Skip to content

Commit 28312bd

Browse files
yoffyoff
committed
python: better handling of methods
- add `Instance` - add `Subclass` - handle `self` argument properly - use newly generated models
1 parent 766a854 commit 28312bd

File tree

2 files changed

+47
-37
lines changed

2 files changed

+47
-37
lines changed

Diff for: python/ql/lib/ext/StdLib.model.yml

+29-29
Original file line numberDiff line numberDiff line change
@@ -13,68 +13,68 @@ extensions:
1313
pack: codeql/python-all
1414
extensible: summaryModel
1515
data:
16-
- ["_collections_abc", "Member[Mapping].Member[get]", "Argument[2,default:]", "ReturnValue", "taint"]
17-
- ["argparse", "Member[ArgumentParser].Member[_parse_known_args]", "Argument[1,arg_strings:]", "ReturnValue", "taint"]
18-
- ["argparse", "Member[ArgumentParser].Member[_read_args_from_files]", "Argument[1,arg_strings:]", "ReturnValue", "taint"]
19-
- ["argparse", "Member[ArgumentParser].Member[parse_args]", "Argument[1,args:]", "ReturnValue", "taint"]
20-
- ["argparse", "Member[ArgumentParser].Member[parse_known_args]", "Argument[1,args:]", "ReturnValue", "taint"]
21-
- ["cgi", "Member[FieldStorage].Member[getvalue]", "Argument[0,self:]", "ReturnValue", "taint"]
22-
- ["contextlib", "Member[_BaseExitStack].Member[enter_context]", "Argument[1,cm:]", "ReturnValue", "taint"]
16+
- ["_collections_abc", "Member[Mapping].Subclass.Instance.Member[get]", "Argument[1,default:]", "ReturnValue", "taint"]
17+
- ["argparse", "Member[ArgumentParser].Subclass.Instance.Member[_parse_known_args]", "Argument[0,arg_strings:]", "ReturnValue", "taint"]
18+
- ["argparse", "Member[ArgumentParser].Subclass.Instance.Member[_read_args_from_files]", "Argument[0,arg_strings:]", "ReturnValue", "taint"]
19+
- ["argparse", "Member[ArgumentParser].Subclass.Instance.Member[parse_args]", "Argument[0,args:]", "ReturnValue", "taint"]
20+
- ["argparse", "Member[ArgumentParser].Subclass.Instance.Member[parse_known_args]", "Argument[0,args:]", "ReturnValue", "taint"]
21+
- ["cgi", "Member[FieldStorage].Subclass.Instance.Member[getvalue]", "Argument[self]", "ReturnValue", "taint"]
22+
- ["contextlib", "Member[_BaseExitStack].Subclass.Instance.Member[enter_context]", "Argument[0,cm:]", "ReturnValue", "taint"]
2323
- ["ctypes", "Member[create_unicode_buffer]", "Argument[0,init:]", "ReturnValue", "taint"]
24-
- ["email", "Member[header].Member[Header].Member[__init__]", "Argument[1,s:]", "ReturnValue", "taint"]
24+
- ["distutils", "Member[util].Member[change_root]", "Argument[0,new_root:]", "ReturnValue", "taint"]
25+
- ["email", "Member[header].Member[Header].Subclass.Instance.Member[__init__]", "Argument[0,s:]", "ReturnValue", "taint"]
2526
- ["email", "Member[utils].Member[parseaddr]", "Argument[0,addr:]", "ReturnValue", "taint"]
2627
- ["fnmatch", "Member[filter]", "Argument[0,names:]", "ReturnValue", "taint"]
2728
- ["functools", "Member[reduce]", "Argument[1,sequence:]", "ReturnValue", "taint"]
2829
- ["getopt", "Member[getopt]", "Argument[0,args:]", "ReturnValue", "taint"]
2930
- ["getopt", "Member[getopt]", "Argument[2,longopts:]", "ReturnValue", "taint"]
3031
- ["gettext", "Member[gettext]", "Argument[0,message:]", "ReturnValue", "taint"]
31-
- ["gzip", "Member[GzipFile].Member[__init__]", "Argument[1,filename:]", "ReturnValue", "taint"]
32+
- ["gzip", "Member[GzipFile].Subclass.Instance.Member[__init__]", "Argument[0,filename:]", "ReturnValue", "taint"]
3233
- ["html", "Member[escape]", "Argument[0,s:]", "ReturnValue", "taint"]
33-
- ["html", "Member[parser].Member[HTMLParser].Member[feed]", "Argument[1,data:]", "Argument[self:]", "taint"]
34+
- ["html", "Member[parser].Member[HTMLParser].Subclass.Instance.Member[feed]", "Argument[0,data:]", "Argument[self]", "taint"]
3435
- ["imp", "Member[find_module]", "Argument[0,name:]", "ReturnValue", "taint"]
3536
- ["imp", "Member[find_module]", "Argument[1,path:]", "ReturnValue", "taint"]
37+
- ["logging", "Member[LogRecord].Subclass.Instance.Member[getMessage]", "Argument[self]", "ReturnValue", "taint"]
3638
- ["logging", "Member[getLevelName]", "Argument[0,level:]", "ReturnValue", "taint"]
37-
- ["logging", "Member[LogRecord].Member[getMessage]", "Argument[0,self:]", "ReturnValue", "taint"]
3839
- ["mimetypes", "Member[guess_type]", "Argument[0,url:]", "ReturnValue", "taint"]
39-
- ["multiprocessing", "Member[connection].Member[Listener].Member[__init__]", "Argument[4,authkey:]", "ReturnValue", "taint"]
40+
- ["multiprocessing", "Member[connection].Member[Listener].Subclass.Instance.Member[__init__]", "Argument[3,authkey:]", "ReturnValue", "taint"]
4041
- ["nturl2path", "Member[pathname2url]", "Argument[0,p:]", "ReturnValue", "taint"]
4142
- ["nturl2path", "Member[url2pathname]", "Argument[0,url:]", "ReturnValue", "taint"]
42-
- ["optparse", "Member[OptionParser].Member[parse_args]", "Argument[1,args:]", "ReturnValue", "taint"]
43-
- ["pathlib", "Member[Path].Member[__enter__]", "Argument[0,self:]", "ReturnValue", "taint"]
44-
- ["random", "Member[Random].Member[choice]", "Argument[1,seq:]", "ReturnValue", "taint"]
43+
- ["optparse", "Member[OptionParser].Subclass.Instance.Member[parse_args]", "Argument[0,args:]", "ReturnValue", "taint"]
44+
- ["pathlib", "Member[Path].Subclass.Instance.Member[__enter__]", "Argument[self]", "ReturnValue", "taint"]
45+
- ["random", "Member[Random].Subclass.Instance.Member[choice]", "Argument[0,seq:]", "ReturnValue", "taint"]
4546
- ["re", "Member[split]", "Argument[0,pattern:]", "ReturnValue", "taint"]
4647
- ["shlex", "Member[quote]", "Argument[0,s:]", "ReturnValue", "taint"]
4748
- ["shutil", "Member[which]", "Argument[0,cmd:]", "ReturnValue", "taint"]
4849
- ["shutil", "Member[which]", "Argument[2,path:]", "ReturnValue", "taint"]
49-
- ["subprocess", "Member[Popen].Member[__init__]", "Argument[1,args:]", "ReturnValue", "taint"]
50-
- ["tarfile", "Member[TarFile].Member[open]", "Argument[1,name:]", "ReturnValue", "taint"]
51-
- ["tarfile", "Member[TarFile].Member[open]", "Argument[3,fileobj:]", "ReturnValue", "taint"]
50+
- ["subprocess", "Member[Popen].Subclass.Instance.Member[__init__]", "Argument[0,args:]", "ReturnValue", "taint"]
51+
- ["tarfile", "Member[TarFile].Subclass.Instance.Member[open]", "Argument[0,name:]", "ReturnValue", "taint"]
52+
- ["tarfile", "Member[TarFile].Subclass.Instance.Member[open]", "Argument[2,fileobj:]", "ReturnValue", "taint"]
5253
- ["tempfile", "Member[mkdtemp]", "Argument[0,suffix:]", "ReturnValue", "taint"]
5354
- ["tempfile", "Member[mkdtemp]", "Argument[1,prefix:]", "ReturnValue", "taint"]
5455
- ["tempfile", "Member[mkdtemp]", "Argument[2,dir:]", "ReturnValue", "taint"]
5556
- ["tempfile", "Member[mkstemp]", "Argument[0,suffix:]", "ReturnValue", "taint"]
5657
- ["tempfile", "Member[mkstemp]", "Argument[2,dir:]", "ReturnValue", "taint"]
5758
- ["textwrap", "Member[dedent]", "Argument[0,text:]", "ReturnValue", "taint"]
58-
- ["traceback", "Member[StackSummary].Member[from_list]", "Argument[1,a_list:]", "ReturnValue", "taint"]
59+
- ["traceback", "Member[StackSummary].Subclass.Instance.Member[from_list]", "Argument[0,a_list:]", "ReturnValue", "taint"]
5960
- ["typing", "Member[cast]", "Argument[1,val:]", "ReturnValue", "taint"]
60-
- ["urllib", "Member[parse].Member[quote_plus]", "Argument[0,string:]", "ReturnValue", "taint"]
6161
- ["urllib", "Member[parse].Member[quote]", "Argument[0,string:]", "ReturnValue", "taint"]
62+
- ["urllib", "Member[parse].Member[quote_plus]", "Argument[0,string:]", "ReturnValue", "taint"]
6263
- ["urllib", "Member[parse].Member[splitquery]", "Argument[0,url:]", "ReturnValue", "taint"]
63-
- ["urllib", "Member[parse].Member[unquote_plus]", "Argument[0,string:]", "ReturnValue", "taint"]
6464
- ["urllib", "Member[parse].Member[unquote]", "Argument[0,string:]", "ReturnValue", "taint"]
65+
- ["urllib", "Member[parse].Member[unquote_plus]", "Argument[0,string:]", "ReturnValue", "taint"]
6566
- ["urllib", "Member[parse].Member[urlencode]", "Argument[0,query:]", "ReturnValue", "taint"]
6667
- ["urllib", "Member[parse].Member[urljoin]", "Argument[1,url:]", "ReturnValue", "taint"]
68+
- ["urllib", "Member[request].Member[Request].Subclass.Instance.Member[__init__]", "Argument[0,url:]", "ReturnValue", "taint"]
69+
- ["urllib", "Member[request].Member[Request].Subclass.Instance.Member[get_full_url]", "Argument[self]", "ReturnValue", "taint"]
6770
- ["urllib", "Member[request].Member[pathname2url]", "Argument[0,pathname:]", "ReturnValue", "taint"]
68-
- ["urllib", "Member[request].Member[Request].Member[__init__]", "Argument[1,url:]", "ReturnValue", "taint"]
69-
- ["urllib", "Member[request].Member[Request].Member[get_full_url]", "Argument[0,self:]", "ReturnValue", "taint"]
7071
- ["urllib", "Member[request].Member[url2pathname]", "Argument[0,pathname:]", "ReturnValue", "taint"]
7172
- ["urllib", "Member[request].Member[urlretrieve]", "Argument[0,url:]", "ReturnValue", "taint"]
72-
- ["zipfile", "Member[CompleteDirs].Member[namelist]", "Argument[0,self:]", "ReturnValue", "taint"]
73-
- ["zipfile", "Member[ZipFile].Member[__init__]", "Argument[1,file:]", "ReturnValue", "taint"]
74-
- ["zipfile", "Member[ZipFile].Member[_extract_member]", "Argument[2,targetpath:]", "ReturnValue", "taint"]
75-
- ["zipfile", "Member[ZipFile].Member[infolist]", "Argument[0,self:]", "ReturnValue", "taint"]
76-
- ["zipfile", "Member[ZipFile].Member[namelist]", "Argument[0,self:]", "ReturnValue", "taint"]
77-
73+
- ["zipfile", "Member[CompleteDirs].Subclass.Instance.Member[namelist]", "Argument[self]", "ReturnValue", "taint"]
74+
- ["zipfile", "Member[ZipFile].Subclass.Instance.Member[__init__]", "Argument[0,file:]", "ReturnValue", "taint"]
75+
- ["zipfile", "Member[ZipFile].Subclass.Instance.Member[_extract_member]", "Argument[1,targetpath:]", "ReturnValue", "taint"]
76+
- ["zipfile", "Member[ZipFile].Subclass.Instance.Member[infolist]", "Argument[self]", "ReturnValue", "taint"]
77+
- ["zipfile", "Member[ZipFile].Subclass.Instance.Member[namelist]", "Argument[self]", "ReturnValue", "taint"]
7878
- addsTo:
7979
pack: codeql/python-all
8080
extensible: neutralModel

Diff for: python/ql/src/meta/StdLib/FindUses.qll

+18-8
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,8 @@ string computeScopePath(Scope scope) {
3939
//recursive cases
4040
if scope instanceof Class
4141
then
42-
result = computeScopePath(scope.(Class).getEnclosingScope()) + "." + scope.(Class).getName()
42+
result =
43+
computeScopePath(scope.(Class).getEnclosingScope()) + "." + scope.(Class).getName() + "!"
4344
else
4445
if scope instanceof Function
4546
then
@@ -55,21 +56,30 @@ predicate fullyQualifiedToYamlFormat(string fullyQualified, string type2, string
5556
exists(int firstDot | firstDot = fullyQualified.indexOf(".", 0, 0) |
5657
type2 = fullyQualified.prefix(firstDot) and
5758
path =
58-
("Member[" + fullyQualified.suffix(firstDot + 1).replaceAll(".", "].Member[") + "]")
59-
.replaceAll(".Member[__init__].", "")
60-
.replaceAll("Member[__init__].", "")
59+
(
60+
"Member[" +
61+
fullyQualified
62+
.suffix(firstDot + 1)
63+
.replaceAll("!.", "]InstanceMember[")
64+
.replaceAll(".", "].Member[")
65+
.replaceAll("]InstanceMember[", "].Subclass.Instance.Member[") + "]"
66+
).replaceAll(".Member[__init__].", "").replaceAll("Member[__init__].", "").replaceAll("!", "")
6167
)
6268
}
6369

6470
pragma[inline]
6571
string computeArgumentPosition(string parameter, Function function) {
66-
exists(int index |
72+
exists(int index, int offset, int adjusted_index |
73+
(if function.isMethod() then offset = -1 else offset = 0) and
74+
adjusted_index = index + offset and
75+
adjusted_index >= 0
76+
|
6777
parameter = function.getArg(index).getName() and
68-
result = index.toString()
78+
result = adjusted_index.toString()
6979
)
7080
or
7181
exists(function.getArgByName(parameter)) and
72-
result = parameter + ":"
82+
if parameter = "self" then result = parameter else result = parameter + ":"
7383
}
7484

7585
bindingset[parameter, function]
@@ -99,7 +109,7 @@ string computeReturnPath(
99109
or
100110
call.getArgByName(_) = argument
101111
) and
102-
result = "Argument[self:]"
112+
result = "Argument[self]"
103113
)
104114
}
105115

0 commit comments

Comments
 (0)