Python: Model exec statement (Python 2 only) as CodeExecution

RasmusWL · RasmusWL · commit 73971cff7697 · 2020-10-07T21:12:35.000+02:00
diff --git a/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll b/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
@@ -328,3 +328,17 @@ private module Stdlib {
     }
   }
 }
+
+/**
+ * An exec statement (only Python 2).
+ * Se ehttps://docs.python.org/2/reference/simple_stmts.html#the-exec-statement.
+ */
+private class ExecStatement extends CodeExecution::Range {
+  ExecStatement() {
+    // since there are no DataFlow::Nodes for a Statement, we can't do anything like
+    // `this = any(Exec exec)`
+    this.asExpr() = any(Exec exec).getBody()
+  }
+
+  override DataFlow::Node getCode() { result = this }
+}
diff --git a/python/ql/test/experimental/library-tests/frameworks/stdlib-py2/ConceptsTest.expected b/python/ql/test/experimental/library-tests/frameworks/stdlib-py2/ConceptsTest.expected
@@ -1 +0,0 @@
-| CodeExecution.py:2:19:2:40 | Comment # $getCode="print(42)" | Missing result:getCode="print(42)" |

Original file line number	Diff line number	Diff line change
`@@ -328,3 +328,17 @@ private module Stdlib {`
`328`	`328`	`}`
`329`	`329`	`}`
`330`	`330`	`}`
	`331`	`+`
	`332`	`+/**`
	`333`	`+ * An exec statement (only Python 2).`
	`334`	`+ * Se ehttps://docs.python.org/2/reference/simple_stmts.html#the-exec-statement.`
	`335`	`+ */`
	`336`	`+private class ExecStatement extends CodeExecution::Range {`
	`337`	`+ ExecStatement() {`
	`338`	`+ // since there are no DataFlow::Nodes for a Statement, we can't do anything like`
	`339`	+ // `this = any(Exec exec)`
	`340`	`+ this.asExpr() = any(Exec exec).getBody()`
	`341`	`+ }`
	`342`	`+`
	`343`	`+ override DataFlow::Node getCode() { result = this }`
	`344`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -1 +0,0 @@`
`1`		`-\| CodeExecution.py:2:19:2:40 \| Comment # $getCode="print(42)" \| Missing result:getCode="print(42)" \|`