Python: Adds modernized predicates and moves query over to them

BekaValentine · BekaValentine · commit 3bedd5cb58cc · 2020-03-03T16:02:25.000-08:00
diff --git a/python/ql/src/Exceptions/EmptyExcept.ql b/python/ql/src/Exceptions/EmptyExcept.ql
@@ -73,12 +73,27 @@ predicate encode_decode_objectapi(Expr ex, ClassObject type) {
     )
 }
 
+predicate encode_decode(Expr ex, ClassValue type) {
+    exists(string name |
+        ex.(Call).getFunc().(Attribute).getName() = name |
+        name = "encode" and type = ClassValue::unicodeEncodeError()
+        or
+        name = "decode" and type = ClassValue::unicodeDecodeError()
+    )
+}
+
 predicate small_handler_objectapi(ExceptStmt ex, Stmt s, ClassObject type) {
     not exists(ex.getTry().getStmt(1)) and
     s = ex.getTry().getStmt(0) and
     ex.getType().refersTo(type)
 }
 
+predicate small_handler(ExceptStmt ex, Stmt s, ClassValue type) {
+    not exists(ex.getTry().getStmt(1)) and
+    s = ex.getTry().getStmt(0) and
+    ex.getType().pointsTo(type)
+}
+
 /** Holds if this exception handler is sufficiently small in scope to not need a comment
  * as to what it is doing.
  */
@@ -95,12 +110,25 @@ predicate focussed_handler_objectapi(ExceptStmt ex) {
     )
 }
 
+predicate focussed_handler(ExceptStmt ex) {
+    exists(Stmt s, ClassValue type |
+        small_handler(ex, s, type) |
+        subscript(s) and type.getASuperType() = ClassValue::lookupError()
+        or
+        attribute_access(s) and type = ClassValue::attributeError()
+        or
+        s.(ExprStmt).getValue() instanceof Name and type = ClassValue::nameError()
+        or
+        encode_decode(s.(ExprStmt).getValue(), type)
+    )
+}
+
 Try try_return() {
    not exists(result.getStmt(1)) and result.getStmt(0) instanceof Return
 }
 
 from ExceptStmt ex
 where empty_except(ex) and no_else(ex) and no_comment(ex) and not non_local_control_flow(ex)
   and not ex.getTry() = try_return() and try_has_normal_exit(ex.getTry()) and
-  not focussed_handler_objectapi(ex)
+  not focussed_handler(ex)
 select ex, "'except' clause does nothing but pass and there is no explanatory comment."
diff --git a/python/ql/src/semmle/python/objects/ObjectAPI.qll b/python/ql/src/semmle/python/objects/ObjectAPI.qll
@@ -882,6 +882,11 @@ module ClassValue {
         result = TBuiltinClassObject(Builtin::builtin("KeyError"))
     }
     
+    /** Get the `ClassValue` for the `LookupError` class. */
+    ClassValue lookupError() {
+        result = TBuiltinClassObject(Builtin::builtin("LookupError"))
+    }
+    
     /** Get the `ClassValue` for the `IOError` class. */
     ClassValue ioError() {
         result = TBuiltinClassObject(Builtin::builtin("IOError"))
@@ -896,5 +901,15 @@ module ClassValue {
     ClassValue importError() {
         result = TBuiltinClassObject(Builtin::builtin("ImportError"))
     }
+    
+    /** Get the `ClassValue` for the `UnicodeEncodeError` class. */
+    ClassValue unicodeEncodeError() {
+        result = TBuiltinClassObject(Builtin::builtin("UnicodeEncodeError"))
+    }
+    
+    /** Get the `ClassValue` for the `UnicodeDecodeError` class. */
+    ClassValue unicodeDecodeError() {
+        result = TBuiltinClassObject(Builtin::builtin("UnicodeDecodeError"))
+    }
 
 }
