Python: Clean up py/insecure-protocol

tausbn · web-flow · commit c386f4a009a3 · 2021-06-18T17:22:42.000Z
Going all the way to the AST layer seemed excessive to me, so I rewrote
it to do most of the logic at the data-flow layer. In principle this
_could_ result in more names being computed (due to splitting), but in
practice I don't expect this make a big difference.
diff --git a/python/ql/src/Security/CWE-327/InsecureProtocol.ql b/python/ql/src/Security/CWE-327/InsecureProtocol.ql
@@ -27,37 +27,34 @@ class ProtocolConfiguration extends DataFlow::Node {
     unsafe_context_creation(this, _)
   }
 
-  AstNode getNode() { result = this.asCfgNode().(CallNode).getFunction().getNode() }
+  DataFlow::Node getNode() { result = this.(DataFlow::CallCfgNode).getFunction() }
 }
 
 // Helper for pretty printer `callName`.
 // This is a consequence of missing pretty priting.
 // We do not want to evaluate our bespoke pretty printer
-// for all `AstNode`s so we define a sub class of interesting ones.
-//
-// Note that AstNode is abstract and AstNode_ is a library class, so
-// we have to extend @py_ast_node.
-class Nameable extends @py_ast_node {
+// for all `DataFlow::Node`s so we define a sub class of interesting ones.
+class Nameable extends DataFlow::Node {
   Nameable() {
     this = any(ProtocolConfiguration pc).getNode()
     or
-    exists(Nameable attr | this = attr.(Attribute).getObject())
+    this = any(Nameable attr).(DataFlow::AttrRef).getObject()
   }
-
-  string toString() { result = "AstNode" }
 }
 
 string callName(Nameable call) {
-  result = call.(Name).getId()
+  result = call.asExpr().(Name).getId()
   or
-  exists(Attribute a | a = call | result = callName(a.getObject()) + "." + a.getName())
+  exists(DataFlow::AttrRef a | a = call |
+    result = callName(a.getObject()) + "." + a.getAttributeName()
+  )
 }
 
 string configName(ProtocolConfiguration protocolConfiguration) {
   result =
-    "call to " + callName(protocolConfiguration.asCfgNode().(CallNode).getFunction().getNode())
+    "call to " + callName(protocolConfiguration.(DataFlow::CallCfgNode).getFunction())
   or
-  not protocolConfiguration.asCfgNode() instanceof CallNode and
+  not protocolConfiguration instanceof DataFlow::CallCfgNode and
   not protocolConfiguration instanceof ContextCreation and
   result = "context modification"
 }
