Skip to content

Commit 7ca1965

Browse files
RasmusWLRasmusWL
committed
Python: mongoDBInstance refactor
1 parent e58e9a2 commit 7ca1965

File tree

1 file changed

+13
-21
lines changed
  • python/ql/src/experimental/semmle/python/frameworks

1 file changed

+13
-21
lines changed

python/ql/src/experimental/semmle/python/frameworks/NoSQL.qll

Lines changed: 13 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -44,21 +44,9 @@ private module NoSql {
4444
}
4545

4646
/**
47-
* Gets a reference to an initialized `Mongo` DB instance.
48-
* See `mongoEngine()`, `flask_MongoEngine()`
47+
* Gets a reference to a `Mongo` DB instance.
4948
*/
50-
private API::Node mongoDBInstance() {
51-
result = mongoEngine().getMember(["get_db", "connect"]).getReturn() or
52-
result = mongoEngine().getMember("connection").getMember(["get_db", "connect"]).getReturn() or
53-
result = flask_MongoEngine().getMember("get_db").getReturn()
54-
}
55-
56-
/**
57-
* Gets a reference to a `Mongo` DB use.
58-
*
59-
* See `mongoClientInstance()`, `mongoDBInstance()`.
60-
*/
61-
private DataFlow::LocalSourceNode mongoDB(DataFlow::TypeTracker t) {
49+
private DataFlow::LocalSourceNode mongoDBInstance(DataFlow::TypeTracker t) {
6250
t.start() and
6351
(
6452
exists(SubscriptNode subscript |
@@ -68,10 +56,14 @@ private module NoSql {
6856
or
6957
result.(DataFlow::AttrRead).getObject() = mongoClientInstance().getAUse()
7058
or
71-
result = mongoDBInstance().getAUse()
59+
result = mongoEngine().getMember(["get_db", "connect"]).getACall()
60+
or
61+
result = mongoEngine().getMember("connection").getMember(["get_db", "connect"]).getACall()
62+
or
63+
result = flask_MongoEngine().getMember("get_db").getACall()
7264
)
7365
or
74-
exists(DataFlow::TypeTracker t2 | result = mongoDB(t2).track(t2, t))
66+
exists(DataFlow::TypeTracker t2 | result = mongoDBInstance(t2).track(t2, t))
7567
}
7668

7769
/**
@@ -85,21 +77,21 @@ private module NoSql {
8577
*
8678
* `mongo.db` would be a use of a `Mongo` instance, and so the result.
8779
*/
88-
private DataFlow::Node mongoDB() { mongoDB(DataFlow::TypeTracker::end()).flowsTo(result) }
80+
private DataFlow::Node mongoDBInstance() {
81+
mongoDBInstance(DataFlow::TypeTracker::end()).flowsTo(result)
82+
}
8983

9084
/**
9185
* Gets a reference to a `Mongo` collection use.
92-
*
93-
* See `mongoDB()`.
9486
*/
9587
private DataFlow::LocalSourceNode mongoCollection(DataFlow::TypeTracker t) {
9688
t.start() and
9789
(
9890
exists(SubscriptNode subscript | result.asCfgNode() = subscript |
99-
subscript.getObject() = mongoDB().asCfgNode()
91+
subscript.getObject() = mongoDBInstance().asCfgNode()
10092
)
10193
or
102-
result.(DataFlow::AttrRead).getObject() = mongoDB()
94+
result.(DataFlow::AttrRead).getObject() = mongoDBInstance()
10395
)
10496
or
10597
exists(DataFlow::TypeTracker t2 | result = mongoCollection(t2).track(t2, t))

0 commit comments

Comments
 (0)