Python: Fix ql4ql alerts

RasmusWL · RasmusWL · commit 69b43f147ace · 2022-11-22T16:24:47.000+01:00
The rest will be ignored.
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll
@@ -478,7 +478,7 @@ private TypeTrackingNode classTracker(TypeTracker t, Class cls) {
     or
     // when a class is decorated, it's the result of the (last) decorator call that
     // is used
-    result.asExpr() = cls.getParent().(ClassExpr).getADecoratorCall()
+    result.asExpr() = cls.getParent().getADecoratorCall()
     or
     // `type(obj)`, where obj is an instance of this class
     result = getTypeCall() and
@@ -1102,8 +1102,8 @@ predicate normalCallArg(CallNode call, Node arg, ArgumentPosition apos) {
 }
 
 /**
- * Gets the argument of `call` at position `apos`, if any, where we can resolve `call`
- * to `target` with CallType `type`.
+ * Gets the argument `arg` of `call` at position `apos`, if any. Requires that we can
+ * resolve `call` to `target` with CallType `type`.
  *
  * It might seem like it's enough to know the CallType to resolve arguments. The reason
  * we also need the `target`, is to avoid cross-talk. In the example below, assuming
diff --git a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
@@ -157,11 +157,10 @@ class UnresolvedCall extends InterestingExternalApiCall, TUnresolvedCall {
 
 /** A node representing data being passed to an external API through a call. */
 class ExternalApiDataNode extends DataFlow::Node {
-  InterestingExternalApiCall call;
-  DataFlowPrivate::ArgumentPosition apos;
-
   ExternalApiDataNode() {
-    this = call.getArgument(apos) and
+    exists(InterestingExternalApiCall call, DataFlowPrivate::ArgumentPosition apos |
+      this = call.getArgument(apos)
+    ) and
     // Not already modeled as a taint step
     not exists(DataFlow::Node next | TaintTrackingPrivate::defaultAdditionalTaintStep(this, next)) and
     // for `list.append(x)`, we have a additional taint step from x -> [post] list.
diff --git a/python/ql/src/meta/analysis-quality/CallGraphQuality.qll b/python/ql/src/meta/analysis-quality/CallGraphQuality.qll
@@ -81,7 +81,7 @@ module PointsToBasedCallGraph {
    */
   class ResolvableCallRelevantTarget extends ResolvableCall {
     ResolvableCallRelevantTarget() {
-      exists(Target target | target = getTarget() |
+      exists(Target target | target = this.getTarget() |
         exists(target.getLocation().getFile().getRelativePath())
       )
     }
@@ -137,7 +137,7 @@ module TypeTrackingBasedCallGraph {
    */
   class ResolvableCallRelevantTarget extends ResolvableCall {
     ResolvableCallRelevantTarget() {
-      exists(Target target | target = getTarget() |
+      exists(Target target | target = this.getTarget() |
         exists(target.getLocation().getFile().getRelativePath())
       )
     }

Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ module PointsToBasedCallGraph {`
`81`	`81`	`*/`
`82`	`82`	`class ResolvableCallRelevantTarget extends ResolvableCall {`
`83`	`83`	`ResolvableCallRelevantTarget() {`
`84`		`- exists(Target target \| target = getTarget() \|`
	`84`	`+ exists(Target target \| target = this.getTarget() \|`
`85`	`85`	`exists(target.getLocation().getFile().getRelativePath())`
`86`	`86`	`)`
`87`	`87`	`}`
`@@ -137,7 +137,7 @@ module TypeTrackingBasedCallGraph {`
`137`	`137`	`*/`
`138`	`138`	`class ResolvableCallRelevantTarget extends ResolvableCall {`
`139`	`139`	`ResolvableCallRelevantTarget() {`
`140`		`- exists(Target target \| target = getTarget() \|`
	`140`	`+ exists(Target target \| target = this.getTarget() \|`
`141`	`141`	`exists(target.getLocation().getFile().getRelativePath())`
`142`	`142`	`)`
`143`	`143`	`}`