Python: ObjectAPI to ValueAPI: ReturnValueIgnored: Adds getAReturnType

BekaValentine · BekaValentine · commit 093eb714332b · 2020-04-01T00:17:12.000-07:00
diff --git a/python/ql/src/semmle/python/objects/ObjectAPI.qll b/python/ql/src/semmle/python/objects/ObjectAPI.qll
@@ -517,8 +517,9 @@ abstract class FunctionValue extends CallableValue {
 
     /** Gets a class that this function may return */
     ClassValue getAnInferredReturnType() {
-        //result = this.(BuiltinCallable).getAReturnType()
-        result = this.getScope().getAReturnValueFlowNode().pointsTo().getClass()
+        result = this.(BuiltinFunctionValue).getAReturnType()
+        or
+        result = this.(BuiltinMethodValue).getAReturnType()
     }
 }
 
@@ -575,6 +576,29 @@ class BuiltinFunctionValue extends FunctionValue {
     override int maxParameters() {
         none()
     }
+
+    ClassValue getAReturnType() {
+        /* Enumerate the types of a few builtin functions, that the CPython analysis misses.
+        */
+        this = TBuiltinFunctionObject(Builtin::builtin("hex")) and result = ClassValue::str()
+        or
+        this = TBuiltinFunctionObject(Builtin::builtin("oct")) and result = ClassValue::str()
+        or
+        this = TBuiltinFunctionObject(Builtin::builtin("intern")) and result = ClassValue::str()
+        or
+        /* Fix a few minor inaccuracies in the CPython analysis */ 
+        exists(Builtin mthd, Builtin cls | this = TBuiltinFunctionObject(mthd) and result = TBuiltinClassObject(cls)
+        | ext_rettype(mthd, cls)) and
+        not (
+            this = TBuiltinFunctionObject(Builtin::builtin("__import__")) and result = ClassValue::nonetype()
+            or
+            this = TBuiltinFunctionObject(Builtin::builtin("compile")) and result = ClassValue::nonetype()
+            or
+            this = TBuiltinFunctionObject(Builtin::builtin("sum"))
+            or
+            this = TBuiltinFunctionObject(Builtin::builtin("filter"))
+        )
+    }
 }
 
 /** Class representing builtin methods, such as `list.append` or `set.add` */
@@ -600,6 +624,15 @@ class BuiltinMethodValue extends FunctionValue {
         none()
     }
 
+    ClassValue getAReturnType() {
+        exists(Builtin mthd, Builtin cls |
+            this = TBuiltinMethodObject(mthd) and
+            result = TBuiltinClassObject(cls)
+        |
+            ext_rettype(mthd, cls)
+        )
+    }
+
 }
 
 /** A class representing sequence objects with a length and tracked items.
diff --git a/python/ql/test/query-tests/Functions/return_values/ReturnValueIgnored.expected b/python/ql/test/query-tests/Functions/return_values/ReturnValueIgnored.expected
@@ -1,3 +1,3 @@
 | functions_test.py:159:5:159:9 | ExprStmt | Call discards return value of function $@. The result is used in 80% of calls. | functions_test.py:12:1:12:11 | Function ok2 | ok2 |
 | functions_test.py:160:5:160:9 | ExprStmt | Call discards return value of function $@. The result is used in 80% of calls. | functions_test.py:36:1:36:11 | Function ok4 | ok4 |
-| functions_test.py:161:5:161:17 | ExprStmt | Call discards return value of function $@. The result is used in 80% of calls. | file://:Compiled Code:0:0:0:0 | Builtin-function sorted | sorted |
+| functions_test.py:161:5:161:17 | ExprStmt | Call discards return value of function $@. The result is used in 80% of calls. | file://:0:0:0:0 | Builtin-function sorted | sorted |
