Python: Make "..Call" modeling classes extend DataFlow::CfgNode

RasmusWL · RasmusWL · commit 4d9d2155fc36 · 2020-10-14T10:44:58.000+02:00
diff --git a/python/ql/src/experimental/semmle/python/frameworks/Invoke.qll b/python/ql/src/experimental/semmle/python/frameworks/Invoke.qll
@@ -131,21 +131,19 @@ private module Invoke {
    * - `invoke.run` or `invoke.sudo` functions (http://docs.pyinvoke.org/en/stable/api/__init__.html)
    * - `run` or `sudo` methods on a `invoke.context.Context` instance (http://docs.pyinvoke.org/en/stable/api/context.html#invoke.context.Context.run)
    */
-  private class InvokeRunCommandCall extends SystemCommandExecution::Range {
+  private class InvokeRunCommandCall extends SystemCommandExecution::Range, DataFlow::CfgNode {
+    override CallNode node;
+
     InvokeRunCommandCall() {
-      exists(DataFlow::Node callFunction |
-        this.asCfgNode().(CallNode).getFunction() = callFunction.asCfgNode()
-      |
+      exists(DataFlow::Node callFunction | node.getFunction() = callFunction.asCfgNode() |
         callFunction = invoke_attr(["run", "sudo"])
         or
         callFunction = invoke::context::Context::instanceRunMethods()
       )
     }
 
     override DataFlow::Node getCommand() {
-      result.asCfgNode() = this.asCfgNode().(CallNode).getArg(0)
-      or
-      result.asCfgNode() = this.asCfgNode().(CallNode).getArgByName("command")
+      result.asCfgNode() in [node.getArg(0), node.getArgByName("command")]
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -131,21 +131,19 @@ private module Invoke {`
`131`	`131`	* - `invoke.run` or `invoke.sudo` functions (http://docs.pyinvoke.org/en/stable/api/__init__.html)
`132`	`132`	* - `run` or `sudo` methods on a `invoke.context.Context` instance (http://docs.pyinvoke.org/en/stable/api/context.html#invoke.context.Context.run)
`133`	`133`	`*/`
`134`		`- private class InvokeRunCommandCall extends SystemCommandExecution::Range {`
	`134`	`+ private class InvokeRunCommandCall extends SystemCommandExecution::Range, DataFlow::CfgNode {`
	`135`	`+ override CallNode node;`
	`136`	`+`
`135`	`137`	`InvokeRunCommandCall() {`
`136`		`- exists(DataFlow::Node callFunction \|`
`137`		`- this.asCfgNode().(CallNode).getFunction() = callFunction.asCfgNode()`
`138`		`- \|`
	`138`	`+ exists(DataFlow::Node callFunction \| node.getFunction() = callFunction.asCfgNode() \|`
`139`	`139`	`callFunction = invoke_attr(["run", "sudo"])`
`140`	`140`	`or`
`141`	`141`	`callFunction = invoke::context::Context::instanceRunMethods()`
`142`	`142`	`)`
`143`	`143`	`}`
`144`	`144`
`145`	`145`	`override DataFlow::Node getCommand() {`
`146`		`- result.asCfgNode() = this.asCfgNode().(CallNode).getArg(0)`
`147`		`- or`
`148`		`- result.asCfgNode() = this.asCfgNode().(CallNode).getArgByName("command")`
	`146`	`+ result.asCfgNode() in [node.getArg(0), node.getArgByName("command")]`
`149`	`147`	`}`
`150`	`148`	`}`
`151`	`149`	`}`