Python: Document AdvancedFormatting.qll.

tausbn · tausbn · commit d6e5a5cb0141 · 2020-06-23T14:29:34.000+02:00
diff --git a/python/ql/src/Expressions/Formatting/AdvancedFormatting.qll b/python/ql/src/Expressions/Formatting/AdvancedFormatting.qll
@@ -1,5 +1,6 @@
 import python
 
+/** A string constant that looks like it may be used in string formatting operations. */
 library class PossibleAdvancedFormatString extends StrConst {
     PossibleAdvancedFormatString() { this.getText().matches("%{%}%") }
 
@@ -51,6 +52,7 @@ library class PossibleAdvancedFormatString extends StrConst {
     predicate isExplicitlyNumbered() { exists(this.fieldId(_, _).toInt()) }
 }
 
+/** Holds if there is a sequence of `{` braces in `fmt` of length `len` beginning at index `index`. */
 predicate brace_sequence(PossibleAdvancedFormatString fmt, int index, int len) {
     exists(string text | text = fmt.getText() |
         text.charAt(index) = "{" and not text.charAt(index - 1) = "{" and len = 1
@@ -61,10 +63,12 @@ predicate brace_sequence(PossibleAdvancedFormatString fmt, int index, int len) {
     )
 }
 
+/** Holds if index `index` in the format string `fmt` contains an escaped `{`. */
 predicate escaped_brace(PossibleAdvancedFormatString fmt, int index) {
     exists(int len | brace_sequence(fmt, index, len) | len % 2 = 0)
 }
 
+/** Holds if index `index` in the format string `fmt` contains a left curly brace that acts as an escape. */
 predicate escaping_brace(PossibleAdvancedFormatString fmt, int index) {
     escaped_brace(fmt, index + 1)
 }
@@ -105,15 +109,18 @@ private predicate advanced_format_call(Call format_expr, PossibleAdvancedFormatS
     )
 }
 
+/** A string constant that has the `format` method applied to it. */
 class AdvancedFormatString extends PossibleAdvancedFormatString {
     AdvancedFormatString() { advanced_format_call(_, this, _) }
 }
 
+/** A string formatting operation using the `format` method. */
 class AdvancedFormattingCall extends Call {
     AdvancedFormattingCall() { advanced_format_call(this, _, _) }
 
     /** Count of the arguments actually provided */
     int providedArgCount() { advanced_format_call(this, _, result) }
 
+    /** Gets a formatting string for this call. */
     AdvancedFormatString getAFormat() { advanced_format_call(this, result, _) }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`import python`
`2`	`2`
	`3`	`+/** A string constant that looks like it may be used in string formatting operations. */`
`3`	`4`	`library class PossibleAdvancedFormatString extends StrConst {`
`4`	`5`	`PossibleAdvancedFormatString() { this.getText().matches("%{%}%") }`
`5`	`6`
`@@ -51,6 +52,7 @@ library class PossibleAdvancedFormatString extends StrConst {`
`51`	`52`	`predicate isExplicitlyNumbered() { exists(this.fieldId(_, _).toInt()) }`
`52`	`53`	`}`
`53`	`54`
	`55`	+/** Holds if there is a sequence of `{` braces in `fmt` of length `len` beginning at index `index`. */
`54`	`56`	`predicate brace_sequence(PossibleAdvancedFormatString fmt, int index, int len) {`
`55`	`57`	`exists(string text \| text = fmt.getText() \|`
`56`	`58`	`text.charAt(index) = "{" and not text.charAt(index - 1) = "{" and len = 1`
`@@ -61,10 +63,12 @@ predicate brace_sequence(PossibleAdvancedFormatString fmt, int index, int len) {`
`61`	`63`	`)`
`62`	`64`	`}`
`63`	`65`
	`66`	+/** Holds if index `index` in the format string `fmt` contains an escaped `{`. */
`64`	`67`	`predicate escaped_brace(PossibleAdvancedFormatString fmt, int index) {`
`65`	`68`	`exists(int len \| brace_sequence(fmt, index, len) \| len % 2 = 0)`
`66`	`69`	`}`
`67`	`70`
	`71`	+/** Holds if index `index` in the format string `fmt` contains a left curly brace that acts as an escape. */
`68`	`72`	`predicate escaping_brace(PossibleAdvancedFormatString fmt, int index) {`
`69`	`73`	`escaped_brace(fmt, index + 1)`
`70`	`74`	`}`
`@@ -105,15 +109,18 @@ private predicate advanced_format_call(Call format_expr, PossibleAdvancedFormatS`
`105`	`109`	`)`
`106`	`110`	`}`
`107`	`111`
	`112`	+/** A string constant that has the `format` method applied to it. */
`108`	`113`	`class AdvancedFormatString extends PossibleAdvancedFormatString {`
`109`	`114`	`AdvancedFormatString() { advanced_format_call(_, this, _) }`
`110`	`115`	`}`
`111`	`116`
	`117`	+/** A string formatting operation using the `format` method. */
`112`	`118`	`class AdvancedFormattingCall extends Call {`
`113`	`119`	`AdvancedFormattingCall() { advanced_format_call(this, _, _) }`
`114`	`120`
`115`	`121`	`/** Count of the arguments actually provided */`
`116`	`122`	`int providedArgCount() { advanced_format_call(this, _, result) }`
`117`	`123`
	`124`	`+ /** Gets a formatting string for this call. */`
`118`	`125`	`AdvancedFormatString getAFormat() { advanced_format_call(this, result, _) }`
`119`	`126`	`}`