changes based on review

erik-krogh · erik-krogh · commit d5029c94b6be · 2023-05-01T10:42:15.000+02:00
diff --git a/python/ql/lib/semmle/python/Concepts.qll b/python/ql/lib/semmle/python/Concepts.qll
@@ -422,9 +422,8 @@ module RegexExecution {
 }
 
 /**
- * A node that is not a regular expression literal, but is used in places that
- * may interpret it as one. Instances of this class are typically strings that
- * flow to method calls like `re.compile`.
+ * A node where a string is interpreted as a regular expression,
+ * for instance an argument to `re.compile`.
  *
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `RegExpInterpretation::Range` instead.
@@ -434,9 +433,8 @@ class RegExpInterpretation extends DataFlow::Node instanceof RegExpInterpretatio
 /** Provides a class for modeling regular expression interpretations. */
 module RegExpInterpretation {
   /**
-   * A node that is not a regular expression literal, but is used in places that
-   * may interpret it as one. Instances of this class are typically strings that
-   * flow to method calls like `re.compile`.
+   * A node where a string is interpreted as a regular expression,
+   * for instance an argument to `re.compile`.
    */
   abstract class Range extends DataFlow::Node { }
 }
diff --git a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll
@@ -26,15 +26,15 @@ deprecated module RegExpPatterns {
  * as a part of a regular expression.
  */
 class RegExpPatternSource extends DataFlow::CfgNode {
-  private DataFlow::Node sink;
+  private RegExpSink sink;
 
   RegExpPatternSource() { this = regExpSource(sink) }
 
   /**
    * Gets a node where the pattern of this node is parsed as a part of
    * a regular expression.
    */
-  DataFlow::Node getAParse() { result = sink }
+  RegExpSink getAParse() { result = sink }
 
   /**
    * Gets the root term of the regular expression parsed from this pattern.
diff --git a/python/ql/lib/semmle/python/regexp/RegexTreeView.qll b/python/ql/lib/semmle/python/regexp/RegexTreeView.qll
@@ -525,6 +525,10 @@ module Impl implements RegexTreeViewSig {
      */
     private predicate isUnicode() { this.getText().prefix(2) = ["\\u", "\\U"] }
 
+    /**
+     * Gets the unicode char for this escape.
+     * E.g. for `\u0061` this returns "a".
+     */
     private string getUnicode() {
       result = Numbers::parseHexInt(this.getText().suffix(2)).toUnicode()
     }
diff --git a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll
@@ -26,15 +26,11 @@ private module FindRegexMode {
         call.getArg(_) = sink and
         sink instanceof Concepts::RegExpInterpretation::Range
       |
-        exists(DataFlow::CallCfgNode callNode |
-          call = callNode and
-          result =
-            mode_from_node([
-                callNode
-                    .getArg(re_member_flags_arg(callNode.(DataFlow::MethodCallNode).getMethodName())),
-                callNode.getArgByName("flags")
-              ])
-        )
+        result =
+          mode_from_node([
+              call.getArg(re_member_flags_arg(call.(DataFlow::MethodCallNode).getMethodName())),
+              call.getArgByName("flags")
+            ])
       )
     )
   }
diff --git a/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll
@@ -19,11 +19,13 @@ DataFlow::LocalSourceNode strStart() { result.asExpr() instanceof StrConst }
 
 private import semmle.python.regex as Regex
 
-/** Gets a node where regular expressions that flow to the node are used. */
-DataFlow::Node regSink() {
-  result = any(Concepts::RegexExecution exec).getRegex()
-  or
-  result instanceof Concepts::RegExpInterpretation
+/** A node where regular expressions that flow to the node are used. */
+class RegExpSink extends DataFlow::Node {
+  RegExpSink() {
+    this = any(Concepts::RegexExecution exec).getRegex()
+    or
+    this instanceof Concepts::RegExpInterpretation
+  }
 }
 
 /**
@@ -32,7 +34,7 @@ DataFlow::Node regSink() {
  */
 private DataFlow::TypeTrackingNode backwards(DataFlow::TypeBackTracker t) {
   t.start() and
-  result = regSink().getALocalSource()
+  result = any(RegExpSink sink).getALocalSource()
   or
   exists(DataFlow::TypeBackTracker t2 | result = backwards(t2).backtrack(t2, t))
 }
@@ -69,7 +71,6 @@ private DataFlow::TypeTrackingNode regexTracking(DataFlow::Node start, DataFlow:
 
 /** Gets a node holding a value for the regular expression that is evaluated at `re`. */
 cached
-DataFlow::Node regExpSource(DataFlow::Node re) {
-  re = regSink() and
+DataFlow::Node regExpSource(RegExpSink re) {
   regexTracking(result, DataFlow::TypeTracker::end()).flowsTo(re)
 }

Original file line number	Diff line number	Diff line change
`@@ -26,15 +26,11 @@ private module FindRegexMode {`
`26`	`26`	`call.getArg(_) = sink and`
`27`	`27`	`sink instanceof Concepts::RegExpInterpretation::Range`
`28`	`28`	`\|`
`29`		`- exists(DataFlow::CallCfgNode callNode \|`
`30`		`- call = callNode and`
`31`		`- result =`
`32`		`- mode_from_node([`
`33`		`- callNode`
`34`		`- .getArg(re_member_flags_arg(callNode.(DataFlow::MethodCallNode).getMethodName())),`
`35`		`- callNode.getArgByName("flags")`
`36`		`- ])`
`37`		`- )`
	`29`	`+ result =`
	`30`	`+ mode_from_node([`
	`31`	`+ call.getArg(re_member_flags_arg(call.(DataFlow::MethodCallNode).getMethodName())),`
	`32`	`+ call.getArgByName("flags")`
	`33`	`+ ])`
`38`	`34`	`)`
`39`	`35`	`)`
`40`	`36`	`}`