RegexExecution restructuring

jorgectf · jorgectf · commit b207929e0ad2 · 2021-04-27T19:54:16.000+02:00
diff --git a/python/ql/src/semmle/python/Concepts.qll b/python/ql/src/semmle/python/Concepts.qll
@@ -656,9 +656,21 @@ class CompiledRegex extends DataFlow::Node {
 class RegexExecution extends DataFlow::Node {
   RegexExecution() { this instanceof DirectRegex or this instanceof CompiledRegex } // How should this be cross-imported with Stdlib?
 }
+/*
+ */
 
-class RegexEscape extends DataFlow::Node {
-  RegexEscape() {
-    this = API::moduleImport("re").getMember("escape").getACall().(DataFlow::CallCfgNode).getArg(0)
+module RegexExecution {
+  abstract class Range extends DataFlow::Node {
+    DataFlow::Node getRegexNode() {
+      result instanceof DirectRegex or result instanceof CompiledRegex
+    }
   }
 }
+
+class RegexExecution extends DataFlow::Node {
+  override RegexExecution::Range range;
+
+  RegexExecution() { this = range }
+
+  DataFlow::Node getRegexNode() { result = range.getRegexNode() }
+}
diff --git a/python/ql/src/semmle/python/frameworks/Stdlib.qll b/python/ql/src/semmle/python/frameworks/Stdlib.qll
@@ -885,7 +885,7 @@ private module Stdlib {
     }
 
     /** re.compile(pattern).ReMethod */
-    class CompiledRegex extends DataFlow::Node {
+    private class CompiledRegex extends DataFlow::Node {
       CompiledRegex() {
         exists(DataFlow::CallCfgNode patternCall, DataFlow::AttrRead reMethod |
           patternCall = API::moduleImport("re").getMember("compile").getACall() and
@@ -895,6 +895,13 @@ private module Stdlib {
         )
       }
     }
+
+    private class RegexEscape extends Concepts::RegexExecution {
+      RegexEscape() {
+        this =
+          API::moduleImport("re").getMember("escape").getACall().(DataFlow::CallCfgNode).getArg(0)
+      }
+    }
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -885,7 +885,7 @@ private module Stdlib {`
`885`	`885`	`}`
`886`	`886`
`887`	`887`	`/** re.compile(pattern).ReMethod */`
`888`		`- class CompiledRegex extends DataFlow::Node {`
	`888`	`+ private class CompiledRegex extends DataFlow::Node {`
`889`	`889`	`CompiledRegex() {`
`890`	`890`	`exists(DataFlow::CallCfgNode patternCall, DataFlow::AttrRead reMethod \|`
`891`	`891`	`patternCall = API::moduleImport("re").getMember("compile").getACall() and`
`@@ -895,6 +895,13 @@ private module Stdlib {`
`895`	`895`	`)`
`896`	`896`	`}`
`897`	`897`	`}`
	`898`	`+`
	`899`	`+ private class RegexEscape extends Concepts::RegexExecution {`
	`900`	`+ RegexEscape() {`
	`901`	`+ this =`
	`902`	`+ API::moduleImport("re").getMember("escape").getACall().(DataFlow::CallCfgNode).getArg(0)`
	`903`	`+ }`
	`904`	`+ }`
`898`	`905`	`}`
`899`	`906`	`}`
`900`	`907`