Update CopyFile.qll

ahmed-farid-dev · web-flow · commit dfe7f532ac77 · 2022-04-05T12:42:05.000Z
diff --git a/python/ql/src/experimental/semmle/python/frameworks/CopyFile.qll b/python/ql/src/experimental/semmle/python/frameworks/CopyFile.qll
@@ -2,8 +2,18 @@ private import python
 private import experimental.semmle.python.Concepts
 private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.ApiGraphs
-
+   
 private module CopyFile {
+  
+  /**
+   * The `shutil` module provides methods to copy or move files.
+   * See:
+   * - https://docs.python.org/3/library/shutil.html#shutil.copyfile
+   * - https://docs.python.org/3/library/shutil.html#shutil.copy
+   * - https://docs.python.org/3/library/shutil.html#shutil.copy2
+   * - https://docs.python.org/3/library/shutil.html#shutil.copytree
+   * - https://docs.python.org/3/library/shutil.html#shutil.move
+   */
   private class CopyFiles extends DataFlow::CallCfgNode, CopyFile::Range {
     CopyFiles() {
       this =
@@ -18,7 +28,10 @@ private module CopyFile {
 
     override DataFlow::Node getfsrcArgument() { none() }
   }
-
+  
+  // TODO: once we have flow summaries, model `shutil.copyfileobj` which copies the content between its' file-like arguments.
+  // See https://docs.python.org/3/library/shutil.html#shutil.copyfileobj
+  
   private class CopyFileobj extends DataFlow::CallCfgNode, CopyFile::Range {
     CopyFileobj() { this = API::moduleImport("shutil").getMember("copyfileobj").getACall() }
 
