Python points-to: restore getArgumentForCall() API method.

markshannon · markshannon · commit 9d40a6cd8c25 · 2019-04-26T16:21:46.000+01:00
diff --git a/python/ql/src/semmle/python/objects/Callables.qll b/python/ql/src/semmle/python/objects/Callables.qll
@@ -53,6 +53,7 @@ abstract class CallableObjectInternal extends ObjectInternal {
     override int length() { none() }
 
     abstract predicate neverReturns();
+
 }
 
 
@@ -151,6 +152,11 @@ class PythonFunctionObjectInternal extends CallableObjectInternal, TPythonFuncti
     override predicate neverReturns() {
         InterProceduralPointsTo::neverReturns(this.getScope())
     }
+
+    override predicate functionAndOffset(CallableObjectInternal function, int offset) {
+        function = this and offset = 0
+    }
+
 }
 
 
@@ -262,6 +268,10 @@ class BuiltinFunctionObjectInternal extends CallableObjectInternal, TBuiltinFunc
         this = Module::named("sys").attr("exit")
     }
 
+    override predicate functionAndOffset(CallableObjectInternal function, int offset) {
+        function = this and offset = 0
+    }
+
 }
 
 
@@ -347,6 +357,10 @@ class BuiltinMethodObjectInternal extends CallableObjectInternal, TBuiltinMethod
 
     override predicate neverReturns() { none() }
 
+    override predicate functionAndOffset(CallableObjectInternal function, int offset) {
+        function = this and offset = 0
+    }
+
 }
 
 class BoundMethodObjectInternal extends CallableObjectInternal, TBoundMethod {
@@ -422,6 +436,10 @@ class BoundMethodObjectInternal extends CallableObjectInternal, TBoundMethod {
         this.getFunction().neverReturns()
    }
 
+    override predicate functionAndOffset(CallableObjectInternal function, int offset) {
+        function = this.getFunction() and offset = 1
+    }
+
 }
 
 
diff --git a/python/ql/src/semmle/python/objects/Classes.qll b/python/ql/src/semmle/python/objects/Classes.qll
@@ -122,6 +122,10 @@ class PythonClassObjectInternal extends ClassObjectInternal, TPythonClassObject
 
     override boolean isComparable() { result = true }
 
+    override predicate functionAndOffset(CallableObjectInternal function, int offset) {
+        this.lookup("__init__", function, _) and offset = 1
+    }
+
 }
 
 class BuiltinClassObjectInternal extends ClassObjectInternal, TBuiltinClassObject {
diff --git a/python/ql/src/semmle/python/objects/ObjectAPI.qll b/python/ql/src/semmle/python/objects/ObjectAPI.qll
@@ -118,17 +118,35 @@ class CallableValue extends Value {
         result = this.(CallableObjectInternal).getParameterByName(name)
     }
 
-    ControlFlowNode getArgumentForCall(CallNode call, NameNode param) {
-        this.getACall() = call and
-        (
-            exists(int n | call.getArg(n) = result and param = this.getParameter(n))
+    ControlFlowNode getArgumentForCall(CallNode call, int n) {
+        exists(ObjectInternal called, int offset |
+            PointsToInternal::pointsTo(call.getFunction(), _, called, _) and
+            called.functionAndOffset(this, offset) 
+            |
+            call.getArg(n-offset) = result
             or
-            exists(string name | call.getArgByName(name) = result and param = this.getParameterByName(name))
+            exists(string name | call.getArgByName(name) = result and this.(PythonFunctionObjectInternal).getScope().getArg(n+offset).getName() = name)
+            or
+            called instanceof BoundMethodObjectInternal and
+            offset = 1 and n = 0 and result = call.getFunction().(AttrNode).getObject()
         )
-        or
-        exists(BoundMethodObjectInternal bm |
-            result = getArgumentForCall(call, param) and
-            this = bm.getFunction()
+    }
+
+    ControlFlowNode getNamedArgumentForCall(CallNode call, string name) {
+        exists(CallableObjectInternal called, int offset |
+            PointsToInternal::pointsTo(call.getFunction(), _, called, _) and
+            called.functionAndOffset(this, offset)
+            |
+            exists(int n |
+                call.getArg(n) = result and
+                this.(PythonFunctionObjectInternal).getScope().getArg(n+offset).getName() = name
+            )
+            or
+            call.getArgByName(name) = result and
+            exists(this.(PythonFunctionObjectInternal).getScope().getArgByName(name))
+            or
+            called instanceof BoundMethodObjectInternal and
+            offset = 1 and name = "self" and result = call.getFunction().(AttrNode).getObject()
         )
     }
 
diff --git a/python/ql/src/semmle/python/objects/ObjectInternal.qll b/python/ql/src/semmle/python/objects/ObjectInternal.qll
@@ -103,6 +103,8 @@ class ObjectInternal extends TObject {
      */
     abstract int length();
 
+    predicate functionAndOffset(CallableObjectInternal function, int offset) { none() }
+
 }
 
 
diff --git a/python/ql/src/semmle/python/types/FunctionObject.qll b/python/ql/src/semmle/python/types/FunctionObject.qll
@@ -71,14 +71,14 @@ abstract class FunctionObject extends Object {
         This predicate will correctly handle `x.y()`, treating `x` as the zeroth argument.
     */
     ControlFlowNode getArgumentForCall(CallNode call, int n) {
-        result = theCallable().getArgumentForCall(call, this.getFunction().getArg(n).asName().getAFlowNode())
+        result = theCallable().getArgumentForCall(call, n)
     }
 
     /** Gets the `ControlFlowNode` that will be passed as the named argument to `this` when called at `call`.
         This predicate will correctly handle `x.y()`, treating `x` as the self argument.
     */
     ControlFlowNode getNamedArgumentForCall(CallNode call, string name) {
-        result = theCallable().getArgumentForCall(call, this.getFunction().getArgByName(name).asName().getAFlowNode())
+        result = theCallable().getNamedArgumentForCall(call, name)
     }
 
     /** Whether this function never returns. This is an approximation.

Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,7 @@ abstract class CallableObjectInternal extends ObjectInternal {`
`53`	`53`	`override int length() { none() }`
`54`	`54`
`55`	`55`	`abstract predicate neverReturns();`
	`56`	`+`
`56`	`57`	`}`
`57`	`58`
`58`	`59`
`@@ -151,6 +152,11 @@ class PythonFunctionObjectInternal extends CallableObjectInternal, TPythonFuncti`
`151`	`152`	`override predicate neverReturns() {`
`152`	`153`	`InterProceduralPointsTo::neverReturns(this.getScope())`
`153`	`154`	`}`
	`155`	`+`
	`156`	`+ override predicate functionAndOffset(CallableObjectInternal function, int offset) {`
	`157`	`+ function = this and offset = 0`
	`158`	`+ }`
	`159`	`+`
`154`	`160`	`}`
`155`	`161`
`156`	`162`
`@@ -262,6 +268,10 @@ class BuiltinFunctionObjectInternal extends CallableObjectInternal, TBuiltinFunc`
`262`	`268`	`this = Module::named("sys").attr("exit")`
`263`	`269`	`}`
`264`	`270`
	`271`	`+ override predicate functionAndOffset(CallableObjectInternal function, int offset) {`
	`272`	`+ function = this and offset = 0`
	`273`	`+ }`
	`274`	`+`
`265`	`275`	`}`
`266`	`276`
`267`	`277`
`@@ -347,6 +357,10 @@ class BuiltinMethodObjectInternal extends CallableObjectInternal, TBuiltinMethod`
`347`	`357`
`348`	`358`	`override predicate neverReturns() { none() }`
`349`	`359`
	`360`	`+ override predicate functionAndOffset(CallableObjectInternal function, int offset) {`
	`361`	`+ function = this and offset = 0`
	`362`	`+ }`
	`363`	`+`
`350`	`364`	`}`
`351`	`365`
`352`	`366`	`class BoundMethodObjectInternal extends CallableObjectInternal, TBoundMethod {`
`@@ -422,6 +436,10 @@ class BoundMethodObjectInternal extends CallableObjectInternal, TBoundMethod {`
`422`	`436`	`this.getFunction().neverReturns()`
`423`	`437`	`}`
`424`	`438`
	`439`	`+ override predicate functionAndOffset(CallableObjectInternal function, int offset) {`
	`440`	`+ function = this.getFunction() and offset = 1`
	`441`	`+ }`
	`442`	`+`
`425`	`443`	`}`
`426`	`444`
`427`	`445`
Original file line number	Diff line number	Diff line change
`@@ -122,6 +122,10 @@ class PythonClassObjectInternal extends ClassObjectInternal, TPythonClassObject`
`122`	`122`
`123`	`123`	`override boolean isComparable() { result = true }`
`124`	`124`
	`125`	`+ override predicate functionAndOffset(CallableObjectInternal function, int offset) {`
	`126`	`+ this.lookup("__init__", function, _) and offset = 1`
	`127`	`+ }`
	`128`	`+`
`125`	`129`	`}`
`126`	`130`
`127`	`131`	`class BuiltinClassObjectInternal extends ClassObjectInternal, TBuiltinClassObject {`
Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,8 @@ class ObjectInternal extends TObject {`
`103`	`103`	`*/`
`104`	`104`	`abstract int length();`
`105`	`105`
	`106`	`+ predicate functionAndOffset(CallableObjectInternal function, int offset) { none() }`
	`107`	`+`
`106`	`108`	`}`
`107`	`109`
`108`	`110`