Python: Rename getAUse -> getAValueReachableFromSource

Author: asgerf

python/ql/lib/semmle/python/ApiGraphs.qll

@@ -106,7 +106,7 @@ module API {
      * ```
      * both `obj.foo` and `x` are uses of the `foo` member from `obj`.
      */
-    DataFlow::Node getAUse() {
+    DataFlow::Node getAValueReachableFromSource() {
       exists(DataFlow::LocalSourceNode src | Impl::use(this, src) |
         Impl::trackUseNode(src).flowsTo(result)
       )

python/ql/lib/semmle/python/frameworks/Aiohttp.qll

@@ -626,7 +626,8 @@ module AiohttpWebModel {
         // and just go with the LHS
         this.asCfgNode() = subscript
       |
-        subscript.getObject() = aiohttpResponseInstance().getMember("cookies").getAUse().asCfgNode() and
+        subscript.getObject() =
+          aiohttpResponseInstance().getMember("cookies").getAValueReachableFromSource().asCfgNode() and
         value.asCfgNode() = subscript.(DefinitionNode).getValue() and
         index.asCfgNode() = subscript.getIndex()
       )

python/ql/lib/semmle/python/frameworks/Cryptodome.qll

@@ -164,7 +164,7 @@ private module CryptodomeModel {
               .getMember("Cipher")
               .getMember(cipherName)
               .getMember(modeName)
-              .getAUse()
+              .getAValueReachableFromSource()
       |
         result = modeName.splitAt("_", 1)
       )

python/ql/lib/semmle/python/frameworks/Cryptography.qll

@@ -145,9 +145,9 @@ private module CryptographyModel {
 
     override int getKeySizeWithOrigin(DataFlow::Node origin) {
       exists(API::Node n | n = Ecc::predefinedCurveClass(result) and origin = n.asSource() |
-        this.getCurveArg() = n.getAUse()
+        this.getCurveArg() = n.getAValueReachableFromSource()
         or
-        this.getCurveArg() = n.getReturn().getAUse()
+        this.getCurveArg() = n.getReturn().getAValueReachableFromSource()
       )
     }
 
@@ -189,12 +189,12 @@ private module CryptographyModel {
               .getMember("ciphers")
               .getMember("Cipher")
               .getACall() and
-        algorithmClassRef(algorithmName).getReturn().getAUse() in [
+        algorithmClassRef(algorithmName).getReturn().getAValueReachableFromSource() in [
             call.getArg(0), call.getArgByName("algorithm")
           ] and
         exists(DataFlow::Node modeArg | modeArg in [call.getArg(1), call.getArgByName("mode")] |
-          if modeArg = modeClassRef(_).getReturn().getAUse()
-          then modeArg = modeClassRef(modeName).getReturn().getAUse()
+          if modeArg = modeClassRef(_).getReturn().getAValueReachableFromSource()
+          then modeArg = modeClassRef(modeName).getReturn().getAValueReachableFromSource()
           else modeName = "<None or unknown>"
         )
       )
@@ -252,7 +252,7 @@ private module CryptographyModel {
               .getMember("hashes")
               .getMember("Hash")
               .getACall() and
-        algorithmClassRef(algorithmName).getReturn().getAUse() in [
+        algorithmClassRef(algorithmName).getReturn().getAValueReachableFromSource() in [
             call.getArg(0), call.getArgByName("algorithm")
           ]
       )

python/ql/lib/semmle/python/frameworks/Django.qll

@@ -2799,7 +2799,7 @@ module PrivateDjango {
             .getMember("decorators")
             .getMember("csrf")
             .getMember(decoratorName)
-            .getAUse() and
+            .getAValueReachableFromSource() and
       this.asExpr() = function.getADecorator()
     }
 

python/ql/lib/semmle/python/frameworks/Fabric.qll

@@ -179,7 +179,7 @@ private module FabricV2 {
       DataFlow::ParameterNode {
       FabricTaskFirstParamConnectionInstance() {
         exists(Function func |
-          func.getADecorator() = Fabric::Tasks::task().getAUse().asExpr() and
+          func.getADecorator() = Fabric::Tasks::task().getAValueReachableFromSource().asExpr() and
           this.getParameter() = func.getArg(0)
         )
       }

python/ql/lib/semmle/python/frameworks/FastApi.qll

@@ -90,7 +90,8 @@ private module FastApi {
   private class PydanticModelRequestHandlerParam extends Pydantic::BaseModel::InstanceSource,
     DataFlow::ParameterNode {
     PydanticModelRequestHandlerParam() {
-      this.getParameter().getAnnotation() = Pydantic::BaseModel::subclassRef().getAUse().asExpr() and
+      this.getParameter().getAnnotation() =
+        Pydantic::BaseModel::subclassRef().getAValueReachableFromSource().asExpr() and
       any(FastApiRouteSetup rs).getARequestHandler().getArgByName(_) = this.getParameter()
     }
   }
@@ -104,7 +105,8 @@ private module FastApi {
   private class WebSocketRequestHandlerParam extends Starlette::WebSocket::InstanceSource,
     DataFlow::ParameterNode {
     WebSocketRequestHandlerParam() {
-      this.getParameter().getAnnotation() = Starlette::WebSocket::classRef().getAUse().asExpr() and
+      this.getParameter().getAnnotation() =
+        Starlette::WebSocket::classRef().getAValueReachableFromSource().asExpr() and
       any(FastApiRouteSetup rs).getARequestHandler().getArgByName(_) = this.getParameter()
     }
   }
@@ -165,7 +167,7 @@ private module FastApi {
       // user-defined subclasses
       exists(Class cls, API::Node base |
         base = getModeledResponseClass(_).getASubclass*() and
-        cls.getABase() = base.getAUse().asExpr() and
+        cls.getABase() = base.getAValueReachableFromSource().asExpr() and
         responseClass.asSource().asExpr() = cls.getParent()
       |
         exists(Assign assign | assign = cls.getAStmt() |
@@ -257,7 +259,7 @@ private module FastApi {
 
       override string getMimetypeDefault() {
         exists(API::Node responseClass |
-          responseClass.getAUse() = routeSetup.getResponseClassArg() and
+          responseClass.getAValueReachableFromSource() = routeSetup.getResponseClassArg() and
           result = getDefaultMimeType(responseClass)
         )
         or
@@ -274,7 +276,7 @@ private module FastApi {
       FileSystemAccess::Range {
       FastApiRequestHandlerFileResponseReturn() {
         exists(API::Node responseClass |
-          responseClass.getAUse() = routeSetup.getResponseClassArg() and
+          responseClass.getAValueReachableFromSource() = routeSetup.getResponseClassArg() and
           responseClass = getModeledResponseClass("FileResponse").getASubclass*()
         )
       }
@@ -292,7 +294,7 @@ private module FastApi {
       HTTP::Server::HttpRedirectResponse::Range {
       FastApiRequestHandlerRedirectReturn() {
         exists(API::Node responseClass |
-          responseClass.getAUse() = routeSetup.getResponseClassArg() and
+          responseClass.getAValueReachableFromSource() = routeSetup.getResponseClassArg() and
           responseClass = getModeledResponseClass("RedirectResponse").getASubclass*()
         )
       }
@@ -311,7 +313,7 @@ private module FastApi {
     class RequestHandlerParam extends InstanceSource, DataFlow::ParameterNode {
       RequestHandlerParam() {
         this.getParameter().getAnnotation() =
-          getModeledResponseClass(_).getASubclass*().getAUse().asExpr() and
+          getModeledResponseClass(_).getASubclass*().getAValueReachableFromSource().asExpr() and
         any(FastApiRouteSetup rs).getARequestHandler().getArgByName(_) = this.getParameter()
       }
     }

python/ql/lib/semmle/python/frameworks/Flask.qll

@@ -305,7 +305,7 @@ module Flask {
       )
       or
       exists(FlaskViewClass vc |
-        this.getViewArg() = vc.asViewResult().getAUse() and
+        this.getViewArg() = vc.asViewResult().getAValueReachableFromSource() and
         result = vc.getARequestHandler()
       )
     }
@@ -339,7 +339,7 @@ module Flask {
    */
   private class FlaskRequestSource extends RemoteFlowSource::Range {
     FlaskRequestSource() {
-      this = request().getAUse() and
+      this = request().getAValueReachableFromSource() and
       not any(Import imp).contains(this.asExpr()) and
       not exists(ControlFlowNode def | this.asVar().getSourceVariable().hasDefiningNode(def) |
         any(Import imp).contains(def.getNode())
@@ -357,7 +357,7 @@ module Flask {
   private class InstanceTaintSteps extends InstanceTaintStepsHelper {
     InstanceTaintSteps() { this = "flask.Request" }
 
-    override DataFlow::Node getInstance() { result = request().getAUse() }
+    override DataFlow::Node getInstance() { result = request().getAValueReachableFromSource() }
 
     override string getAttributeName() {
       result in [
@@ -415,12 +415,13 @@ module Flask {
       // be able to do something more structured for providing modeling of the members
       // of a container-object.
       exists(API::Node files | files = request().getMember("files") |
-        this.asCfgNode().(SubscriptNode).getObject() = files.getAUse().asCfgNode()
+        this.asCfgNode().(SubscriptNode).getObject() =
+          files.getAValueReachableFromSource().asCfgNode()
         or
         this = files.getMember("get").getACall()
         or
         this.asCfgNode().(SubscriptNode).getObject() =
-          files.getMember("getlist").getReturn().getAUse().asCfgNode()
+          files.getMember("getlist").getReturn().getAValueReachableFromSource().asCfgNode()
       )
     }
   }

python/ql/lib/semmle/python/frameworks/Invoke.qll

@@ -39,7 +39,8 @@ private module Invoke {
             result = InvokeModule::Context::ContextClass::classRef().getACall()
             or
             exists(Function func |
-              func.getADecorator() = invoke().getMember("task").getAUse().asExpr() and
+              func.getADecorator() =
+                invoke().getMember("task").getAValueReachableFromSource().asExpr() and
               result.(DataFlow::ParameterNode).getParameter() = func.getArg(0)
             )
           )

python/ql/lib/semmle/python/frameworks/RuamelYaml.qll

@@ -44,7 +44,7 @@ private module RuamelYaml {
           API::moduleImport("ruamel")
               .getMember("yaml")
               .getMember(["SafeLoader", "BaseLoader", "CSafeLoader", "CBaseLoader"])
-              .getAUse()
+              .getAValueReachableFromSource()
       )
     }