Get rid of (get)regexMethod

jorgectf · jorgectf · commit e78e2ac26677 · 2021-04-27T19:54:30.000+02:00
diff --git a/python/ql/src/experimental/semmle/python/Concepts.qll b/python/ql/src/experimental/semmle/python/Concepts.qll
@@ -25,8 +25,6 @@ module RegexExecution {
    */
   abstract class Range extends DataFlow::Node {
     abstract DataFlow::Node getRegexNode();
-
-    abstract DataFlow::CallCfgNode getRegexMethod();
   }
 }
 
@@ -42,8 +40,6 @@ class RegexExecution extends DataFlow::Node {
   RegexExecution() { this = range }
 
   DataFlow::Node getRegexNode() { result = range.getRegexNode() }
-
-  DataFlow::CallCfgNode getRegexMethod() { result = range.getRegexMethod() }
 }
 
 /** Provides classes for modeling Regular Expression escape-related APIs. */
@@ -56,8 +52,6 @@ module RegexEscape {
    */
   abstract class Range extends DataFlow::Node {
     abstract DataFlow::Node getRegexNode();
-
-    abstract DataFlow::CallCfgNode getEscapeMethod();
   }
 }
 
@@ -73,6 +67,4 @@ class RegexEscape extends DataFlow::Node {
   RegexEscape() { this = range }
 
   DataFlow::Node getRegexNode() { result = range.getRegexNode() }
-
-  DataFlow::CallCfgNode getEscapeMethod() { result = range.getEscapeMethod() }
 }
diff --git a/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll b/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
@@ -26,14 +26,10 @@ private module Re {
     DirectRegex() {
       // this.getLocation().getFile().getBaseName().regexpMatch("^re_(good|bad)\\.py$") and // debug
       this = API::moduleImport("re").getMember(any(ReMethods m)).getACall() and
-      regexNode = this.getArg(0) and
-      regexMethod = this
+      regexNode = this.getArg(0)
     }
 
     override DataFlow::Node getRegexNode() { result = regexNode }
-
-    // pending obj.this discussion
-    override DataFlow::CallCfgNode getRegexMethod() { result = regexMethod }
   }
 
   private class CompiledRegex extends DataFlow::CallCfgNode, RegexExecution::Range {
@@ -47,14 +43,11 @@ private module Re {
         patternCall = API::moduleImport("re").getMember("compile").getACall() and
         patternCall = reMethod.getObject().getALocalSource() and
         reMethod.getAttributeName() instanceof ReMethods and
-        regexNode = patternCall.getArg(0) and
-        regexMethod = this
+        regexNode = patternCall.getArg(0)
       )
     }
 
     override DataFlow::Node getRegexNode() { result = regexNode }
-
-    override DataFlow::CallCfgNode getRegexMethod() { result = regexMethod }
   }
 
   class ReEscape extends DataFlow::CallCfgNode, RegexEscape::Range {
@@ -63,12 +56,9 @@ private module Re {
 
     ReEscape() {
       this = API::moduleImport("re").getMember("escape").getACall() and
-      regexNode = this.getArg(0) and
-      escapeMethod = this
+      regexNode = this.getArg(0)
     }
 
     override DataFlow::Node getRegexNode() { result = regexNode }
-
-    override DataFlow::CallCfgNode getEscapeMethod() { result = escapeMethod }
   }
 }
diff --git a/python/ql/src/experimental/semmle/python/security/injection/RegexInjection.qll b/python/ql/src/experimental/semmle/python/security/injection/RegexInjection.qll
@@ -15,7 +15,7 @@ class RegexInjectionSink extends DataFlow::Node {
   RegexInjectionSink() {
     exists(RegexExecution reExec |
       this = reExec.getRegexNode() and
-      regexMethod = reExec.getRegexMethod().getFunction().asExpr().(Attribute)
+      regexMethod = reExec.asExpr().(Attribute)
     )
   }
 

Original file line number	Diff line number	Diff line change
`@@ -25,8 +25,6 @@ module RegexExecution {`
`25`	`25`	`*/`
`26`	`26`	`abstract class Range extends DataFlow::Node {`
`27`	`27`	`abstract DataFlow::Node getRegexNode();`
`28`		`-`
`29`		`- abstract DataFlow::CallCfgNode getRegexMethod();`
`30`	`28`	`}`
`31`	`29`	`}`
`32`	`30`
`@@ -42,8 +40,6 @@ class RegexExecution extends DataFlow::Node {`
`42`	`40`	`RegexExecution() { this = range }`
`43`	`41`
`44`	`42`	`DataFlow::Node getRegexNode() { result = range.getRegexNode() }`
`45`		`-`
`46`		`- DataFlow::CallCfgNode getRegexMethod() { result = range.getRegexMethod() }`
`47`	`43`	`}`
`48`	`44`
`49`	`45`	`/** Provides classes for modeling Regular Expression escape-related APIs. */`
`@@ -56,8 +52,6 @@ module RegexEscape {`
`56`	`52`	`*/`
`57`	`53`	`abstract class Range extends DataFlow::Node {`
`58`	`54`	`abstract DataFlow::Node getRegexNode();`
`59`		`-`
`60`		`- abstract DataFlow::CallCfgNode getEscapeMethod();`
`61`	`55`	`}`
`62`	`56`	`}`
`63`	`57`
`@@ -73,6 +67,4 @@ class RegexEscape extends DataFlow::Node {`
`73`	`67`	`RegexEscape() { this = range }`
`74`	`68`
`75`	`69`	`DataFlow::Node getRegexNode() { result = range.getRegexNode() }`
`76`		`-`
`77`		`- DataFlow::CallCfgNode getEscapeMethod() { result = range.getEscapeMethod() }`
`78`	`70`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,14 +26,10 @@ private module Re {`
`26`	`26`	`DirectRegex() {`
`27`	`27`	`// this.getLocation().getFile().getBaseName().regexpMatch("^re_(good\|bad)\\.py$") and // debug`
`28`	`28`	`this = API::moduleImport("re").getMember(any(ReMethods m)).getACall() and`
`29`		`- regexNode = this.getArg(0) and`
`30`		`- regexMethod = this`
	`29`	`+ regexNode = this.getArg(0)`
`31`	`30`	`}`
`32`	`31`
`33`	`32`	`override DataFlow::Node getRegexNode() { result = regexNode }`
`34`		`-`
`35`		`- // pending obj.this discussion`
`36`		`- override DataFlow::CallCfgNode getRegexMethod() { result = regexMethod }`
`37`	`33`	`}`
`38`	`34`
`39`	`35`	`private class CompiledRegex extends DataFlow::CallCfgNode, RegexExecution::Range {`
`@@ -47,14 +43,11 @@ private module Re {`
`47`	`43`	`patternCall = API::moduleImport("re").getMember("compile").getACall() and`
`48`	`44`	`patternCall = reMethod.getObject().getALocalSource() and`
`49`	`45`	`reMethod.getAttributeName() instanceof ReMethods and`
`50`		`- regexNode = patternCall.getArg(0) and`
`51`		`- regexMethod = this`
	`46`	`+ regexNode = patternCall.getArg(0)`
`52`	`47`	`)`
`53`	`48`	`}`
`54`	`49`
`55`	`50`	`override DataFlow::Node getRegexNode() { result = regexNode }`
`56`		`-`
`57`		`- override DataFlow::CallCfgNode getRegexMethod() { result = regexMethod }`
`58`	`51`	`}`
`59`	`52`
`60`	`53`	`class ReEscape extends DataFlow::CallCfgNode, RegexEscape::Range {`
`@@ -63,12 +56,9 @@ private module Re {`
`63`	`56`
`64`	`57`	`ReEscape() {`
`65`	`58`	`this = API::moduleImport("re").getMember("escape").getACall() and`
`66`		`- regexNode = this.getArg(0) and`
`67`		`- escapeMethod = this`
	`59`	`+ regexNode = this.getArg(0)`
`68`	`60`	`}`
`69`	`61`
`70`	`62`	`override DataFlow::Node getRegexNode() { result = regexNode }`
`71`		`-`
`72`		`- override DataFlow::CallCfgNode getEscapeMethod() { result = escapeMethod }`
`73`	`63`	`}`
`74`	`64`	`}`
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ class RegexInjectionSink extends DataFlow::Node {`
`15`	`15`	`RegexInjectionSink() {`
`16`	`16`	`exists(RegexExecution reExec \|`
`17`	`17`	`this = reExec.getRegexNode() and`
`18`		`- regexMethod = reExec.getRegexMethod().getFunction().asExpr().(Attribute)`
	`18`	`+ regexMethod = reExec.asExpr().(Attribute)`
`19`	`19`	`)`
`20`	`20`	`}`
`21`	`21`