Python: Fix QL alerts

yoff · yoff · commit 2a7b59328583 · 2023-09-28T13:35:29.000+02:00
diff --git a/python/ql/lib/semmle/python/frameworks/BSon.qll b/python/ql/lib/semmle/python/frameworks/BSon.qll
@@ -7,7 +7,7 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.Concepts
 private import semmle.python.ApiGraphs
 
-module BSon {
+private module BSon {
   /**
    * ObjectId returns a string representing an id.
    * If at any time ObjectId can't parse it's input (like when a tainted dict in passed in),
diff --git a/python/ql/lib/semmle/python/frameworks/PyMongo.qll b/python/ql/lib/semmle/python/frameworks/PyMongo.qll
@@ -144,7 +144,7 @@ private module PyMongo {
   private class MongoMapReduceQuery extends API::CallNode, NoSqlExecution::Range {
     MongoMapReduceQuery() { this = mongoCollection().getMember("map_reduce").getACall() }
 
-    override DataFlow::Node getQuery() { result in [this.getArgByName("query")] }
+    override DataFlow::Node getQuery() { result = this.getArgByName("query") }
 
     override predicate interpretsDict() { any() }
 
@@ -178,19 +178,20 @@ private module PyMongo {
    * See https://www.mongodb.com/docs/manual/reference/operator/aggregation/function/#mongodb-expression-exp.-function
    */
   private class FunctionQueryOperator extends DataFlow::Node, Decoding::Range {
-    API::Node dictionary;
     DataFlow::Node query;
 
     FunctionQueryOperator() {
-      dictionary =
-        mongoCollection()
-            .getMember(mongoCollectionMethodName())
-            .getACall()
-            .getParameter(0)
-            .getASubscript*()
-            .getSubscript("$function") and
-      query = dictionary.getSubscript("body").asSink() and
-      this = dictionary.asSink()
+      exists(API::Node dictionary |
+        dictionary =
+          mongoCollection()
+              .getMember(mongoCollectionMethodName())
+              .getACall()
+              .getParameter(0)
+              .getASubscript*()
+              .getSubscript("$function") and
+        query = dictionary.getSubscript("body").asSink() and
+        this = dictionary.asSink()
+      )
     }
 
     override DataFlow::Node getAnInput() { result = query }
@@ -208,19 +209,20 @@ private module PyMongo {
    * See https://www.mongodb.com/docs/manual/reference/operator/aggregation/accumulator/#mongodb-group-grp.-accumulator
    */
   private class AccumulatorQueryOperator extends DataFlow::Node, Decoding::Range {
-    API::Node dictionary;
     DataFlow::Node query;
 
     AccumulatorQueryOperator() {
-      dictionary =
-        mongoCollection()
-            .getMember("aggregate")
-            .getACall()
-            .getParameter(0)
-            .getASubscript*()
-            .getSubscript("$accumulator") and
-      query = dictionary.getSubscript(["init", "accumulate", "merge", "finalize"]).asSink() and
-      this = dictionary.asSink()
+      exists(API::Node dictionary |
+        dictionary =
+          mongoCollection()
+              .getMember("aggregate")
+              .getACall()
+              .getParameter(0)
+              .getASubscript*()
+              .getSubscript("$accumulator") and
+        query = dictionary.getSubscript(["init", "accumulate", "merge", "finalize"]).asSink() and
+        this = dictionary.asSink()
+      )
     }
 
     override DataFlow::Node getAnInput() { result = query }
