Python: asCfgNode cleanup

tausbn · web-flow · commit 9351688da86d · 2021-06-18T17:22:42.000Z
diff --git a/python/ql/src/Security/CWE-327/PyOpenSSL.qll b/python/ql/src/Security/CWE-327/PyOpenSSL.qll
@@ -13,12 +13,12 @@ class PyOpenSSLContextCreation extends ContextCreation, DataFlow::CallCfgNode {
   }
 
   override string getProtocol() {
-    exists(ControlFlowNode protocolArg, PyOpenSSL pyo |
-      protocolArg in [node.getArg(0), node.getArgByName("method")]
+    exists(DataFlow::Node protocolArg, PyOpenSSL pyo |
+      protocolArg in [this.getArg(0), this.getArgByName("method")]
     |
-      protocolArg =
-        [pyo.specific_version(result).getAUse(), pyo.unspecific_version(result).getAUse()]
-            .asCfgNode()
+      protocolArg in [
+          pyo.specific_version(result).getAUse(), pyo.unspecific_version(result).getAUse()
+        ]
     )
   }
 }
@@ -29,7 +29,7 @@ class ConnectionCall extends ConnectionCreation, DataFlow::CallCfgNode {
   }
 
   override DataFlow::CfgNode getContext() {
-    result.getNode() in [node.getArg(0), node.getArgByName("context")]
+    result in [this.getArg(0), this.getArgByName("context")]
   }
 }
 
@@ -43,8 +43,8 @@ class SetOptionsCall extends ProtocolRestriction, DataFlow::CallCfgNode {
   }
 
   override ProtocolVersion getRestriction() {
-    API::moduleImport("OpenSSL").getMember("SSL").getMember("OP_NO_" + result).getAUse().asCfgNode() in [
-        node.getArg(0), node.getArgByName("options")
+    API::moduleImport("OpenSSL").getMember("SSL").getMember("OP_NO_" + result).getAUse() in [
+        this.getArg(0), this.getArgByName("options")
       ]
   }
 }
diff --git a/python/ql/src/Security/CWE-327/Ssl.qll b/python/ql/src/Security/CWE-327/Ssl.qll
@@ -11,15 +11,14 @@ class SSLContextCreation extends ContextCreation, DataFlow::CallCfgNode {
   SSLContextCreation() { this = API::moduleImport("ssl").getMember("SSLContext").getACall() }
 
   override string getProtocol() {
-    exists(ControlFlowNode protocolArg, Ssl ssl |
-      protocolArg in [node.getArg(0), node.getArgByName("protocol")]
+    exists(DataFlow::Node protocolArg, Ssl ssl |
+      protocolArg in [this.getArg(0), this.getArgByName("protocol")]
     |
       protocolArg =
         [ssl.specific_version(result).getAUse(), ssl.unspecific_version(result).getAUse()]
-            .asCfgNode()
     )
     or
-    not exists(node.getAnArg()) and
+    not exists(this.getArg(_)) and
     result = "TLS"
   }
 }
@@ -133,7 +132,7 @@ class ContextSetVersion extends ProtocolRestriction, ProtocolUnrestriction, Data
 
   ContextSetVersion() {
     exists(DataFlow::AttrWrite aw |
-      aw.getObject().asCfgNode() = node and
+      this = aw.getObject() and
       aw.getAttributeName() = "minimum_version" and
       aw.getValue() =
         API::moduleImport("ssl").getMember("TLSVersion").getMember(restriction).getAUse()
diff --git a/python/ql/src/experimental/semmle/python/frameworks/ClickHouseDriver.qll b/python/ql/src/experimental/semmle/python/frameworks/ClickHouseDriver.qll
@@ -80,6 +80,6 @@ module ClickHouseDriver {
   private class ExecuteCall extends SqlExecution::Range, DataFlow::CallCfgNode {
     ExecuteCall() { this.getFunction() = clickhouse_execute() }
 
-    override DataFlow::Node getSql() { result.asCfgNode() = node.getArg(0) }
+    override DataFlow::Node getSql() { result = this.getArg(0) }
   }
 }
diff --git a/python/ql/src/semmle/python/dataflow/new/SensitiveDataSources.qll b/python/ql/src/semmle/python/dataflow/new/SensitiveDataSources.qll
@@ -243,7 +243,7 @@ private module SensitiveDataModeling {
     SensitiveDataClassification classification;
 
     SensitiveGetCall() {
-      this.getFunction().asCfgNode().(AttrNode).getName() = "get" and
+      this.getFunction().(DataFlow::AttrRef).getAttributeName() = "get" and
       this.getArg(0) = sensitiveLookupStringConst(classification)
     }
 
diff --git a/python/ql/src/semmle/python/frameworks/Django.qll b/python/ql/src/semmle/python/frameworks/Django.qll
@@ -401,11 +401,11 @@ private module PrivateDjango {
              * Gets an instance of the `django.db.models.expressions.RawSQL` class,
              * that was initiated with the SQL represented by `sql`.
              */
-            private DataFlow::LocalSourceNode instance(DataFlow::TypeTracker t, ControlFlowNode sql) {
+            private DataFlow::LocalSourceNode instance(DataFlow::TypeTracker t, DataFlow::Node sql) {
               t.start() and
               exists(DataFlow::CallCfgNode c | result = c |
                 c = classRef().getACall() and
-                c.getArg(0).asCfgNode() = sql
+                c.getArg(0) = sql
               )
               or
               exists(DataFlow::TypeTracker t2 | result = instance(t2, sql).track(t2, t))
@@ -415,7 +415,7 @@ private module PrivateDjango {
              * Gets an instance of the `django.db.models.expressions.RawSQL` class,
              * that was initiated with the SQL represented by `sql`.
              */
-            DataFlow::Node instance(ControlFlowNode sql) {
+            DataFlow::Node instance(DataFlow::Node sql) {
               instance(DataFlow::TypeTracker::end(), sql).flowsTo(result)
             }
           }
@@ -431,7 +431,7 @@ private module PrivateDjango {
      * See https://docs.djangoproject.com/en/3.1/ref/models/querysets/#annotate
      */
     private class ObjectsAnnotate extends SqlExecution::Range, DataFlow::CallCfgNode {
-      ControlFlowNode sql;
+      DataFlow::Node sql;
 
       ObjectsAnnotate() {
         this = django::db::models::querySetReturningMethod("annotate").getACall() and
@@ -440,7 +440,7 @@ private module PrivateDjango {
           ]
       }
 
-      override DataFlow::Node getSql() { result.asCfgNode() = sql }
+      override DataFlow::Node getSql() { result = sql }
     }
 
     /**
@@ -449,7 +449,7 @@ private module PrivateDjango {
      * See https://docs.djangoproject.com/en/3.2/ref/models/querysets/#alias
      */
     private class ObjectsAlias extends SqlExecution::Range, DataFlow::CallCfgNode {
-      ControlFlowNode sql;
+      DataFlow::Node sql;
 
       ObjectsAlias() {
         this = django::db::models::querySetReturningMethod("alias").getACall() and
@@ -458,7 +458,7 @@ private module PrivateDjango {
           ]
       }
 
-      override DataFlow::Node getSql() { result.asCfgNode() = sql }
+      override DataFlow::Node getSql() { result = sql }
     }
 
     /**
@@ -631,12 +631,12 @@ private module PrivateDjango {
             ClassInstantiation() { this = classRef().getACall() }
 
             override DataFlow::Node getBody() {
-              result.asCfgNode() in [node.getArg(0), node.getArgByName("content")]
+              result in [this.getArg(0), this.getArgByName("content")]
             }
 
             // How to support the `headers` argument here?
             override DataFlow::Node getMimetypeOrContentTypeArg() {
-              result.asCfgNode() in [node.getArg(1), node.getArgByName("content_type")]
+              result in [this.getArg(1), this.getArgByName("content_type")]
             }
 
             override string getMimetypeDefault() { result = "text/html" }
@@ -695,11 +695,11 @@ private module PrivateDjango {
               // note that even though browsers like Chrome usually doesn't fetch the
               // content of a redirect, it is possible to observe the body (for example,
               // with cURL).
-              result.asCfgNode() in [node.getArg(1), node.getArgByName("content")]
+              result in [this.getArg(1), this.getArgByName("content")]
             }
 
             override DataFlow::Node getRedirectLocation() {
-              result.asCfgNode() in [node.getArg(0), node.getArgByName("redirect_to")]
+              result in [this.getArg(0), this.getArgByName("redirect_to")]
             }
 
             // How to support the `headers` argument here?
@@ -757,11 +757,11 @@ private module PrivateDjango {
               // note that even though browsers like Chrome usually doesn't fetch the
               // content of a redirect, it is possible to observe the body (for example,
               // with cURL).
-              result.asCfgNode() in [node.getArg(1), node.getArgByName("content")]
+              result in [this.getArg(1), this.getArgByName("content")]
             }
 
             override DataFlow::Node getRedirectLocation() {
-              result.asCfgNode() in [node.getArg(0), node.getArgByName("redirect_to")]
+              result in [this.getArg(0), this.getArgByName("redirect_to")]
             }
 
             // How to support the `headers` argument here?
@@ -868,7 +868,7 @@ private module PrivateDjango {
             ClassInstantiation() { this = classRef().getACall() }
 
             override DataFlow::Node getBody() {
-              result.asCfgNode() in [node.getArg(0), node.getArgByName("content")]
+              result in [this.getArg(0), this.getArgByName("content")]
             }
 
             // How to support the `headers` argument here?
@@ -922,7 +922,7 @@ private module PrivateDjango {
             ClassInstantiation() { this = classRef().getACall() }
 
             override DataFlow::Node getBody() {
-              result.asCfgNode() in [node.getArg(0), node.getArgByName("content")]
+              result in [this.getArg(0), this.getArgByName("content")]
             }
 
             // How to support the `headers` argument here?
@@ -976,7 +976,7 @@ private module PrivateDjango {
             ClassInstantiation() { this = classRef().getACall() }
 
             override DataFlow::Node getBody() {
-              result.asCfgNode() in [node.getArg(0), node.getArgByName("content")]
+              result in [this.getArg(0), this.getArgByName("content")]
             }
 
             // How to support the `headers` argument here?
@@ -1031,7 +1031,7 @@ private module PrivateDjango {
 
             override DataFlow::Node getBody() {
               // First argument is permitted methods
-              result.asCfgNode() in [node.getArg(1), node.getArgByName("content")]
+              result in [this.getArg(1), this.getArgByName("content")]
             }
 
             // How to support the `headers` argument here?
@@ -1085,7 +1085,7 @@ private module PrivateDjango {
             ClassInstantiation() { this = classRef().getACall() }
 
             override DataFlow::Node getBody() {
-              result.asCfgNode() in [node.getArg(0), node.getArgByName("content")]
+              result in [this.getArg(0), this.getArgByName("content")]
             }
 
             // How to support the `headers` argument here?
@@ -1139,7 +1139,7 @@ private module PrivateDjango {
             ClassInstantiation() { this = classRef().getACall() }
 
             override DataFlow::Node getBody() {
-              result.asCfgNode() in [node.getArg(0), node.getArgByName("content")]
+              result in [this.getArg(0), this.getArgByName("content")]
             }
 
             // How to support the `headers` argument here?
@@ -1193,7 +1193,7 @@ private module PrivateDjango {
             ClassInstantiation() { this = classRef().getACall() }
 
             override DataFlow::Node getBody() {
-              result.asCfgNode() in [node.getArg(0), node.getArgByName("data")]
+              result in [this.getArg(0), this.getArgByName("data")]
             }
 
             // How to support the `headers` argument here?
@@ -1250,7 +1250,7 @@ private module PrivateDjango {
             ClassInstantiation() { this = classRef().getACall() }
 
             override DataFlow::Node getBody() {
-              result.asCfgNode() in [node.getArg(0), node.getArgByName("streaming_content")]
+              result in [this.getArg(0), this.getArgByName("streaming_content")]
             }
 
             // How to support the `headers` argument here?
@@ -1304,7 +1304,7 @@ private module PrivateDjango {
             ClassInstantiation() { this = classRef().getACall() }
 
             override DataFlow::Node getBody() {
-              result.asCfgNode() in [node.getArg(0), node.getArgByName("streaming_content")]
+              result in [this.getArg(0), this.getArgByName("streaming_content")]
             }
 
             // How to support the `headers` argument here?
@@ -1349,14 +1349,13 @@ private module PrivateDjango {
          *
          * See https://docs.djangoproject.com/en/3.1/ref/request-response/#django.http.HttpResponse.write
          */
-        class HttpResponseWriteCall extends HTTP::Server::HttpResponse::Range, DataFlow::CfgNode {
-          override CallNode node;
+        class HttpResponseWriteCall extends HTTP::Server::HttpResponse::Range, DataFlow::CallCfgNode {
           HTTP::Server::HttpResponse::Range instance;
 
           HttpResponseWriteCall() { node.getFunction() = write(instance).asCfgNode() }
 
           override DataFlow::Node getBody() {
-            result.asCfgNode() in [node.getArg(0), node.getArgByName("content")]
+            result in [this.getArg(0), this.getArgByName("content")]
           }
 
           override DataFlow::Node getMimetypeOrContentTypeArg() {
@@ -1639,12 +1638,10 @@ private module PrivateDjango {
     DjangoUrlsPathCall() { this = django::urls::path().getACall() }
 
     override DataFlow::Node getUrlPatternArg() {
-      result.asCfgNode() = [node.getArg(0), node.getArgByName("route")]
+      result in [this.getArg(0), this.getArgByName("route")]
     }
 
-    override DataFlow::Node getViewArg() {
-      result.asCfgNode() in [node.getArg(1), node.getArgByName("view")]
-    }
+    override DataFlow::Node getViewArg() { result in [this.getArg(1), this.getArgByName("view")] }
 
     override Parameter getARoutedParameter() {
       // If we don't know the URL pattern, we simply mark all parameters as a routed
@@ -1739,12 +1736,10 @@ private module PrivateDjango {
     }
 
     override DataFlow::Node getUrlPatternArg() {
-      result.asCfgNode() = [node.getArg(0), node.getArgByName("route")]
+      result in [this.getArg(0), this.getArgByName("route")]
     }
 
-    override DataFlow::Node getViewArg() {
-      result.asCfgNode() in [node.getArg(1), node.getArgByName("view")]
-    }
+    override DataFlow::Node getViewArg() { result in [this.getArg(1), this.getArgByName("view")] }
   }
 
   /**
@@ -1756,12 +1751,10 @@ private module PrivateDjango {
     DjangoConfUrlsUrlCall() { this = django::conf::conf_urls::url().getACall() }
 
     override DataFlow::Node getUrlPatternArg() {
-      result.asCfgNode() = [node.getArg(0), node.getArgByName("regex")]
+      result in [this.getArg(0), this.getArgByName("regex")]
     }
 
-    override DataFlow::Node getViewArg() {
-      result.asCfgNode() in [node.getArg(1), node.getArgByName("view")]
-    }
+    override DataFlow::Node getViewArg() { result in [this.getArg(1), this.getArgByName("view")] }
   }
 
   // ---------------------------------------------------------------------------
@@ -1872,7 +1865,7 @@ private module PrivateDjango {
      * a string identifying a view, or a Django model.
      */
     override DataFlow::Node getRedirectLocation() {
-      result.asCfgNode() in [node.getArg(0), node.getArgByName("to")]
+      result in [this.getArg(0), this.getArgByName("to")]
     }
 
     override DataFlow::Node getBody() { none() }
diff --git a/python/ql/src/semmle/python/frameworks/Fabric.qll b/python/ql/src/semmle/python/frameworks/Fabric.qll
@@ -48,7 +48,7 @@ private module FabricV1 {
         FabricApiLocalRunSudoCall() { this = api().getMember(["local", "run", "sudo"]).getACall() }
 
         override DataFlow::Node getCommand() {
-          result.asCfgNode() = [node.getArg(0), node.getArgByName("command")]
+          result = [this.getArg(0), this.getArgByName("command")]
         }
       }
     }
@@ -159,7 +159,7 @@ private module FabricV2 {
       }
 
       override DataFlow::Node getCommand() {
-        result.asCfgNode() = [node.getArg(0), node.getArgByName("command")]
+        result = [this.getArg(0), this.getArgByName("command")]
       }
     }
 
@@ -239,7 +239,7 @@ private module FabricV2 {
         FabricGroupRunCall() { this = fabric::group::Group::subclassInstanceRunMethod().getACall() }
 
         override DataFlow::Node getCommand() {
-          result.asCfgNode() = [node.getArg(0), node.getArgByName("command")]
+          result = [this.getArg(0), this.getArgByName("command")]
         }
       }
 
diff --git a/python/ql/src/semmle/python/frameworks/Invoke.qll b/python/ql/src/semmle/python/frameworks/Invoke.qll
@@ -81,7 +81,7 @@ private module Invoke {
     }
 
     override DataFlow::Node getCommand() {
-      result.asCfgNode() in [node.getArg(0), node.getArgByName("command")]
+      result in [this.getArg(0), this.getArgByName("command")]
     }
   }
 }
diff --git a/python/ql/src/semmle/python/frameworks/PEP249.qll b/python/ql/src/semmle/python/frameworks/PEP249.qll
@@ -123,6 +123,6 @@ private class ExecuteCall extends SqlExecution::Range, DataFlow::CallCfgNode {
   ExecuteCall() { this.getFunction() = execute() }
 
   override DataFlow::Node getSql() {
-    result.asCfgNode() in [node.getArg(0), node.getArgByName("sql")]
+    result in [this.getArg(0), this.getArgByName("sql")]
   }
 }
diff --git a/python/ql/src/semmle/python/frameworks/Stdlib.qll b/python/ql/src/semmle/python/frameworks/Stdlib.qll
diff --git a/python/ql/src/semmle/python/frameworks/Tornado.qll b/python/ql/src/semmle/python/frameworks/Tornado.qll
diff --git a/python/ql/src/semmle/python/frameworks/Werkzeug.qll b/python/ql/src/semmle/python/frameworks/Werkzeug.qll

Original file line number	Diff line number	Diff line change
`@@ -13,12 +13,12 @@ class PyOpenSSLContextCreation extends ContextCreation, DataFlow::CallCfgNode {`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`override string getProtocol() {`
`16`		`- exists(ControlFlowNode protocolArg, PyOpenSSL pyo \|`
`17`		`- protocolArg in [node.getArg(0), node.getArgByName("method")]`
	`16`	`+ exists(DataFlow::Node protocolArg, PyOpenSSL pyo \|`
	`17`	`+ protocolArg in [this.getArg(0), this.getArgByName("method")]`
`18`	`18`	`\|`
`19`		`- protocolArg =`
`20`		`- [pyo.specific_version(result).getAUse(), pyo.unspecific_version(result).getAUse()]`
`21`		`- .asCfgNode()`
	`19`	`+ protocolArg in [`
	`20`	`+ pyo.specific_version(result).getAUse(), pyo.unspecific_version(result).getAUse()`
	`21`	`+ ]`
`22`	`22`	`)`
`23`	`23`	`}`
`24`	`24`	`}`
`@@ -29,7 +29,7 @@ class ConnectionCall extends ConnectionCreation, DataFlow::CallCfgNode {`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`override DataFlow::CfgNode getContext() {`
`32`		`- result.getNode() in [node.getArg(0), node.getArgByName("context")]`
	`32`	`+ result in [this.getArg(0), this.getArgByName("context")]`
`33`	`33`	`}`
`34`	`34`	`}`
`35`	`35`
`@@ -43,8 +43,8 @@ class SetOptionsCall extends ProtocolRestriction, DataFlow::CallCfgNode {`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`override ProtocolVersion getRestriction() {`
`46`		`- API::moduleImport("OpenSSL").getMember("SSL").getMember("OP_NO_" + result).getAUse().asCfgNode() in [`
`47`		`- node.getArg(0), node.getArgByName("options")`
	`46`	`+ API::moduleImport("OpenSSL").getMember("SSL").getMember("OP_NO_" + result).getAUse() in [`
	`47`	`+ this.getArg(0), this.getArgByName("options")`
`48`	`48`	`]`
`49`	`49`	`}`
`50`	`50`	`}`
Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,6 @@ module ClickHouseDriver {`
`80`	`80`	`private class ExecuteCall extends SqlExecution::Range, DataFlow::CallCfgNode {`
`81`	`81`	`ExecuteCall() { this.getFunction() = clickhouse_execute() }`
`82`	`82`
`83`		`- override DataFlow::Node getSql() { result.asCfgNode() = node.getArg(0) }`
	`83`	`+ override DataFlow::Node getSql() { result = this.getArg(0) }`
`84`	`84`	`}`
`85`	`85`	`}`
Original file line number	Diff line number	Diff line change
`@@ -243,7 +243,7 @@ private module SensitiveDataModeling {`
`243`	`243`	`SensitiveDataClassification classification;`
`244`	`244`
`245`	`245`	`SensitiveGetCall() {`
`246`		`- this.getFunction().asCfgNode().(AttrNode).getName() = "get" and`
	`246`	`+ this.getFunction().(DataFlow::AttrRef).getAttributeName() = "get" and`
`247`	`247`	`this.getArg(0) = sensitiveLookupStringConst(classification)`
`248`	`248`	`}`
`249`	`249`
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ private module FabricV1 {`
`48`	`48`	`FabricApiLocalRunSudoCall() { this = api().getMember(["local", "run", "sudo"]).getACall() }`
`49`	`49`
`50`	`50`	`override DataFlow::Node getCommand() {`
`51`		`- result.asCfgNode() = [node.getArg(0), node.getArgByName("command")]`
	`51`	`+ result = [this.getArg(0), this.getArgByName("command")]`
`52`	`52`	`}`
`53`	`53`	`}`
`54`	`54`	`}`
`@@ -159,7 +159,7 @@ private module FabricV2 {`
`159`	`159`	`}`
`160`	`160`
`161`	`161`	`override DataFlow::Node getCommand() {`
`162`		`- result.asCfgNode() = [node.getArg(0), node.getArgByName("command")]`
	`162`	`+ result = [this.getArg(0), this.getArgByName("command")]`
`163`	`163`	`}`
`164`	`164`	`}`
`165`	`165`
`@@ -239,7 +239,7 @@ private module FabricV2 {`
`239`	`239`	`FabricGroupRunCall() { this = fabric::group::Group::subclassInstanceRunMethod().getACall() }`
`240`	`240`
`241`	`241`	`override DataFlow::Node getCommand() {`
`242`		`- result.asCfgNode() = [node.getArg(0), node.getArgByName("command")]`
	`242`	`+ result = [this.getArg(0), this.getArgByName("command")]`
`243`	`243`	`}`
`244`	`244`	`}`
`245`	`245`
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ private module Invoke {`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`override DataFlow::Node getCommand() {`
`84`		`- result.asCfgNode() in [node.getArg(0), node.getArgByName("command")]`
	`84`	`+ result in [this.getArg(0), this.getArgByName("command")]`
`85`	`85`	`}`
`86`	`86`	`}`
`87`	`87`	`}`
Original file line number	Diff line number	Diff line change
`@@ -123,6 +123,6 @@ private class ExecuteCall extends SqlExecution::Range, DataFlow::CallCfgNode {`
`123`	`123`	`ExecuteCall() { this.getFunction() = execute() }`
`124`	`124`
`125`	`125`	`override DataFlow::Node getSql() {`
`126`		`- result.asCfgNode() in [node.getArg(0), node.getArgByName("sql")]`
	`126`	`+ result in [this.getArg(0), this.getArgByName("sql")]`
`127`	`127`	`}`
`128`	`128`	`}`