Python: Don't allow getParameter(-1) for BoundMethodValue

RasmusWL · RasmusWL · commit 07ae40206f04 · 2020-05-05T11:37:10.000+02:00
As per discussion in the PR
diff --git a/python/ql/src/semmle/python/objects/Callables.qll b/python/ql/src/semmle/python/objects/Callables.qll
@@ -438,10 +438,18 @@ class BoundMethodObjectInternal extends CallableObjectInternal, TBoundMethod {
         PointsTo::pointsTo(result.getFunction(), ctx, this, _)
     }
 
-    override NameNode getParameter(int n) { result = this.getFunction().getParameter(n + 1) }
+    /** Gets the parameter node that will be used for `self`. */
+    NameNode getSelfParameter() { result = this.getFunction().getParameter(0) }
+
+    override NameNode getParameter(int n) {
+        result = this.getFunction().getParameter(n + 1) and
+        // don't return the parameter for `self` at `n = -1`
+        n >= 0
+    }
 
     override NameNode getParameterByName(string name) {
-        result = this.getFunction().getParameterByName(name)
+        result = this.getFunction().getParameterByName(name) and
+        not result = this.getSelfParameter()
     }
 
     override predicate neverReturns() { this.getFunction().neverReturns() }
diff --git a/python/ql/src/semmle/python/objects/ObjectAPI.qll b/python/ql/src/semmle/python/objects/ObjectAPI.qll
@@ -454,6 +454,9 @@ class BoundMethodValue extends CallableValue {
      * The value for `o` in `o.func`.
      */
     Value getSelf() { result = this.(BoundMethodObjectInternal).getSelf() }
+
+    /** Gets the parameter node that will be used for `self`. */
+    NameNode getSelfParameter() { result = this.(BoundMethodObjectInternal).getSelfParameter() }
 }
 
 /**
diff --git a/python/ql/test/library-tests/PointsTo/calls/getParameter.expected b/python/ql/test/library-tests/PointsTo/calls/getParameter.expected
@@ -5,9 +5,6 @@
 | Function f | 1 | ControlFlowNode for arg1 |
 | Function f | 2 | ControlFlowNode for arg2 |
 | Method(Function C.n, C()) | 0 | ControlFlowNode for arg1 |
-| Method(Function C.n, C()) | -1 | ControlFlowNode for self |
 | Method(Function C.n, class C) | 0 | ControlFlowNode for arg1 |
-| Method(Function C.n, class C) | -1 | ControlFlowNode for self |
 | Method(Function f, C()) | 0 | ControlFlowNode for arg1 |
 | Method(Function f, C()) | 1 | ControlFlowNode for arg2 |
-| Method(Function f, C()) | -1 | ControlFlowNode for arg0 |
diff --git a/python/ql/test/library-tests/PointsTo/calls/getParameterByName.expected b/python/ql/test/library-tests/PointsTo/calls/getParameterByName.expected
@@ -5,9 +5,6 @@
 | Function f | arg1 | ControlFlowNode for arg1 |
 | Function f | arg2 | ControlFlowNode for arg2 |
 | Method(Function C.n, C()) | arg1 | ControlFlowNode for arg1 |
-| Method(Function C.n, C()) | self | ControlFlowNode for self |
 | Method(Function C.n, class C) | arg1 | ControlFlowNode for arg1 |
-| Method(Function C.n, class C) | self | ControlFlowNode for self |
-| Method(Function f, C()) | arg0 | ControlFlowNode for arg0 |
 | Method(Function f, C()) | arg1 | ControlFlowNode for arg1 |
 | Method(Function f, C()) | arg2 | ControlFlowNode for arg2 |

Original file line number	Diff line number	Diff line change
`@@ -454,6 +454,9 @@ class BoundMethodValue extends CallableValue {`
`454`	`454`	* The value for `o` in `o.func`.
`455`	`455`	`*/`
`456`	`456`	`Value getSelf() { result = this.(BoundMethodObjectInternal).getSelf() }`
	`457`	`+`
	`458`	+ /** Gets the parameter node that will be used for `self`. */
	`459`	`+ NameNode getSelfParameter() { result = this.(BoundMethodObjectInternal).getSelfParameter() }`
`457`	`460`	`}`
`458`	`461`
`459`	`462`	`/**`