Merge pull request github#6111 from tausbn/python-a-few-minor-cleanups

Python: A few minor bits of cleanup

Author: RasmusWL

python/ql/src/Security/CWE-327/InsecureProtocol.ql

@@ -27,37 +27,33 @@ class ProtocolConfiguration extends DataFlow::Node {
     unsafe_context_creation(this, _)
   }
 
-  AstNode getNode() { result = this.asCfgNode().(CallNode).getFunction().getNode() }
+  DataFlow::Node getNode() { result = this.(DataFlow::CallCfgNode).getFunction() }
 }
 
 // Helper for pretty printer `callName`.
 // This is a consequence of missing pretty priting.
 // We do not want to evaluate our bespoke pretty printer
-// for all `AstNode`s so we define a sub class of interesting ones.
-//
-// Note that AstNode is abstract and AstNode_ is a library class, so
-// we have to extend @py_ast_node.
-class Nameable extends @py_ast_node {
+// for all `DataFlow::Node`s so we define a sub class of interesting ones.
+class Nameable extends DataFlow::Node {
   Nameable() {
     this = any(ProtocolConfiguration pc).getNode()
     or
-    exists(Nameable attr | this = attr.(Attribute).getObject())
+    this = any(Nameable attr).(DataFlow::AttrRef).getObject()
   }
-
-  string toString() { result = "AstNode" }
 }
 
 string callName(Nameable call) {
-  result = call.(Name).getId()
+  result = call.asExpr().(Name).getId()
   or
-  exists(Attribute a | a = call | result = callName(a.getObject()) + "." + a.getName())
+  exists(DataFlow::AttrRef a | a = call |
+    result = callName(a.getObject()) + "." + a.getAttributeName()
+  )
 }
 
 string configName(ProtocolConfiguration protocolConfiguration) {
-  result =
-    "call to " + callName(protocolConfiguration.asCfgNode().(CallNode).getFunction().getNode())
+  result = "call to " + callName(protocolConfiguration.(DataFlow::CallCfgNode).getFunction())
   or
-  not protocolConfiguration.asCfgNode() instanceof CallNode and
+  not protocolConfiguration instanceof DataFlow::CallCfgNode and
   not protocolConfiguration instanceof ContextCreation and
   result = "context modification"
 }

python/ql/src/Security/CWE-327/PyOpenSSL.qll

@@ -13,12 +13,12 @@ class PyOpenSSLContextCreation extends ContextCreation, DataFlow::CallCfgNode {
   }
 
   override string getProtocol() {
-    exists(ControlFlowNode protocolArg, PyOpenSSL pyo |
-      protocolArg in [node.getArg(0), node.getArgByName("method")]
+    exists(DataFlow::Node protocolArg, PyOpenSSL pyo |
+      protocolArg in [this.getArg(0), this.getArgByName("method")]
     |
-      protocolArg =
-        [pyo.specific_version(result).getAUse(), pyo.unspecific_version(result).getAUse()]
-            .asCfgNode()
+      protocolArg in [
+          pyo.specific_version(result).getAUse(), pyo.unspecific_version(result).getAUse()
+        ]
     )
   }
 }
@@ -29,7 +29,7 @@ class ConnectionCall extends ConnectionCreation, DataFlow::CallCfgNode {
   }
 
   override DataFlow::CfgNode getContext() {
-    result.getNode() in [node.getArg(0), node.getArgByName("context")]
+    result in [this.getArg(0), this.getArgByName("context")]
   }
 }
 
@@ -43,8 +43,8 @@ class SetOptionsCall extends ProtocolRestriction, DataFlow::CallCfgNode {
   }
 
   override ProtocolVersion getRestriction() {
-    API::moduleImport("OpenSSL").getMember("SSL").getMember("OP_NO_" + result).getAUse().asCfgNode() in [
-        node.getArg(0), node.getArgByName("options")
+    API::moduleImport("OpenSSL").getMember("SSL").getMember("OP_NO_" + result).getAUse() in [
+        this.getArg(0), this.getArgByName("options")
       ]
   }
 }

python/ql/src/Security/CWE-327/Ssl.qll

@@ -11,15 +11,15 @@ class SSLContextCreation extends ContextCreation, DataFlow::CallCfgNode {
   SSLContextCreation() { this = API::moduleImport("ssl").getMember("SSLContext").getACall() }
 
   override string getProtocol() {
-    exists(ControlFlowNode protocolArg, Ssl ssl |
-      protocolArg in [node.getArg(0), node.getArgByName("protocol")]
+    exists(DataFlow::Node protocolArg, Ssl ssl |
+      protocolArg in [this.getArg(0), this.getArgByName("protocol")]
     |
       protocolArg =
         [ssl.specific_version(result).getAUse(), ssl.unspecific_version(result).getAUse()]
-            .asCfgNode()
     )
     or
-    not exists(node.getAnArg()) and
+    not exists(this.getArg(_)) and
+    not exists(this.getArgByName(_)) and
     result = "TLS"
   }
 }
@@ -131,7 +131,7 @@ class ContextSetVersion extends ProtocolRestriction, ProtocolUnrestriction, Data
 
   ContextSetVersion() {
     exists(DataFlow::AttrWrite aw |
-      aw.getObject().asCfgNode() = node and
+      this = aw.getObject() and
       aw.getAttributeName() = "minimum_version" and
       aw.getValue() =
         API::moduleImport("ssl").getMember("TLSVersion").getMember(restriction).getAUse()

python/ql/src/semmle/python/Concepts.qll

@@ -345,7 +345,7 @@ module HTTP {
         /** Gets the URL pattern for this route, if it can be statically determined. */
         string getUrlPattern() {
           exists(StrConst str |
-            DataFlow::exprNode(str).(DataFlow::LocalSourceNode).flowsTo(this.getUrlPatternArg()) and
+            this.getUrlPatternArg().getALocalSource() = DataFlow::exprNode(str) and
             result = str.getText()
           )
         }
@@ -478,9 +478,7 @@ module HTTP {
         /** Gets the mimetype of this HTTP response, if it can be statically determined. */
         string getMimetype() {
           exists(StrConst str |
-            DataFlow::exprNode(str)
-                .(DataFlow::LocalSourceNode)
-                .flowsTo(this.getMimetypeOrContentTypeArg()) and
+            this.getMimetypeOrContentTypeArg().getALocalSource() = DataFlow::exprNode(str) and
             result = str.getText().splitAt(";", 0)
           )
           or

python/ql/src/semmle/python/dataflow/new/SensitiveDataSources.qll

@@ -243,7 +243,7 @@ private module SensitiveDataModeling {
     SensitiveDataClassification classification;
 
     SensitiveGetCall() {
-      this.getFunction().asCfgNode().(AttrNode).getName() = "get" and
+      this.getFunction().(DataFlow::AttrRef).getAttributeName() = "get" and
       this.getArg(0) = sensitiveLookupStringConst(classification)
     }
 

python/ql/src/semmle/python/dataflow/new/internal/LocalSources.qll

@@ -59,6 +59,11 @@ class LocalSourceNode extends Node {
    */
   AttrRead getAnAttributeRead(string attrName) { result = getAnAttributeReference(attrName) }
 
+  /**
+   * Gets a write of attribute `attrName` on this node.
+   */
+  AttrWrite getAnAttributeWrite(string attrName) { result = getAnAttributeReference(attrName) }
+
   /**
    * Gets a reference (read or write) of any attribute on this node.
    */
@@ -73,6 +78,11 @@ class LocalSourceNode extends Node {
    */
   AttrRead getAnAttributeRead() { result = getAnAttributeReference() }
 
+  /**
+   * Gets a write of any attribute on this node.
+   */
+  AttrWrite getAnAttributeWrite() { result = getAnAttributeReference() }
+
   /**
    * Gets a call to this node.
    */