Skip to content

Commit f93b68d

Browse files
tausbntausbn
authored
Python: Get rid of _attr methods
1 parent 98d936d commit f93b68d

File tree

1 file changed

+10
-25
lines changed

1 file changed

+10
-25
lines changed

python/ql/src/semmle/python/frameworks/Tornado.qll

Lines changed: 10 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -22,27 +22,16 @@ private module Tornado {
2222
/** Gets a reference to the `tornado` module. */
2323
API::Node tornado() { result = API::moduleImport("tornado") }
2424

25-
/**
26-
* Gets a reference to the attribute `attr_name` of the `tornado` module.
27-
* WARNING: Only holds for a few predefined attributes.
28-
*/
29-
private API::Node tornado_attr(string attr_name) { result = tornado().getMember(attr_name) }
30-
3125
/** Provides models for the `tornado` module. */
3226
module tornado {
3327
// -------------------------------------------------------------------------
3428
// tornado.web
3529
// -------------------------------------------------------------------------
3630
/** Gets a reference to the `tornado.web` module. */
37-
API::Node web() { result = tornado_attr("web") }
31+
API::Node web() { result = tornado().getMember("web") }
3832

3933
/** Provides models for the `tornado.web` module */
4034
module web {
41-
/**
42-
* Gets a reference to the attribute `attr_name` of the `tornado.web` module.
43-
* WARNING: Only holds for a few predefined attributes.
44-
*/
45-
private API::Node web_attr(string attr_name) { result = web().getMember(attr_name) }
4635

4736
/**
4837
* Provides models for the `tornado.web.RequestHandler` class and subclasses.
@@ -51,7 +40,7 @@ private module Tornado {
5140
*/
5241
module RequestHandler {
5342
/** Gets a reference to the `tornado.web.RequestHandler` class or any subclass. */
54-
API::Node subclassRef() { result = web_attr("RequestHandler").getASubclass*() }
43+
API::Node subclassRef() { result = web().getMember("RequestHandler").getASubclass*() }
5544

5645
/** A RequestHandler class (most likely in project code). */
5746
class RequestHandlerClass extends Class {
@@ -198,7 +187,7 @@ private module Tornado {
198187
*/
199188
module Application {
200189
/** Gets a reference to the `tornado.web.Application` class. */
201-
API::Node classRef() { result = web_attr("Application") }
190+
API::Node classRef() { result = web().getMember("Application") }
202191

203192
/**
204193
* A source of instances of `tornado.web.Application`, extend this class to model new instances.
@@ -246,15 +235,10 @@ private module Tornado {
246235
// tornado.httputil
247236
// -------------------------------------------------------------------------
248237
/** Gets a reference to the `tornado.httputil` module. */
249-
API::Node httputil() { result = tornado_attr("httputil") }
238+
API::Node httputil() { result = tornado().getMember("httputil") }
250239

251240
/** Provides models for the `tornado.httputil` module */
252241
module httputil {
253-
/**
254-
* Gets a reference to the attribute `attr_name` of the `tornado.httputil` module.
255-
* WARNING: Only holds for a few predefined attributes.
256-
*/
257-
private API::Node httputil_attr(string attr_name) { result = httputil().getMember(attr_name) }
258242

259243
/**
260244
* Provides models for the `tornado.httputil.HttpServerRequest` class
@@ -263,7 +247,7 @@ private module Tornado {
263247
*/
264248
module HttpServerRequest {
265249
/** Gets a reference to the `tornado.httputil.HttpServerRequest` class. */
266-
API::Node classRef() { result = httputil_attr("HttpServerRequest") }
250+
API::Node classRef() { result = httputil().getMember("HttpServerRequest") }
267251

268252
/**
269253
* A source of instances of `tornado.httputil.HttpServerRequest`, extend this class to model new instances.
@@ -284,26 +268,27 @@ private module Tornado {
284268
}
285269

286270
/** Gets a reference to an instance of `tornado.httputil.HttpServerRequest`. */
287-
private DataFlow::Node instance(DataFlow::TypeTracker t) {
271+
private DataFlow::LocalSourceNode instance(DataFlow::TypeTracker t) {
288272
t.start() and
289273
result instanceof InstanceSource
290274
or
291275
exists(DataFlow::TypeTracker t2 | result = instance(t2).track(t2, t))
292276
}
293277

294278
/** Gets a reference to an instance of `tornado.httputil.HttpServerRequest`. */
295-
DataFlow::Node instance() { result = instance(DataFlow::TypeTracker::end()) }
279+
DataFlow::Node instance() { instance(DataFlow::TypeTracker::end()).flowsTo(result) }
280+
296281

297282
/** Gets a reference to the `full_url` method. */
298-
private DataFlow::Node full_url(DataFlow::TypeTracker t) {
283+
private DataFlow::LocalSourceNode full_url(DataFlow::TypeTracker t) {
299284
t.startInAttr("full_url") and
300285
result = instance()
301286
or
302287
exists(DataFlow::TypeTracker t2 | result = full_url(t2).track(t2, t))
303288
}
304289

305290
/** Gets a reference to the `full_url` method. */
306-
DataFlow::Node full_url() { result = full_url(DataFlow::TypeTracker::end()) }
291+
DataFlow::Node full_url() { full_url(DataFlow::TypeTracker::end()).flowsTo(result) }
307292

308293
private class AdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
309294
override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {

0 commit comments

Comments
 (0)