Merge pull request github#5670 from tausbn/python-use-api-graphs-in-dill

RasmusWL · web-flow · commit 2d0c9b6bf265 · 2021-04-14T10:08:02.000+02:00
Python: Use API graphs in Dill model
diff --git a/python/ql/src/semmle/python/frameworks/Dill.qll b/python/ql/src/semmle/python/frameworks/Dill.qll
@@ -7,50 +7,19 @@ private import python
 private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.Concepts
-
-private module Dill {
-  /** Gets a reference to the `dill` module. */
-  private DataFlow::Node dill(DataFlow::TypeTracker t) {
-    t.start() and
-    result = DataFlow::importNode("dill")
-    or
-    exists(DataFlow::TypeTracker t2 | result = dill(t2).track(t2, t))
-  }
-
-  /** Gets a reference to the `dill` module. */
-  DataFlow::Node dill() { result = dill(DataFlow::TypeTracker::end()) }
-
-  /** Provides models for the `dill` module. */
-  module dill {
-    /** Gets a reference to the `dill.loads` function. */
-    private DataFlow::Node loads(DataFlow::TypeTracker t) {
-      t.start() and
-      result = DataFlow::importNode("dill.loads")
-      or
-      t.startInAttr("loads") and
-      result = dill()
-      or
-      exists(DataFlow::TypeTracker t2 | result = loads(t2).track(t2, t))
-    }
-
-    /** Gets a reference to the `dill.loads` function. */
-    DataFlow::Node loads() { result = loads(DataFlow::TypeTracker::end()) }
-  }
-}
+private import semmle.python.ApiGraphs
 
 /**
  * A call to `dill.loads`
  * See https://pypi.org/project/dill/ (which currently refers you
  * to https://docs.python.org/3/library/pickle.html#pickle.loads)
  */
-private class DillLoadsCall extends Decoding::Range, DataFlow::CfgNode {
-  override CallNode node;
-
-  DillLoadsCall() { node.getFunction() = Dill::dill::loads().asCfgNode() }
+private class DillLoadsCall extends Decoding::Range, DataFlow::CallCfgNode {
+  DillLoadsCall() { this = API::moduleImport("dill").getMember("loads").getACall() }
 
   override predicate mayExecuteInput() { any() }
 
-  override DataFlow::Node getAnInput() { result.asCfgNode() = node.getArg(0) }
+  override DataFlow::Node getAnInput() { result = this.getArg(0) }
 
   override DataFlow::Node getOutput() { result = this }
 
