Skip to content

Commit 50bfc8e

Browse files
committed
refactor uses of API::Node::getAUse() that should have been something else
1 parent 4e5afab commit 50bfc8e

File tree

11 files changed

+24
-35
lines changed

11 files changed

+24
-35
lines changed

python/ql/lib/semmle/python/frameworks/Asyncpg.qll

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,8 @@ private module Asyncpg {
3333
string methodName;
3434

3535
SqlExecutionOnConnection() {
36-
methodName in ["copy_from_query", "execute", "fetch", "fetchrow", "fetchval", "executemany"] and
37-
this.calls([connectionPool().getAUse(), connection().getAUse()], methodName)
36+
this = [connectionPool(), connection()].getMember(methodName).getACall() and
37+
methodName in ["copy_from_query", "execute", "fetch", "fetchrow", "fetchval", "executemany"]
3838
}
3939

4040
override DataFlow::Node getSql() {
@@ -51,8 +51,8 @@ private module Asyncpg {
5151
string methodName;
5252

5353
FileAccessOnConnection() {
54-
methodName in ["copy_from_query", "copy_from_table", "copy_to_table"] and
55-
this.calls([connectionPool().getAUse(), connection().getAUse()], methodName)
54+
this = [connectionPool(), connection()].getMember(methodName).getACall() and
55+
methodName in ["copy_from_query", "copy_from_table", "copy_to_table"]
5656
}
5757

5858
// The path argument is keyword only.

python/ql/lib/semmle/python/frameworks/Django.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -554,7 +554,7 @@ module PrivateDjango {
554554

555555
/** A `django.db.connection` is a PEP249 compliant DB connection. */
556556
class DjangoDbConnection extends PEP249::Connection::InstanceSource {
557-
DjangoDbConnection() { this = connection().getAUse() }
557+
DjangoDbConnection() { this = connection().getAnImmediateUse() }
558558
}
559559

560560
// -------------------------------------------------------------------------

python/ql/lib/semmle/python/frameworks/Flask.qll

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -339,7 +339,7 @@ module Flask {
339339
*/
340340
private class FlaskRequestSource extends RemoteFlowSource::Range {
341341
FlaskRequestSource() {
342-
this = request().getAUse() and
342+
this = request().getAnImmediateUse() and
343343
not any(Import imp).contains(this.asExpr()) and
344344
not exists(ControlFlowNode def | this.asVar().getSourceVariable().hasDefiningNode(def) |
345345
any(Import imp).contains(def.getNode())
@@ -406,8 +406,8 @@ module Flask {
406406
string attr_name;
407407

408408
RequestAttrMultiDict() {
409-
attr_name in ["args", "values", "form", "files"] and
410-
this.(DataFlow::AttrRead).accesses(request().getAUse(), attr_name)
409+
this = request().getMember(attr_name).getAnImmediateUse() and
410+
attr_name in ["args", "values", "form", "files"]
411411
}
412412
}
413413

@@ -421,7 +421,7 @@ module Flask {
421421
// TODO: This approach for identifying member-access is very adhoc, and we should
422422
// be able to do something more structured for providing modeling of the members
423423
// of a container-object.
424-
exists(DataFlow::AttrRead files | files.accesses(request().getAUse(), "files") |
424+
exists(DataFlow::AttrRead files | files = request().getMember("files").getAnImmediateUse() |
425425
this.asCfgNode().(SubscriptNode).getObject() = files.asCfgNode()
426426
or
427427
this.(DataFlow::MethodCallNode).calls(files, "get")
@@ -435,15 +435,13 @@ module Flask {
435435

436436
/** An `Headers` instance that originates from a flask request. */
437437
private class FlaskRequestHeadersInstances extends Werkzeug::Headers::InstanceSource {
438-
FlaskRequestHeadersInstances() {
439-
this.(DataFlow::AttrRead).accesses(request().getAUse(), "headers")
440-
}
438+
FlaskRequestHeadersInstances() { this = request().getMember("headers").getAnImmediateUse() }
441439
}
442440

443441
/** An `Authorization` instance that originates from a flask request. */
444442
private class FlaskRequestAuthorizationInstances extends Werkzeug::Authorization::InstanceSource {
445443
FlaskRequestAuthorizationInstances() {
446-
this.(DataFlow::AttrRead).accesses(request().getAUse(), "authorization")
444+
this = request().getMember("authorization").getAnImmediateUse()
447445
}
448446
}
449447

python/ql/lib/semmle/python/frameworks/FlaskSqlAlchemy.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ private module FlaskSqlAlchemy {
3535
/** Access on a DB resulting in an Engine */
3636
private class DbEngine extends SqlAlchemy::Engine::InstanceSource {
3737
DbEngine() {
38-
this = dbInstance().getMember("engine").getAUse()
38+
this = dbInstance().getMember("engine").getAnImmediateUse()
3939
or
4040
this = dbInstance().getMember("get_engine").getACall()
4141
}
@@ -44,7 +44,7 @@ private module FlaskSqlAlchemy {
4444
/** Access on a DB resulting in a Session */
4545
private class DbSession extends SqlAlchemy::Session::InstanceSource {
4646
DbSession() {
47-
this = dbInstance().getMember("session").getAUse()
47+
this = dbInstance().getMember("session").getAnImmediateUse()
4848
or
4949
this = dbInstance().getMember("create_session").getReturn().getACall()
5050
or

python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -204,7 +204,7 @@ private module NotExposed {
204204
FindSubclassesSpec spec, string newSubclassQualified, ClassExpr classExpr, Module mod,
205205
Location loc
206206
) {
207-
classExpr = newOrExistingModeling(spec).getASubclass*().getAUse().asExpr() and
207+
classExpr = newOrExistingModeling(spec).getASubclass*().getAnImmediateUse().asExpr() and
208208
classExpr.getScope() = mod and
209209
newSubclassQualified = mod.getName() + "." + classExpr.getName() and
210210
loc = classExpr.getLocation() and

python/ql/lib/semmle/python/regex.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ private string canonical_name(API::Node flag) {
7575
*/
7676
private DataFlow::TypeTrackingNode re_flag_tracker(string flag_name, DataFlow::TypeTracker t) {
7777
t.start() and
78-
exists(API::Node flag | flag_name = canonical_name(flag) and result = flag.getAUse())
78+
exists(API::Node flag | flag_name = canonical_name(flag) and result = flag.getAnImmediateUse())
7979
or
8080
exists(BinaryExprNode binop, DataFlow::Node operand |
8181
operand.getALocalSource() = re_flag_tracker(flag_name, t.continue()) and

python/ql/src/Security/CWE-215/FlaskDebug.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,9 @@ private DataFlow::TypeTrackingNode truthyLiteral(DataFlow::TypeTracker t) {
2727
/** Gets a reference to a truthy literal. */
2828
DataFlow::Node truthyLiteral() { truthyLiteral(DataFlow::TypeTracker::end()).flowsTo(result) }
2929

30-
from DataFlow::CallCfgNode call, DataFlow::Node debugArg
30+
from API::CallNode call, DataFlow::Node debugArg
3131
where
32-
call.getFunction() = Flask::FlaskApp::instance().getMember("run").getAUse() and
32+
call = Flask::FlaskApp::instance().getMember("run").getACall() and
3333
debugArg in [call.getArg(2), call.getArgByName("debug")] and
3434
debugArg = truthyLiteral()
3535
select call,

python/ql/src/experimental/semmle/python/frameworks/Flask.qll

Lines changed: 2 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -27,17 +27,8 @@ module ExperimentalFlask {
2727
}
2828

2929
/** Gets a reference to a header instance. */
30-
private DataFlow::LocalSourceNode headerInstance(DataFlow::TypeTracker t) {
31-
t.start() and
32-
result.(DataFlow::AttrRead).getObject().getALocalSource() =
33-
[Flask::Response::classRef(), flaskMakeResponse()].getReturn().getAUse()
34-
or
35-
exists(DataFlow::TypeTracker t2 | result = headerInstance(t2).track(t2, t))
36-
}
37-
38-
/** Gets a reference to a header instance use. */
39-
private DataFlow::Node headerInstance() {
40-
headerInstance(DataFlow::TypeTracker::end()).flowsTo(result)
30+
private DataFlow::LocalSourceNode headerInstance() {
31+
result = [Flask::Response::classRef(), flaskMakeResponse()].getReturn().getAMember().getAUse()
4132
}
4233

4334
/** Gets a reference to a header instance call/subscript */

python/ql/src/experimental/semmle/python/frameworks/NoSQL.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ private module NoSql {
6464
or
6565
result.(DataFlow::AttrRead).getObject() = mongoInstance().getAUse()
6666
or
67-
result = mongoDBInstance().getAUse()
67+
result = mongoDBInstance().getAnImmediateUse()
6868
)
6969
or
7070
exists(DataFlow::TypeTracker t2 | result = mongoDB(t2).track(t2, t))

python/ql/test/experimental/dataflow/typetracking/moduleattr.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ import semmle.python.ApiGraphs
55

66
private DataFlow::TypeTrackingNode module_tracker(TypeTracker t) {
77
t.start() and
8-
result = API::moduleImport("module").getAUse()
8+
result = API::moduleImport("module").getAnImmediateUse()
99
or
1010
exists(TypeTracker t2 | result = module_tracker(t2).track(t2, t))
1111
}

0 commit comments

Comments
 (0)