python: model (xpathEval from) libxml2

yoff · yoff · commit 17aa2898f9fc · 2022-02-09T14:25:43.000+01:00
diff --git a/docs/codeql/support/reusables/frameworks.rst b/docs/codeql/support/reusables/frameworks.rst
@@ -204,4 +204,5 @@ Python built-in support
    pycryptodomex, Cryptography library
    rsa, Cryptography library
    MarkupSafe, Escaping Library
+   libxml2, XML processing library
    lxml, XML processing library
diff --git a/python/ql/lib/semmle/python/Frameworks.qll b/python/ql/lib/semmle/python/Frameworks.qll
@@ -22,6 +22,7 @@ private import semmle.python.frameworks.FlaskSqlAlchemy
 private import semmle.python.frameworks.Idna
 private import semmle.python.frameworks.Invoke
 private import semmle.python.frameworks.Jmespath
+private import semmle.python.frameworks.Libxml2
 private import semmle.python.frameworks.Lxml
 private import semmle.python.frameworks.MarkupSafe
 private import semmle.python.frameworks.Multidict
diff --git a/python/ql/lib/semmle/python/frameworks/Libxml2.qll b/python/ql/lib/semmle/python/frameworks/Libxml2.qll
@@ -0,0 +1,48 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `libxml2` PyPI package.
+ *
+ * See
+ * - https://pypi.org/project/libxml2-python3/
+ * - http://xmlsoft.org/python.html
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+
+/**
+ * Provides classes modeling security-relevant aspects of the `libxml2` PyPI package
+ *
+ * See
+ * - https://pypi.org/project/libxml2-python3/
+ * - http://xmlsoft.org/python.html
+ */
+private module Libxml2 {
+  /**
+   * A call to the `xpathEval` method of a parsed document.
+   *
+   *    import libxml2
+   *    tree = libxml2.parseFile("file.xml")
+   *    r = tree.xpathEval('`sink`')
+   *
+   * See http://xmlsoft.org/python.html
+   */
+  class XpathEvalCall extends XPathExecution::Range, DataFlow::CallCfgNode {
+    XpathEvalCall() {
+      this =
+        API::moduleImport("libxml2")
+            .getMember("parseFile")
+            .getReturn()
+            .getMember("xpathEval")
+            .getACall()
+    }
+
+    override DataFlow::Node getXPath() { result = this.getArg(0) }
+
+    // TODO: implement when we get call nodes
+    override DataFlow::Node getTree() { none() }
+
+    override string getName() { result = "libxml2" }
+  }
+}
