Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f06bbd2

Browse files
RasmusWLRasmusWL
committed
WIP rest of modeling done so far
1 parent 2f17d2f commit f06bbd2

4 files changed

Lines changed: 77 additions & 5 deletions

File tree

python/ql/lib/semmle/python/frameworks/Django.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ private import semmle.python.frameworks.internal.PoorMansFunctionResolution
1616
private import semmle.python.frameworks.internal.SelfRefMixin
1717
private import semmle.python.frameworks.internal.InstanceTaintStepsHelper
1818
private import semmle.python.security.dataflow.UrlRedirectCustomizations
19+
private import semmle.python.frameworks.data.ModelsAsData
1920

2021
/**
2122
* INTERNAL: Do not use.
@@ -185,6 +186,10 @@ module Django {
185186
}
186187
}
187188

189+
private class MaDSubclass extends ModeledSubclass {
190+
MaDSubclass() { this = ModelOutput::getATypeNode("django.forms.BaseForm~Subclass") }
191+
}
192+
188193
/** Gets a reference to the `django.forms.forms.BaseForm` class or any subclass. */
189194
API::Node subclassRef() { result = any(ModeledSubclass subclass).getASubclass*() }
190195
}

python/ql/lib/semmle/python/frameworks/FastApi.qll

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,18 +11,21 @@ private import semmle.python.Concepts
1111
private import semmle.python.ApiGraphs
1212
private import semmle.python.frameworks.Pydantic
1313
private import semmle.python.frameworks.Starlette
14+
private import semmle.python.frameworks.data.ModelsAsData
1415

1516
/**
1617
* Provides models for the `fastapi` PyPI package.
1718
* See https://fastapi.tiangolo.com/.
1819
*/
19-
private module FastApi {
20+
module FastApi {
2021
/**
2122
* Provides models for FastAPI applications (an instance of `fastapi.FastAPI`).
2223
*/
2324
module App {
25+
API::Node cls() { result = API::moduleImport("fastapi").getMember("FastAPI") }
26+
2427
/** Gets a reference to a FastAPI application (an instance of `fastapi.FastAPI`). */
25-
API::Node instance() { result = API::moduleImport("fastapi").getMember("FastAPI").getReturn() }
28+
API::Node instance() { result = cls().getReturn() }
2629
}
2730

2831
/**
@@ -31,10 +34,14 @@ private module FastApi {
3134
* See https://fastapi.tiangolo.com/tutorial/bigger-applications/.
3235
*/
3336
module ApiRouter {
34-
/** Gets a reference to an instance of `fastapi.ApiRouter`. */
35-
API::Node instance() {
36-
result = API::moduleImport("fastapi").getMember("APIRouter").getASubclass*().getReturn()
37+
API::Node cls() {
38+
result = API::moduleImport("fastapi").getMember("APIRouter").getASubclass*()
39+
or
40+
result = ModelOutput::getATypeNode("fastapi.APIRouter~Subclass").getASubclass*()
3741
}
42+
43+
/** Gets a reference to an instance of `fastapi.ApiRouter`. */
44+
API::Node instance() { result = cls().getReturn() }
3845
}
3946

4047
// ---------------------------------------------------------------------------

python/ql/lib/semmle/python/frameworks/data/internal/empty.model.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,28 @@ extensions:
3030
- ["flask.MethodView~Subclass","flask_restplus","Member[resource].Member[MethodView]"]
3131
- ["flask.MethodView~Subclass","flask_restplus","Member[Resource]"]
3232

33+
- ["flask.MethodView~Subclass","flask_restx","Member[api].Member[SwaggerView]"]
34+
- ["flask.MethodView~Subclass","flask_restx","Member[resource].Member[Resource]"]
35+
- ["flask.MethodView~Subclass","flask_restx","Member[api].Member[Resource]"]
36+
- ["flask.MethodView~Subclass","flask_restx","Member[resource].Member[MethodView]"]
37+
- ["flask.MethodView~Subclass","flask_restx","Member[Resource]"]
38+
39+
- ["flask.MethodView~Subclass", "flask_restful", "Member[Resource]"]
40+
41+
- ["fastapi.APIRouter~Subclass","fastapi_utils","Member[inferring_router].Member[InferringRouter]"]
42+
- ["fastapi.APIRouter~Subclass","fastapi_utils","Member[inferring_router].Member[APIRouter]"]
43+
- ["fastapi.APIRouter~Subclass","fastapi_utils","Member[cbv].Member[APIRouter]"]
44+
45+
- ["django.forms.BaseForm~Subclass","haystack","Member[forms].Member[ModelSearchForm]"]
46+
- ["django.forms.BaseForm~Subclass","haystack","Member[forms].Member[SearchForm]"]
47+
- ["django.forms.BaseForm~Subclass","haystack","Member[forms].Member[FacetedSearchForm]"]
48+
- ["django.forms.BaseForm~Subclass","haystack","Member[forms].Member[HighlightedSearchForm]"]
49+
- ["django.forms.BaseForm~Subclass","haystack","Member[forms].Member[HighlightedModelSearchForm]"]
50+
- ["django.forms.BaseForm~Subclass","haystack","Member[forms].Member[FacetedModelSearchForm]"]
51+
- ["django.forms.BaseForm~Subclass","haystack","Member[views].Member[FacetedSearchForm]"]
52+
- ["django.forms.BaseForm~Subclass","haystack","Member[views].Member[ModelSearchForm]"]
53+
54+
3355
- addsTo:
3456
pack: codeql/python-all
3557
extensible: typeVariableModel

python/ql/src/meta/ClassHierarchy/Find.ql

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,14 @@ private import semmle.python.frameworks.FastApi
77
private import semmle.python.frameworks.Django
88
import semmle.python.frameworks.data.internal.ApiGraphModelsExtensions as Extensions
99

10+
// FIXME: I think the implementation below for `getAlreadyModeledClass` is wrong, since
11+
// it uses `.getASubclass*()` for flask/fastAPI (and initially also Django, I just fixed
12+
// it for django while discovering this problem). Basically, I fear that it if library
13+
// defines class A and B, where B is a subclass of A, the automated modeling might only
14+
// find B...
15+
//
16+
// I doesn't seem to be the case, which is probably why I didn't discover this, but on
17+
// top of my head I can't really tell why.
1018
class FlaskViewClasses extends FindSubclassesSpec {
1119
FlaskViewClasses() { this = "flask.View~Subclass" }
1220

@@ -21,6 +29,36 @@ class FlaskMethodViewClasses extends FindSubclassesSpec {
2129
override FlaskViewClasses getSuperClass() { any() }
2230
}
2331

32+
class FastApiRouter extends FindSubclassesSpec {
33+
FastApiRouter() { this = "fastapi.APIRouter~Subclass" }
34+
35+
override API::Node getAlreadyModeledClass() { result = FastApi::ApiRouter::cls() }
36+
}
37+
38+
class DjangoForms extends FindSubclassesSpec {
39+
DjangoForms() { this = "django.forms.BaseForm~Subclass" }
40+
41+
override API::Node getAlreadyModeledClass() {
42+
result = any(Django::Forms::Form::ModeledSubclass subclass)
43+
}
44+
}
45+
46+
class DjangoView extends FindSubclassesSpec {
47+
DjangoView() { this = "Django.Views.View~Subclass" }
48+
49+
override API::Node getAlreadyModeledClass() {
50+
result = any(Django::Views::View::ModeledSubclass subclass)
51+
}
52+
}
53+
54+
class DjangoField extends FindSubclassesSpec {
55+
DjangoField() { this = "Django.Forms.Field~Subclass" }
56+
57+
override API::Node getAlreadyModeledClass() {
58+
result = any(Django::Forms::Field::ModeledSubclass subclass)
59+
}
60+
}
61+
2462
bindingset[fullyQualified]
2563
predicate fullyQualifiedToYamlFormat(string fullyQualified, string type2, string path) {
2664
exists(int firstDot | firstDot = fullyQualified.indexOf(".", 0, 0) |

0 commit comments

Comments
 (0)