Skip to content

Commit 0340529

Browse files
yoffyoff
committed
python: improved script and new models
recpgnise flow from `*args` and `**kwargs`
1 parent ad4359e commit 0340529

File tree

2 files changed

+17
-11
lines changed

2 files changed

+17
-11
lines changed

python/ql/lib/ext/StdLib.model.yml

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -34,14 +34,16 @@ extensions:
3434
- ["html", "Member[parser].Member[HTMLParser].Subclass.Instance.Member[feed]", "Argument[0,data:]", "Argument[self]", "taint"]
3535
- ["imp", "Member[find_module]", "Argument[0,name:]", "ReturnValue", "taint"]
3636
- ["imp", "Member[find_module]", "Argument[1,path:]", "ReturnValue", "taint"]
37-
- ["logging", "Member[LogRecord].Subclass.Instance.Member[getMessage]", "Argument[self]", "ReturnValue", "taint"]
3837
- ["logging", "Member[getLevelName]", "Argument[0,level:]", "ReturnValue", "taint"]
38+
- ["logging", "Member[LogRecord].Subclass.Instance.Member[getMessage]", "Argument[self]", "ReturnValue", "taint"]
3939
- ["mimetypes", "Member[guess_type]", "Argument[0,url:]", "ReturnValue", "taint"]
4040
- ["multiprocessing", "Member[connection].Member[Listener].Subclass.Instance.Member[__init__]", "Argument[3,authkey:]", "ReturnValue", "taint"]
4141
- ["nturl2path", "Member[pathname2url]", "Argument[0,p:]", "ReturnValue", "taint"]
4242
- ["nturl2path", "Member[url2pathname]", "Argument[0,url:]", "ReturnValue", "taint"]
4343
- ["optparse", "Member[OptionParser].Subclass.Instance.Member[parse_args]", "Argument[0,args:]", "ReturnValue", "taint"]
4444
- ["pathlib", "Member[Path].Subclass.Instance.Member[__enter__]", "Argument[self]", "ReturnValue", "taint"]
45+
- ["pathlib", "Member[PurePath].Subclass.Instance.Member[__fspath__]", "Argument[self]", "ReturnValue", "taint"]
46+
- ["queue", "Member[Queue].Subclass.Instance.Member[put]", "Argument[0,item:]", "Argument[self]", "taint"]
4547
- ["random", "Member[choice]", "Argument[0,seq:]", "ReturnValue", "taint"]
4648
- ["random", "Member[Random].Subclass.Instance.Member[choice]", "Argument[0,seq:]", "ReturnValue", "taint"]
4749
- ["re", "Member[split]", "Argument[0,pattern:]", "ReturnValue", "taint"]
@@ -59,16 +61,16 @@ extensions:
5961
- ["textwrap", "Member[dedent]", "Argument[0,text:]", "ReturnValue", "taint"]
6062
- ["traceback", "Member[StackSummary].Subclass.Instance.Member[from_list]", "Argument[0,a_list:]", "ReturnValue", "taint"]
6163
- ["typing", "Member[cast]", "Argument[1,val:]", "ReturnValue", "taint"]
62-
- ["urllib", "Member[parse].Member[quote]", "Argument[0,string:]", "ReturnValue", "taint"]
6364
- ["urllib", "Member[parse].Member[quote_plus]", "Argument[0,string:]", "ReturnValue", "taint"]
65+
- ["urllib", "Member[parse].Member[quote]", "Argument[0,string:]", "ReturnValue", "taint"]
6466
- ["urllib", "Member[parse].Member[splitquery]", "Argument[0,url:]", "ReturnValue", "taint"]
65-
- ["urllib", "Member[parse].Member[unquote]", "Argument[0,string:]", "ReturnValue", "taint"]
6667
- ["urllib", "Member[parse].Member[unquote_plus]", "Argument[0,string:]", "ReturnValue", "taint"]
68+
- ["urllib", "Member[parse].Member[unquote]", "Argument[0,string:]", "ReturnValue", "taint"]
6769
- ["urllib", "Member[parse].Member[urlencode]", "Argument[0,query:]", "ReturnValue", "taint"]
6870
- ["urllib", "Member[parse].Member[urljoin]", "Argument[1,url:]", "ReturnValue", "taint"]
71+
- ["urllib", "Member[request].Member[pathname2url]", "Argument[0,pathname:]", "ReturnValue", "taint"]
6972
- ["urllib", "Member[request].Member[Request].Subclass.Instance.Member[__init__]", "Argument[0,url:]", "ReturnValue", "taint"]
7073
- ["urllib", "Member[request].Member[Request].Subclass.Instance.Member[get_full_url]", "Argument[self]", "ReturnValue", "taint"]
71-
- ["urllib", "Member[request].Member[pathname2url]", "Argument[0,pathname:]", "ReturnValue", "taint"]
7274
- ["urllib", "Member[request].Member[url2pathname]", "Argument[0,pathname:]", "ReturnValue", "taint"]
7375
- ["urllib", "Member[request].Member[urlretrieve]", "Argument[0,url:]", "ReturnValue", "taint"]
7476
- ["zipfile", "Member[CompleteDirs].Subclass.Instance.Member[namelist]", "Argument[self]", "ReturnValue", "taint"]

python/ql/src/meta/StdLib/FindUses.qll

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -90,13 +90,17 @@ string computeArgumentPath(string parameter, Function function) {
9090

9191
pragma[inline]
9292
string computeReturnPath(DataFlow::Node argument, DataFlow::Node outNode) {
93-
outNode.(DataFlow::CallCfgNode).getArg(_) = argument and
94-
result = "ReturnValue"
95-
or
96-
outNode.(DataFlow::CallCfgNode).getArgByName(_) = argument and
97-
result = "ReturnValue"
98-
or
99-
outNode.(DataFlow::MethodCallNode).getObject() = argument and
93+
(
94+
outNode.(DataFlow::CallCfgNode).getArg(_) = argument
95+
or
96+
outNode.(DataFlow::CallCfgNode).getArgByName(_) = argument
97+
or
98+
outNode.(DataFlow::CallCfgNode).getNode().getNode().(Call).getKwargs() = argument.asExpr()
99+
or
100+
outNode.(DataFlow::CallCfgNode).getNode().getNode().(Call).getStarargs() = argument.asExpr()
101+
or
102+
outNode.(DataFlow::MethodCallNode).getObject() = argument
103+
) and
100104
result = "ReturnValue"
101105
or
102106
exists(DataFlow::MethodCallNode call |

0 commit comments

Comments
 (0)