(), connection()].getMember(methodName).getACall() and
+      methodName in ["copy_from_query", "execute", "fetch", "fetchrow", "fetchval", "executemany"]
     }
 
     override DataFlow::Node getSql() {
@@ -51,8 +51,8 @@ private module Asyncpg {
     string methodName;
 
     FileAccessOnConnection() {
-      methodName in ["copy_from_query", "copy_from_table", "copy_to_table"] and
-      this.calls([connectionPool().getAUse(), connection().getAUse()], methodName)
+      this = [connectionPool(), connection()].getMember(methodName).getACall() and
+      methodName in ["copy_from_query", "copy_from_table", "copy_to_table"]
     }
 
     // The path argument is keyword only.

python/ql/lib/semmle/python/frameworks/Django.qll

@@ -554,7 +554,7 @@ module PrivateDjango {
 
       /** A `django.db.connection` is a PEP249 compliant DB connection. */
       class DjangoDbConnection extends PEP249::Connection::InstanceSource {
-        DjangoDbConnection() { this = connection().getAUse() }
+        DjangoDbConnection() { this = connection().getAnImmediateUse() }
       }
 
       // -------------------------------------------------------------------------

python/ql/lib/semmle/python/frameworks/Flask.qll

@@ -339,7 +339,7 @@ module Flask {
    */
   private class FlaskRequestSource extends RemoteFlowSource::Range {
     FlaskRequestSource() {
-      this = request().getAUse() and
+      this = request().getAnImmediateUse() and
       not any(Import imp).contains(this.asExpr()) and
       not exists(ControlFlowNode def | this.asVar().getSourceVariable().hasDefiningNode(def) |
         any(Import imp).contains(def.getNode())
@@ -406,8 +406,8 @@ module Flask {
     string attr_name;
 
     RequestAttrMultiDict() {
-      attr_name in ["args", "values", "form", "files"] and
-      this.(DataFlow::AttrRead).accesses(request().getAUse(), attr_name)
+      this = request().getMember(attr_name).getAnImmediateUse() and
+      attr_name in ["args", "values", "form", "files"]
     }
   }
 
@@ -421,7 +421,7 @@ module Flask {
       // TODO: This approach for identifying member-access is very adhoc, and we should
       // be able to do something more structured for providing modeling of the members
       // of a container-object.
-      exists(DataFlow::AttrRead files | files.accesses(request().getAUse(), "files") |
+      exists(DataFlow::AttrRead files | files = request().getMember("files").getAnImmediateUse() |
         this.asCfgNode().(SubscriptNode).getObject() = files.asCfgNode()
         or
         this.(DataFlow::MethodCallNode).calls(files, "get")
@@ -435,15 +435,13 @@ module Flask {
 
   /** An `Headers` instance that originates from a flask request. */
   private class FlaskRequestHeadersInstances extends Werkzeug::Headers::InstanceSource {
-    FlaskRequestHeadersInstances() {
-      this.(DataFlow::AttrRead).accesses(request().getAUse(), "headers")
-    }
+    FlaskRequestHeadersInstances() { this = request().getMember("headers").getAnImmediateUse() }
   }
 
   /** An `Authorization` instance that originates from a flask request. */
   private class FlaskRequestAuthorizationInstances extends Werkzeug::Authorization::InstanceSource {
     FlaskRequestAuthorizationInstances() {
-      this.(DataFlow::AttrRead).accesses(request().getAUse(), "authorization")
+      this = request().getMember("authorization").getAnImmediateUse()
     }
   }
 

python/ql/lib/semmle/python/frameworks/FlaskSqlAlchemy.qll

@@ -35,7 +35,7 @@ private module FlaskSqlAlchemy {
   /** Access on a DB resulting in an Engine */
   private class DbEngine extends SqlAlchemy::Engine::InstanceSource {
     DbEngine() {
-      this = dbInstance().getMember("engine").getAUse()
+      this = dbInstance().getMember("engine").getAnImmediateUse()
       or
       this = dbInstance().getMember("get_engine").getACall()
     }
@@ -44,7 +44,7 @@ private module FlaskSqlAlchemy {
   /** Access on a DB resulting in a Session */
   private class DbSession extends SqlAlchemy::Session::InstanceSource {
     DbSession() {
-      this = dbInstance().getMember("session").getAUse()
+      this = dbInstance().getMember("session").getAnImmediateUse()
       or
       this = dbInstance().getMember("create_session").getReturn().getACall()
       or

python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll

@@ -204,7 +204,7 @@ private module NotExposed {
     FindSubclassesSpec spec, string newSubclassQualified, ClassExpr classExpr, Module mod,
     Location loc
   ) {
-    classExpr = newOrExistingModeling(spec).getASubclass*().getAUse().asExpr() and
+    classExpr = newOrExistingModeling(spec).getASubclass*().getAnImmediateUse().asExpr() and
     classExpr.getScope() = mod and
     newSubclassQualified = mod.getName() + "." + classExpr.getName() and
     loc = classExpr.getLocation() and

python/ql/lib/semmle/python/regex.qll

@@ -75,7 +75,7 @@ private string canonical_name(API::Node flag) {
  */
 private DataFlow::TypeTrackingNode re_flag_tracker(string flag_name, DataFlow::TypeTracker t) {
   t.start() and
-  exists(API::Node flag | flag_name = canonical_name(flag) and result = flag.getAUse())
+  exists(API::Node flag | flag_name = canonical_name(flag) and result = flag.getAnImmediateUse())
   or
   exists(BinaryExprNode binop, DataFlow::Node operand |
     operand.getALocalSource() = re_flag_tracker(flag_name, t.continue()) and

python/ql/src/Security/CWE-215/FlaskDebug.ql

@@ -27,9 +27,9 @@ private DataFlow::TypeTrackingNode truthyLiteral(DataFlow::TypeTracker t) {
 /** Gets a reference to a truthy literal. */
 DataFlow::Node truthyLiteral() { truthyLiteral(DataFlow::TypeTracker::end()).flowsTo(result) }
 
-from DataFlow::CallCfgNode call, DataFlow::Node debugArg
+from API::CallNode call, DataFlow::Node debugArg
 where
-  call.getFunction() = Flask::FlaskApp::instance().getMember("run").getAUse() and
+  call = Flask::FlaskApp::instance().getMember("run").getACall() and
   debugArg in [call.getArg(2), call.getArgByName("debug")] and
   debugArg = truthyLiteral()
 select call,

python/ql/src/experimental/semmle/python/frameworks/Flask.qll

@@ -27,17 +27,8 @@ module ExperimentalFlask {
   }
 
   /** Gets a reference to a header instance. */
-  private DataFlow::LocalSourceNode headerInstance(DataFlow::TypeTracker t) {
-    t.start() and
-    result.(DataFlow::AttrRead).getObject().getALocalSource() =
-      [Flask::Response::classRef(), flaskMakeResponse()].getReturn().getAUse()
-    or
-    exists(DataFlow::TypeTracker t2 | result = headerInstance(t2).track(t2, t))
-  }
-
-  /** Gets a reference to a header instance use. */
-  private DataFlow::Node headerInstance() {
-    headerInstance(DataFlow::TypeTracker::end()).flowsTo(result)
+  private DataFlow::LocalSourceNode headerInstance() {
+    result = [Flask::Response::classRef(), flaskMakeResponse()].getReturn().getAMember().getAUse()
   }
 
   /** Gets a reference to a header instance call/subscript */

python/ql/src/experimental/semmle/python/frameworks/NoSQL.qll

@@ -64,7 +64,7 @@ private module NoSql {
       or
       result.(DataFlow::AttrRead).getObject() = mongoInstance().getAUse()
       or
-      result = mongoDBInstance().getAUse()
+      result = mongoDBInstance().getAnImmediateUse()
     )
     or
     exists(DataFlow::TypeTracker t2 | result = mongoDB(t2).track(t2, t))

python/ql/test/experimental/dataflow/typetracking/moduleattr.ql

@@ -5,7 +5,7 @@ import semmle.python.ApiGraphs
 
 private DataFlow::TypeTrackingNode module_tracker(TypeTracker t) {
   t.start() and
-  result = API::moduleImport("module").getAUse()
+  result = API::moduleImport("module").getAnImmediateUse()
   or
   exists(TypeTracker t2 | result = module_tracker(t2).track(t2, t))
 }