Python: add two implementations of PEP249

Rasmus Lerchedahl Petersen · Rasmus Lerchedahl Petersen · commit babcf7acd9d7 · 2020-11-01T16:01:05.000+01:00
diff --git a/python/ql/src/experimental/semmle/python/frameworks/MySQLdb.qll b/python/ql/src/experimental/semmle/python/frameworks/MySQLdb.qll
@@ -0,0 +1,23 @@
+private import python
+private import experimental.dataflow.DataFlow
+private import experimental.dataflow.RemoteFlowSources
+private import experimental.semmle.python.Concepts
+private import PEP249
+
+// ---------------------------------------------------------------------------
+// MySQLdb
+// ---------------------------------------------------------------------------
+/** Gets a reference to the `MySQLdb` module. */
+private DataFlow::Node moduleMySQLdb(DataFlow::TypeTracker t) {
+  t.start() and
+  result = DataFlow::importNode("MySQLdb")
+  or
+  exists(DataFlow::TypeTracker t2 | result = moduleMySQLdb(t2).track(t2, t))
+}
+
+/** Gets a reference to the `MySQLdb` module. */
+DataFlow::Node moduleMySQLdb() { result = moduleMySQLdb(DataFlow::TypeTracker::end()) }
+
+class MySQLdb extends PEP249Module {
+  MySQLdb() { this = moduleMySQLdb() }
+}
diff --git a/python/ql/src/experimental/semmle/python/frameworks/mysql.qll b/python/ql/src/experimental/semmle/python/frameworks/mysql.qll
@@ -0,0 +1,65 @@
+private import python
+private import experimental.dataflow.DataFlow
+private import experimental.dataflow.RemoteFlowSources
+private import experimental.semmle.python.Concepts
+private import PEP249
+
+// ---------------------------------------------------------------------------
+// mysql
+// ---------------------------------------------------------------------------
+/** Gets a reference to the `mysql` module. */
+private DataFlow::Node mysql(DataFlow::TypeTracker t) {
+  t.start() and
+  result = DataFlow::importNode("mysql")
+  or
+  exists(DataFlow::TypeTracker t2 | result = mysql(t2).track(t2, t))
+}
+
+/** Gets a reference to the `mysql` module. */
+DataFlow::Node mysql() { result = mysql(DataFlow::TypeTracker::end()) }
+
+/**
+ * Gets a reference to the attribute `attr_name` of the `mysql` module.
+ * WARNING: Only holds for a few predefined attributes.
+ */
+private DataFlow::Node mysql_attr(DataFlow::TypeTracker t, string attr_name) {
+  attr_name in ["connector"] and
+  (
+    t.start() and
+    result = DataFlow::importNode("mysql" + "." + attr_name)
+    or
+    t.startInAttr(attr_name) and
+    result = mysql()
+  )
+  or
+  // Due to bad performance when using normal setup with `mysql_attr(t2, attr_name).track(t2, t)`
+  // we have inlined that code and forced a join
+  exists(DataFlow::TypeTracker t2 |
+    exists(DataFlow::StepSummary summary |
+      mysql_attr_first_join(t2, attr_name, result, summary) and
+      t = t2.append(summary)
+    )
+  )
+}
+
+pragma[nomagic]
+private predicate mysql_attr_first_join(
+  DataFlow::TypeTracker t2, string attr_name, DataFlow::Node res, DataFlow::StepSummary summary
+) {
+  DataFlow::StepSummary::step(mysql_attr(t2, attr_name), res, summary)
+}
+
+/**
+ * Gets a reference to the attribute `attr_name` of the `mysql` module.
+ * WARNING: Only holds for a few predefined attributes.
+ */
+private DataFlow::Node mysql_attr(string attr_name) {
+  result = mysql_attr(DataFlow::TypeTracker::end(), attr_name)
+}
+
+/** Provides models for the `mysql` module. */
+module mysql {
+  class MysqlConnector extends PEP249Module {
+    MysqlConnector() { this = mysql_attr("connector") }
+  }
+}
