Replacing getParameter by getArg and getArgByName

ahmed-farid-dev · web-flow · commit 94b91536f974 · 2022-09-03T14:05:07.000+01:00
diff --git a/python/ql/src/experimental/semmle/python/security/TimingAttack.qll b/python/ql/src/experimental/semmle/python/security/TimingAttack.qll
@@ -203,12 +203,12 @@ class CredentialExpr extends Expr {
  *
  * For example: `request.headers.get("X-Auth-Token")`.
  */
-abstract class ClientSuppliedSecret extends API::CallNode { }
+abstract class ClientSuppliedSecret extends DataFlow::CallCfgNode { }
 
 private class FlaskClientSuppliedSecret extends ClientSuppliedSecret {
   FlaskClientSuppliedSecret() {
     this = Flask::request().getMember("headers").getMember(["get", "get_all", "getlist"]).getACall() and
-    this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() =
+    [this.getArg(0), this.getArgByName(["key", "name"])].asExpr().(StrConst).getText().toLowerCase() =
       sensitiveheaders()
   }
 }
@@ -220,7 +220,7 @@ private class DjangoClientSuppliedSecret extends ClientSuppliedSecret {
           .getMember(["headers", "META"])
           .getMember("get")
           .getACall() and
-    this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() =
+    [this.getArg(0), this.getArgByName("key")].asExpr().(StrConst).getText().toLowerCase() =
       sensitiveheaders()
   }
 }
@@ -233,7 +233,7 @@ API::Node requesthandler() {
 private class TornadoClientSuppliedSecret extends ClientSuppliedSecret {
   TornadoClientSuppliedSecret() {
     this = requesthandler().getMember(["headers", "META"]).getMember("get").getACall() and
-    this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() =
+    [this.getArg(0), this.getArgByName("key")].asExpr().(StrConst).getText().toLowerCase() =
       sensitiveheaders()
   }
 }
@@ -247,7 +247,7 @@ private class WerkzeugClientSuppliedSecret extends ClientSuppliedSecret {
   WerkzeugClientSuppliedSecret() {
     this =
       headers().getMember(["headers", "META"]).getMember(["get", "get_all", "getlist"]).getACall() and
-    this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() =
+    [this.getArg(0), this.getArgByName(["key", "name"])].asExpr().(StrConst).getText().toLowerCase() =
       sensitiveheaders()
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -203,12 +203,12 @@ class CredentialExpr extends Expr {`
`203`	`203`	`*`
`204`	`204`	* For example: `request.headers.get("X-Auth-Token")`.
`205`	`205`	`*/`
`206`		`-abstract class ClientSuppliedSecret extends API::CallNode { }`
	`206`	`+abstract class ClientSuppliedSecret extends DataFlow::CallCfgNode { }`
`207`	`207`
`208`	`208`	`private class FlaskClientSuppliedSecret extends ClientSuppliedSecret {`
`209`	`209`	`FlaskClientSuppliedSecret() {`
`210`	`210`	`this = Flask::request().getMember("headers").getMember(["get", "get_all", "getlist"]).getACall() and`
`211`		`- this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() =`
	`211`	`+ [this.getArg(0), this.getArgByName(["key", "name"])].asExpr().(StrConst).getText().toLowerCase() =`
`212`	`212`	`sensitiveheaders()`
`213`	`213`	`}`
`214`	`214`	`}`
`@@ -220,7 +220,7 @@ private class DjangoClientSuppliedSecret extends ClientSuppliedSecret {`
`220`	`220`	`.getMember(["headers", "META"])`
`221`	`221`	`.getMember("get")`
`222`	`222`	`.getACall() and`
`223`		`- this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() =`
	`223`	`+ [this.getArg(0), this.getArgByName("key")].asExpr().(StrConst).getText().toLowerCase() =`
`224`	`224`	`sensitiveheaders()`
`225`	`225`	`}`
`226`	`226`	`}`
`@@ -233,7 +233,7 @@ API::Node requesthandler() {`
`233`	`233`	`private class TornadoClientSuppliedSecret extends ClientSuppliedSecret {`
`234`	`234`	`TornadoClientSuppliedSecret() {`
`235`	`235`	`this = requesthandler().getMember(["headers", "META"]).getMember("get").getACall() and`
`236`		`- this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() =`
	`236`	`+ [this.getArg(0), this.getArgByName("key")].asExpr().(StrConst).getText().toLowerCase() =`
`237`	`237`	`sensitiveheaders()`
`238`	`238`	`}`
`239`	`239`	`}`
`@@ -247,7 +247,7 @@ private class WerkzeugClientSuppliedSecret extends ClientSuppliedSecret {`
`247`	`247`	`WerkzeugClientSuppliedSecret() {`
`248`	`248`	`this =`
`249`	`249`	`headers().getMember(["headers", "META"]).getMember(["get", "get_all", "getlist"]).getACall() and`
`250`		`- this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() =`
	`250`	`+ [this.getArg(0), this.getArgByName(["key", "name"])].asExpr().(StrConst).getText().toLowerCase() =`
`251`	`251`	`sensitiveheaders()`
`252`	`252`	`}`
`253`	`253`	`}`