Python: Port py/insecure-temporary-file

tausbn · tausbn · commit b8ce5e969e58 · 2021-02-23T20:02:22.000+01:00
diff --git a/python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql b/python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql
@@ -11,8 +11,9 @@
  */
 
 import python
+import semmle.python.ApiGraphs
 
-FunctionValue temporary_name_function(string mod, string function) {
+API::Node temporary_name_function(string mod, string function) {
   (
     mod = "tempfile" and function = "mktemp"
     or
@@ -23,9 +24,9 @@ FunctionValue temporary_name_function(string mod, string function) {
       function = "tempnam"
     )
   ) and
-  result = Module::named(mod).attr(function)
+  result = API::moduleImport(mod).getMember(function)
 }
 
 from Call c, string mod, string function
-where temporary_name_function(mod, function).getACall().getNode() = c
+where temporary_name_function(mod, function).getACall().asExpr() = c
 select c, "Call to deprecated function " + mod + "." + function + " may be insecure."

Original file line number	Diff line number	Diff line change
`@@ -11,8 +11,9 @@`
`11`	`11`	`*/`
`12`	`12`
`13`	`13`	`import python`
	`14`	`+import semmle.python.ApiGraphs`
`14`	`15`
`15`		`-FunctionValue temporary_name_function(string mod, string function) {`
	`16`	`+API::Node temporary_name_function(string mod, string function) {`
`16`	`17`	`(`
`17`	`18`	`mod = "tempfile" and function = "mktemp"`
`18`	`19`	`or`
`@@ -23,9 +24,9 @@ FunctionValue temporary_name_function(string mod, string function) {`
`23`	`24`	`function = "tempnam"`
`24`	`25`	`)`
`25`	`26`	`) and`
`26`		`- result = Module::named(mod).attr(function)`
	`27`	`+ result = API::moduleImport(mod).getMember(function)`
`27`	`28`	`}`
`28`	`29`
`29`	`30`	`from Call c, string mod, string function`
`30`		`-where temporary_name_function(mod, function).getACall().getNode() = c`
	`31`	`+where temporary_name_function(mod, function).getACall().asExpr() = c`
`31`	`32`	`select c, "Call to deprecated function " + mod + "." + function + " may be insecure."`