Python: Django: Don't require viewFunction to mark as route

RasmusWL · RasmusWL · commit b760b1f1f2e2 · 2020-03-11T12:37:18.000+01:00
It's very nice to be able to see all the DjangoRoutes even if we don't know the
function that is used to handle the request, at least for debugging.
diff --git a/python/ql/src/semmle/python/web/django/General.qll b/python/ql/src/semmle/python/web/django/General.qll
@@ -6,7 +6,11 @@ import semmle.python.web.Http
 // a FunctionValue, so we can't use `FunctionValue.getArgumentForCall`
 // https://github.com/django/django/blob/master/django/urls/conf.py#L76
 abstract class DjangoRoute extends CallNode {
-    abstract FunctionValue getViewFunction();
+    FunctionValue getViewFunction() {
+        result = this.getArg(1).pointsTo()
+        or
+        result = this.getArgByName("view").pointsTo()
+    }
 
     abstract string getANamedArgument();
 
@@ -25,14 +29,12 @@ class DjangoRouteRegex extends RegexString {
 
 class DjangoRegexRoute extends DjangoRoute {
     ControlFlowNode route;
-    FunctionValue view;
 
     DjangoRegexRoute() {
         exists(FunctionValue route_maker |
-            // Django 1.x
+            // Django 1.x: https://docs.djangoproject.com/en/1.11/ref/urls/#django.conf.urls.url
             Value::named("django.conf.urls.url") = route_maker and
-            route_maker.getArgumentForCall(this, 0) = route and
-            route_maker.getArgumentForCall(this, 1).pointsTo(view)
+            route_maker.getArgumentForCall(this, 0) = route
         )
         or
         // Django 2.x and 3.x: https://docs.djangoproject.com/en/3.0/ref/urls/#re-path
@@ -41,16 +43,9 @@ class DjangoRegexRoute extends DjangoRoute {
             route = this.getArg(0)
             or
             route = this.getArgByName("route")
-        ) and
-        (
-            this.getArg(1).pointsTo(view)
-            or
-            this.getArgByName("view").pointsTo(view)
         )
     }
 
-    override FunctionValue getViewFunction() { result = view }
-
     ControlFlowNode getRouteArg() { result = route }
 
     override string getANamedArgument() {
@@ -69,7 +64,6 @@ class DjangoRegexRoute extends DjangoRoute {
 
 class DjangoPathRoute extends DjangoRoute {
     ControlFlowNode route;
-    FunctionValue view;
 
     DjangoPathRoute() {
         // Django 2.x and 3.x: https://docs.djangoproject.com/en/3.0/ref/urls/#path
@@ -78,16 +72,9 @@ class DjangoPathRoute extends DjangoRoute {
             route = this.getArg(0)
             or
             route = this.getArgByName("route")
-        ) and
-        (
-            this.getArg(1).pointsTo(view)
-            or
-            this.getArgByName("view").pointsTo(view)
         )
     }
 
-    override FunctionValue getViewFunction() { result = view }
-
     override string getANamedArgument() {
         // regexp taken from django:
         // https://github.com/django/django/blob/7d1bf29977bb368d7c28e7c6eb146db3b3009ae7/django/urls/resolvers.py#L199
