Merge pull request github#2924 from BekaValentine/python-objectapi-to-valueapi-wrongnumberargumentsincall

Python: ObjectAPI to ValueAPI: WrongNumberArgumentsInCall

Author: tausbn

python/ql/src/Expressions/CallArgs.qll

@@ -154,14 +154,17 @@ predicate too_few_args(Call call, Value callable, int limit) {
     not exists(call.getKwargs()) and
     arg_count(call) < limit and
     exists(FunctionValue func | func = get_function_or_initializer(callable) |
-        call = func.getACall().getNode() and
+        call = func.getAFunctionCall().getNode() and
         limit = func.minParameters() and
-        // The combination of misuse of `mox.Mox().StubOutWithMock()`
-        // and a bug in mox's implementation of methods results in having to
-        // pass 1 too few arguments to the mocked function.
+        /*
+         * The combination of misuse of `mox.Mox().StubOutWithMock()`
+         * and a bug in mox's implementation of methods results in having to
+         * pass 1 too few arguments to the mocked function.
+         */
+
         not (useOfMoxInModule(call.getEnclosingModule()) and func.isNormalMethod())
         or
-        call = func.getACall().getNode() and limit = func.minParameters() - 1
+        call = func.getAMethodCall().getNode() and limit = func.minParameters() - 1
         or
         callable instanceof ClassValue and
         call.getAFlowNode() = get_a_call(callable) and
@@ -198,9 +201,9 @@ predicate too_many_args(Call call, Value callable, int limit) {
         not func.getScope().hasVarArg() and
         limit >= 0
     |
-        call = func.getACall().getNode() and limit = func.maxParameters()
+        call = func.getAFunctionCall().getNode() and limit = func.maxParameters()
         or
-        call = func.getACall().getNode() and limit = func.maxParameters() - 1
+        call = func.getAMethodCall().getNode() and limit = func.maxParameters() - 1
         or
         callable instanceof ClassValue and
         call.getAFlowNode() = get_a_call(callable) and
@@ -254,3 +257,8 @@ predicate overridden_call(FunctionValue func, FunctionValue overriding, Call cal
     overriding.overrides(func) and
     overriding.getACall().getNode() = call
 }
+
+/** Holds if `func` will raise a `NotImplemented` error. */
+predicate isAbstract(FunctionValue func) {
+    func.getARaisedType() = ClassValue::notImplementedError()
+}

python/ql/src/Expressions/WrongNumberArgumentsInCall.ql

@@ -14,22 +14,17 @@
 import python
 import CallArgs
 
-from Call call, FunctionObject func, string too, string should, int limit
+from Call call, FunctionValue func, string too, string should, int limit
 where
-    (
-        too_many_args_objectapi(call, func, limit) and
-        too = "too many arguments" and
-        should = "no more than "
-        or
-        too_few_args_objectapi(call, func, limit) and
-        too = "too few arguments" and
-        should = "no fewer than "
-    ) and
-    not func.isAbstract() and
-    not exists(FunctionObject overridden |
-        func.overrides(overridden) and correct_args_if_called_as_method_objectapi(call, overridden)
-    ) and
-    /* The semantics of `__new__` can be a bit subtle, so we simply exclude `__new__` methods */
-    not func.getName() = "__new__"
-select call, "Call to $@ with " + too + "; should be " + should + limit.toString() + ".", func,
-    func.descriptiveString()
+(
+    too_many_args(call, func, limit) and too = "too many arguments" and should = "no more than "
+    or
+    too_few_args(call, func, limit) and too = "too few arguments" and should = "no fewer than "
+) and
+not isAbstract(func) and
+not exists(FunctionValue overridden | func.overrides(overridden) and correct_args_if_called_as_method(call, overridden))
+/* The semantics of `__new__` can be a bit subtle, so we simply exclude `__new__` methods */
+and not func.getName() = "__new__"
+
+select call, "Call to $@ with " + too + "; should be " + should + limit.toString() + ".", func, func.descriptiveString()
+

python/ql/src/semmle/python/objects/ObjectAPI.qll

@@ -608,6 +608,12 @@ abstract class FunctionValue extends CallableValue {
         )
     }
 
+    /** Gets a class that may be raised by this function */
+    abstract ClassValue getARaisedType();
+
+    /** Gets a call-site from where this function is called as a function */
+    CallNode getAFunctionCall() { result.getFunction().pointsTo() = this }
+
     /** Gets a call-site from where this function is called as a method */
     CallNode getAMethodCall() {
         exists(BoundMethodObjectInternal bm |
@@ -656,6 +662,8 @@ class PythonFunctionValue extends FunctionValue {
     /** Gets a control flow node corresponding to a return statement in this function */
     ControlFlowNode getAReturnedNode() { result = this.getScope().getAReturnValueFlowNode() }
 
+    override ClassValue getARaisedType() { scope_raises(result, this.getScope()) }
+    
     override ClassValue getAnInferredReturnType() {
         /* We have to do a special version of this because builtin functions have no
          * explicit return nodes that we can query and get the class of.
@@ -676,6 +684,11 @@ class BuiltinFunctionValue extends FunctionValue {
 
     override int maxParameters() { none() }
 
+    override ClassValue getARaisedType() {
+        /* Information is unavailable for C code in general */
+        none()
+    }
+
     override ClassValue getAnInferredReturnType() {
         /* We have to do a special version of this because builtin functions have no
          * explicit return nodes that we can query and get the class of.
@@ -702,6 +715,11 @@ class BuiltinMethodValue extends FunctionValue {
 
     override int maxParameters() { none() }
 
+    override ClassValue getARaisedType() {
+        /* Information is unavailable for C code in general */
+        none()
+    }
+    
     override ClassValue getAnInferredReturnType() {
         result = TBuiltinClassObject(this.(BuiltinMethodObjectInternal).getReturnType())
     }
@@ -929,6 +947,9 @@ module ClassValue {
     /** Get the `ClassValue` for the `LookupError` class. */
     ClassValue lookupError() { result = TBuiltinClassObject(Builtin::builtin("LookupError")) }
 
+    /** Get the `ClassValue` for the `IndexError` class. */
+    ClassValue indexError() { result = TBuiltinClassObject(Builtin::builtin("IndexError")) }
+
     /** Get the `ClassValue` for the `IOError` class. */
     ClassValue ioError() { result = TBuiltinClassObject(Builtin::builtin("IOError")) }
 
@@ -949,4 +970,7 @@ module ClassValue {
     ClassValue unicodeDecodeError() {
         result = TBuiltinClassObject(Builtin::builtin("UnicodeDecodeError"))
     }
+
+    /** Get the `ClassValue` for the `SystemExit` class. */
+    ClassValue systemExit() { result = TBuiltinClassObject(Builtin::builtin("SystemExit")) }
 }