Skip to content

Commit 51395d1

Browse files
jorgectfjorgectf
committed
Move xmltodict to its own file under frameworks/ 
1 parent 3504408 commit 51395d1

File tree

2 files changed

+34
-23
lines changed

2 files changed

+34
-23
lines changed

python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ private import semmle.python.dataflow.new.DataFlow
88
private import semmle.python.dataflow.new.TaintTracking
99
private import semmle.python.dataflow.new.RemoteFlowSources
1010
private import experimental.semmle.python.Concepts
11-
private import semmle.python.Concepts
1211
private import semmle.python.ApiGraphs
1312

1413
/**
@@ -99,25 +98,3 @@ private module Re {
9998
override DataFlow::Node getRegexNode() { result = regexNode }
10099
}
101100
}
102-
103-
// ---------------------------------------------------------------------------
104-
// xmltodict
105-
// ---------------------------------------------------------------------------
106-
/** Gets a reference to the `xmltodict` module. */
107-
API::Node xmltodict() { result = API::moduleImport("xmltodict") }
108-
109-
/**
110-
* A call to `xmltodict.parse`
111-
* See https://github.com/martinblech/xmltodict/blob/ae19c452ca000bf243bfc16274c060bf3bf7cf51/xmltodict.py#L198
112-
*/
113-
private class XmlToDictParseCall extends Decoding::Range, DataFlow::CallCfgNode {
114-
XmlToDictParseCall() { this = xmltodict().getMember("parse").getACall() }
115-
116-
override predicate mayExecuteInput() { none() }
117-
118-
override DataFlow::Node getAnInput() { result = this.getArg(0) }
119-
120-
override DataFlow::Node getOutput() { result = this }
121-
122-
override string getFormat() { result = "XML" }
123-
}

python/ql/src/experimental/semmle/python/frameworks/Xmltodict.qll

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
/**
2+
* Provides classes modeling security-relevant aspects of the `xmltodict` PyPI package.
3+
* See https://pypi.org/project/xmltodict/
4+
*/
5+
6+
private import python
7+
private import semmle.python.dataflow.new.DataFlow
8+
private import semmle.python.Concepts
9+
private import semmle.python.ApiGraphs
10+
11+
/**
12+
* Provides models for the `xmltodict` PyPI package.
13+
* See https://pypi.org/project/xmltodict/
14+
*/
15+
private module XmlToDictModel {
16+
/** Gets a reference to the `xmltodict` module. */
17+
API::Node xmltodict() { result = API::moduleImport("xmltodict") }
18+
19+
/**
20+
* A call to `xmltodict.parse`
21+
* See https://github.com/martinblech/xmltodict/blob/ae19c452ca000bf243bfc16274c060bf3bf7cf51/xmltodict.py#L198
22+
*/
23+
private class XmlToDictParseCall extends Decoding::Range, DataFlow::CallCfgNode {
24+
XmlToDictParseCall() { this = xmltodict().getMember("parse").getACall() }
25+
26+
override predicate mayExecuteInput() { none() }
27+
28+
override DataFlow::Node getAnInput() { result = this.getArg(0) }
29+
30+
override DataFlow::Node getOutput() { result = this }
31+
32+
override string getFormat() { result = "XML" }
33+
}
34+
}

0 commit comments

Comments
 (0)