Merge pull request #2053 from RasmusWL/python-modernise-falcon-library

taus-semmle · web-flow · commit 45158a7177c4 · 2019-10-18T14:47:33.000+02:00
Python modernise falcon library
diff --git a/python/ql/src/semmle/python/web/falcon/General.qll b/python/ql/src/semmle/python/web/falcon/General.qll
@@ -1,30 +1,22 @@
 import python
 import semmle.python.web.Http
 
-
 /** The falcon API class */
-ClassObject theFalconAPIClass() {
-    result = ModuleObject::named("falcon").attr("API")
-}
+ClassValue theFalconAPIClass() { result = Value::named("falcon.API") }
 
-
-/** Holds if `route` is routed to `resource`
- */
-private predicate api_route(CallNode route_call, ControlFlowNode route, ClassObject resource) {
-    route_call.getFunction().(AttrNode).getObject("add_route").refersTo(_, theFalconAPIClass(), _) and
+/** Holds if `route` is routed to `resource` */
+private predicate api_route(CallNode route_call, ControlFlowNode route, ClassValue resource) {
+    route_call.getFunction().(AttrNode).getObject("add_route").pointsTo().getClass() = theFalconAPIClass() and
     route_call.getArg(0) = route and
-    route_call.getArg(1).refersTo(_, resource, _)
+    route_call.getArg(1).pointsTo().getClass() = resource
 }
 
 private predicate route(FalconRoute route, Function target, string funcname) {
-    route.getResourceClass().lookupAttribute("on_" + funcname).(FunctionObject).getFunction() = target
+    route.getResourceClass().lookup("on_" + funcname).(FunctionValue).getScope() = target
 }
 
 class FalconRoute extends ControlFlowNode {
-
-    FalconRoute() {
-        api_route(this, _, _)
-    }
+    FalconRoute() { api_route(this, _, _) }
 
     string getUrl() {
         exists(StrConst url |
@@ -33,36 +25,19 @@ class FalconRoute extends ControlFlowNode {
         )
     }
 
-    ClassObject getResourceClass() {
-        api_route(this, _, result)
-    }
-
-    FalconHandlerFunction getHandlerFunction(string method) {
-        route(this, result, method)
-    }
+    ClassValue getResourceClass() { api_route(this, _, result) }
 
+    FalconHandlerFunction getHandlerFunction(string method) { route(this, result, method) }
 }
 
 class FalconHandlerFunction extends Function {
+    FalconHandlerFunction() { route(_, this, _) }
 
-    FalconHandlerFunction() {
-        route(_, this, _)
-    }
-
-    private string methodName() {
-        route(_, this, result)
-    }
+    private string methodName() { route(_, this, result) }
 
-    string getMethod() {
-        result = this.methodName().toUpperCase()
-    }
+    string getMethod() { result = this.methodName().toUpperCase() }
 
-    Parameter getRequest() {
-        result = this.getArg(1)
-    }
-
-    Parameter getResponse() {
-        result = this.getArg(2)
-    }
+    Parameter getRequest() { result = this.getArg(1) }
 
+    Parameter getResponse() { result = this.getArg(2) }
 }
diff --git a/python/ql/src/semmle/python/web/falcon/Request.qll b/python/ql/src/semmle/python/web/falcon/Request.qll
@@ -1,32 +1,27 @@
 import python
-
 import semmle.python.security.TaintTracking
 import semmle.python.web.Http
 import semmle.python.web.falcon.General
 import semmle.python.security.strings.External
 
 /** https://falcon.readthedocs.io/en/stable/api/request_and_response.html */
 class FalconRequest extends TaintKind {
-
-    FalconRequest() {
-        this = "falcon.request"
-    }
+    FalconRequest() { this = "falcon.request" }
 
     override TaintKind getTaintOfAttribute(string name) {
         name = "env" and result instanceof WsgiEnvironment
         or
         result instanceof ExternalStringKind and
         (
-            name = "uri" or name = "url" or
+            name = "uri" or
+            name = "url" or
             name = "forwarded_uri" or
             name = "relative_uri" or
             name = "query_string"
         )
         or
         result instanceof ExternalStringDictKind and
-        (
-            name = "cookies" or name = "params"
-        )
+        (name = "cookies" or name = "params")
         or
         name = "stream" and result instanceof ExternalFileObject
     }
@@ -41,16 +36,9 @@ class FalconRequest extends TaintKind {
 }
 
 class FalconRequestParameter extends TaintSource {
-
     FalconRequestParameter() {
-        exists(FalconHandlerFunction f |
-            f.getRequest() = this.(ControlFlowNode).getNode()
-        )
-    }
-
-    override predicate isSourceOf(TaintKind k) {
-        k instanceof FalconRequest
+        exists(FalconHandlerFunction f | f.getRequest() = this.(ControlFlowNode).getNode())
     }
 
+    override predicate isSourceOf(TaintKind k) { k instanceof FalconRequest }
 }
-
diff --git a/python/ql/src/semmle/python/web/falcon/Response.qll b/python/ql/src/semmle/python/web/falcon/Response.qll
@@ -1,48 +1,28 @@
 import python
-
-
 import semmle.python.security.TaintTracking
 import semmle.python.web.Http
 import semmle.python.web.falcon.General
 import semmle.python.security.strings.External
 
-
 /** https://falcon.readthedocs.io/en/stable/api/request_and_response.html */
 class FalconResponse extends TaintKind {
-
-    FalconResponse() {
-        this = "falcon.response"
-    }
-
+    FalconResponse() { this = "falcon.response" }
 }
 
 class FalconResponseParameter extends TaintSource {
-
     FalconResponseParameter() {
-        exists(FalconHandlerFunction f |
-            f.getResponse() = this.(ControlFlowNode).getNode()
-        )
-    }
-
-    override predicate isSourceOf(TaintKind k) {
-        k instanceof FalconResponse
+        exists(FalconHandlerFunction f | f.getResponse() = this.(ControlFlowNode).getNode())
     }
 
+    override predicate isSourceOf(TaintKind k) { k instanceof FalconResponse }
 }
 
 class FalconResponseBodySink extends HttpResponseTaintSink {
-
     FalconResponseBodySink() {
-        exists(AttrNode attr |
-            any(FalconResponse f).taints(attr.getObject("body")) |
+        exists(AttrNode attr | any(FalconResponse f).taints(attr.getObject("body")) |
             attr.(DefinitionNode).getValue() = this
         )
     }
 
-    override predicate sinks(TaintKind kind) {
-        kind instanceof StringKind
-    }
-
+    override predicate sinks(TaintKind kind) { kind instanceof StringKind }
 }
-
-
