Python: Modernise cherrypy library

RasmusWL · RasmusWL · commit ff28b3f1b4e2 · 2019-09-27T11:23:33.000+02:00
diff --git a/python/ql/src/semmle/python/web/cherrypy/General.qll b/python/ql/src/semmle/python/web/cherrypy/General.qll
@@ -3,18 +3,18 @@ import semmle.python.web.Http
 
 module CherryPy {
 
-    FunctionObject expose() {
-        result = ModuleObject::named("cherrypy").attr("expose")
+    FunctionValue expose() {
+        result = Value::named("cherrypy.expose")
     }
 
 }
 
 class CherryPyExposedFunction extends Function {
 
     CherryPyExposedFunction() {
-        this.getADecorator().refersTo(CherryPy::expose())
+        this.getADecorator().pointsTo(CherryPy::expose())
         or
-        this.getADecorator().(Call).getFunc().refersTo(CherryPy::expose())
+        this.getADecorator().(Call).getFunc().pointsTo(CherryPy::expose())
     }
 
 }
@@ -23,10 +23,10 @@ class CherryPyRoute extends CallNode {
 
     CherryPyRoute() {
         /* cherrypy.quickstart(root, script_name, config) */
-        ModuleObject::named("cherrypy").attr("quickstart").(FunctionObject).getACall() = this
+        Value::named("cherrypy.quickstart").(FunctionValue).getACall() = this
         or
         /* cherrypy.tree.mount(root, script_name, config) */
-        this.getFunction().(AttrNode).getObject("mount").refersTo(ModuleObject::named("cherrypy").attr("tree"))
+        this.getFunction().(AttrNode).getObject("mount").pointsTo(Value::named("cherrypy.tree"))
     }
 
     ClassObject getAppClass() {
diff --git a/python/ql/src/semmle/python/web/cherrypy/Request.qll b/python/ql/src/semmle/python/web/cherrypy/Request.qll
@@ -54,7 +54,7 @@ class CherryPyExposedFunctionParameter extends TaintSource {
 class CherryPyRequestSource extends TaintSource {
 
     CherryPyRequestSource() {
-        this.(ControlFlowNode).refersTo(ModuleObject::named("cherrypy").attr("request"))
+        this.(ControlFlowNode).pointsTo(Value::named("cherrypy.request"))
     }
 
     override predicate isSourceOf(TaintKind kind) {
diff --git a/python/ql/test/library-tests/web/cherrypy/Sources.expected b/python/ql/test/library-tests/web/cherrypy/Sources.expected
@@ -1,4 +1,3 @@
 | ../../../query-tests/Security/lib/cherrypy/__init__.py:10 | _ThreadLocalProxy() | cherrypy.request |
-| ../../../query-tests/Security/lib/cherrypy/__init__.py:10 | request | cherrypy.request |
 | test.py:10 | arg | externally controlled string |
 | test.py:16 | arg | externally controlled string |

Original file line number	Diff line number	Diff line change
`@@ -3,18 +3,18 @@ import semmle.python.web.Http`
`3`	`3`
`4`	`4`	`module CherryPy {`
`5`	`5`
`6`		`- FunctionObject expose() {`
`7`		`- result = ModuleObject::named("cherrypy").attr("expose")`
	`6`	`+ FunctionValue expose() {`
	`7`	`+ result = Value::named("cherrypy.expose")`
`8`	`8`	`}`
`9`	`9`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`class CherryPyExposedFunction extends Function {`
`13`	`13`
`14`	`14`	`CherryPyExposedFunction() {`
`15`		`- this.getADecorator().refersTo(CherryPy::expose())`
	`15`	`+ this.getADecorator().pointsTo(CherryPy::expose())`
`16`	`16`	`or`
`17`		`- this.getADecorator().(Call).getFunc().refersTo(CherryPy::expose())`
	`17`	`+ this.getADecorator().(Call).getFunc().pointsTo(CherryPy::expose())`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`}`
`@@ -23,10 +23,10 @@ class CherryPyRoute extends CallNode {`
`23`	`23`
`24`	`24`	`CherryPyRoute() {`
`25`	`25`	`/* cherrypy.quickstart(root, script_name, config) */`
`26`		`- ModuleObject::named("cherrypy").attr("quickstart").(FunctionObject).getACall() = this`
	`26`	`+ Value::named("cherrypy.quickstart").(FunctionValue).getACall() = this`
`27`	`27`	`or`
`28`	`28`	`/* cherrypy.tree.mount(root, script_name, config) */`
`29`		`- this.getFunction().(AttrNode).getObject("mount").refersTo(ModuleObject::named("cherrypy").attr("tree"))`
	`29`	`+ this.getFunction().(AttrNode).getObject("mount").pointsTo(Value::named("cherrypy.tree"))`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`ClassObject getAppClass() {`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ class CherryPyExposedFunctionParameter extends TaintSource {`
`54`	`54`	`class CherryPyRequestSource extends TaintSource {`
`55`	`55`
`56`	`56`	`CherryPyRequestSource() {`
`57`		`- this.(ControlFlowNode).refersTo(ModuleObject::named("cherrypy").attr("request"))`
	`57`	`+ this.(ControlFlowNode).pointsTo(Value::named("cherrypy.request"))`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`override predicate isSourceOf(TaintKind kind) {`