Skip to content

Commit 74bd045

Browse files
RasmusWLRasmusWL
committed
Python: Make "..Call" modeling classes extend DataFlow::CfgNode
1 parent ba158f3 commit 74bd045

File tree

1 file changed

+10
-16
lines changed
  • python/ql/src/experimental/semmle/python/frameworks

1 file changed

+10
-16
lines changed

python/ql/src/experimental/semmle/python/frameworks/Flask.qll

+10-16
Original file line numberDiff line numberDiff line change
@@ -148,41 +148,35 @@ private module Flask {
148148
*
149149
* See https://flask.palletsprojects.com/en/1.1.x/api/#flask.Flask.route
150150
*/
151-
private class FlaskAppRouteCall extends FlaskRouteSetup {
152-
CallNode call;
151+
private class FlaskAppRouteCall extends FlaskRouteSetup, DataFlow::CfgNode {
152+
override CallNode node;
153153

154-
FlaskAppRouteCall() {
155-
call.getFunction() = app_attr("route").asCfgNode() and
156-
this.asCfgNode() = call
157-
}
154+
FlaskAppRouteCall() { node.getFunction() = app_attr("route").asCfgNode() }
158155

159156
override DataFlow::Node getUrlPatternArg() {
160-
result.asCfgNode() in [call.getArg(0), call.getArgByName("rule")]
157+
result.asCfgNode() in [node.getArg(0), node.getArgByName("rule")]
161158
}
162159

163-
override Function getARouteHandler() { result.getADecorator() = call.getNode() }
160+
override Function getARouteHandler() { result.getADecorator().getAFlowNode() = node }
164161
}
165162

166163
/**
167164
* A call to `flask.Flask.add_url_rule`.
168165
*
169166
* See https://flask.palletsprojects.com/en/1.1.x/api/#flask.Flask.add_url_rule
170167
*/
171-
private class FlaskAppAddUrlRule extends FlaskRouteSetup {
172-
CallNode call;
168+
private class FlaskAppAddUrlRule extends FlaskRouteSetup, DataFlow::CfgNode {
169+
override CallNode node;
173170

174-
FlaskAppAddUrlRule() {
175-
call.getFunction() = app_attr("add_url_rule").asCfgNode() and
176-
this.asCfgNode() = call
177-
}
171+
FlaskAppAddUrlRule() { node.getFunction() = app_attr("add_url_rule").asCfgNode() }
178172

179173
override DataFlow::Node getUrlPatternArg() {
180-
result.asCfgNode() in [call.getArg(0), call.getArgByName("rule")]
174+
result.asCfgNode() in [node.getArg(0), node.getArgByName("rule")]
181175
}
182176

183177
override Function getARouteHandler() {
184178
exists(DataFlow::Node view_func_arg, DataFlow::Node func_src |
185-
view_func_arg.asCfgNode() in [call.getArg(2), call.getArgByName("view_func")] and
179+
view_func_arg.asCfgNode() in [node.getArg(2), node.getArgByName("view_func")] and
186180
DataFlow::localFlow(func_src, view_func_arg) and
187181
func_src.asExpr().(CallableExpr) = result.getDefinition()
188182
)

0 commit comments

Comments
 (0)