property writes are def nodes

erik-krogh · erik-krogh · commit d8eea7ba4c34 · 2022-02-03T23:10:38.000+01:00
diff --git a/python/ql/lib/semmle/python/ApiGraphs.qll b/python/ql/lib/semmle/python/ApiGraphs.qll
@@ -507,16 +507,13 @@ module API {
         lbl = Label::parameter(i) and
         argumentPassing(base, i, rhs)
       )
-      /*
-       * or // TODO:
-       *      exists(DataFlow::SourceNode src, DataFlow::PropWrite pw |
-       *        use(base, src) and pw = trackUseNode(src).getAPropertyWrite() and rhs = pw.getRhs()
-       *      |
-       *        lbl = Label::memberFromRef(pw)
-       *      )
-       */
-
-      }
+      or
+      exists(DataFlow::LocalSourceNode src, DataFlow::AttrWrite pw |
+        use(base, src) and pw = trackUseNode(src).getAnAttributeWrite() and rhs = pw.getValue()
+      |
+        lbl = Label::memberFromRef(pw)
+      )
+    }
 
     /**
      * Holds if `ref` is a use of a node that should have an incoming edge from `base` labeled
@@ -536,7 +533,7 @@ module API {
       |
         // Referring to an attribute on a node that is a use of `base`:
         lbl = Label::memberFromRef(ref) and
-        ref = pred.getAnAttributeReference() // TODO: Change to read.
+        ref = pred.getAnAttributeRead()
         or
         // Calling a node that is a use of `base`
         lbl = Label::return() and
@@ -778,7 +775,7 @@ module API {
         MkLabelParameter(int i) {
           exists(any(DataFlow::CallCfgNode c).getArg(i))
           or
-          i = [-1 .. 10] // TODO: Def nodes, figure out how to make this prettier.
+          exists(any(Function f).getArg(i))
         } or
         MkLabelReturn() or
         MkLabelSubclass() or
diff --git a/python/ql/test/library-tests/ApiGraphs/deftest2.py b/python/ql/test/library-tests/ApiGraphs/deftest2.py
@@ -0,0 +1,19 @@
+# Subclasses
+
+from flask.views import View #$ use=moduleImport("flask").getMember("views").getMember("View")
+
+class MyView(View): #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass()
+    myvar = 45 #$ def=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("myvar")
+    def my_method(self): #$ def=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("my_method") use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("my_method").getParameter(0)
+        pass
+
+instance = MyView() #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getReturn()
+
+def internal():
+    from pflask.views import View #$ use=moduleImport("pflask").getMember("views").getMember("View")
+    class IntMyView(View): #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass()
+        my_internal_var = 35 #$ def=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_var")
+        def my_internal_method(self): #$ def=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_method") use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_method").getParameter(0)
+            pass
+
+    int_instance = IntMyView() #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getReturn()
diff --git a/python/ql/test/library-tests/ApiGraphs/test.py b/python/ql/test/library-tests/ApiGraphs/test.py
@@ -75,27 +75,6 @@ def f():
     sink(foo) #$ use=moduleImport("danger").getMember("SOURCE")
 
 
-# Subclasses
-
-from flask.views import View #$ use=moduleImport("flask").getMember("views").getMember("View")
-
-class MyView(View): #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass()
-    myvar = 45 #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("myvar")
-    def my_method(self): #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("my_method")
-        pass
-
-instance = MyView() #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getReturn()
-
-def internal():
-    from pflask.views import View #$ use=moduleImport("pflask").getMember("views").getMember("View")
-    class IntMyView(View): #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass()
-        my_internal_var = 35 #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_var")
-        def my_internal_method(self): #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_method")
-            pass
-
-    int_instance = IntMyView() #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getReturn()
-
-
 # Built-ins
 
 def use_of_builtins():
