Python move various theXXX() predicates into the appropriate module.

markshannon · markshannon · commit 35fa5d8f60b3 · 2019-02-20T10:34:08.000Z
diff --git a/python/ql/src/Exceptions/EmptyExcept.ql b/python/ql/src/Exceptions/EmptyExcept.ql
@@ -67,9 +67,9 @@ predicate subscript(Stmt s) {
 predicate encode_decode(Expr ex, ClassObject type) {
     exists(string name |
         ex.(Call).getFunc().(Attribute).getName() = name |
-        name = "encode" and type = builtin_object("UnicodeEncodeError")
+        name = "encode" and type = Object::builtin("UnicodeEncodeError")
         or
-        name = "decode" and type = builtin_object("UnicodeDecodeError")
+        name = "decode" and type = Object::builtin("UnicodeDecodeError")
     )
 }
 
diff --git a/python/ql/src/Exceptions/NotImplemented.qll b/python/ql/src/Exceptions/NotImplemented.qll
@@ -3,9 +3,9 @@ import python
 
 /** Holds if `notimpl` refers to `NotImplemented` or `NotImplemented()` in the `raise` statement */
 predicate use_of_not_implemented_in_raise(Raise raise, Expr notimpl) {
-    notimpl.refersTo(theNotImplementedObject()) and
+    notimpl.refersTo(Object::notImplemented()) and
     (
-        notimpl = raise.getException() or 
+        notimpl = raise.getException() or
         notimpl = raise.getException().(Call).getFunc()
     )
 }
diff --git a/python/ql/src/Exceptions/UnguardedNextInGenerator.ql b/python/ql/src/Exceptions/UnguardedNextInGenerator.ql
@@ -13,11 +13,11 @@
 import python
 
 FunctionObject iter() {
-    result = builtin_object("iter")
+    result = Object::builtin("iter")
 }
 
 FunctionObject next() {
-    result = builtin_object("next")
+    result = Object::builtin("next")
 }
 
 predicate call_to_iter(CallNode call, EssaVariable sequence) {
diff --git a/python/ql/src/Expressions/Formatting/AdvancedFormatting.qll b/python/ql/src/Expressions/Formatting/AdvancedFormatting.qll
@@ -107,7 +107,7 @@ private predicate brace_pair(PossibleAdvancedFormatString fmt, int start, int en
 private predicate advanced_format_call(Call format_expr, PossibleAdvancedFormatString fmt, int args) {
     exists(CallNode call | 
         call = format_expr.getAFlowNode() |
-        call.getFunction().refersTo(theFormatFunction()) and call.getArg(0).refersTo(_, fmt.getAFlowNode()) and
+        call.getFunction().refersTo(BuiltinFunctionObject::format()) and call.getArg(0).refersTo(_, fmt.getAFlowNode()) and
         args = count(format_expr.getAnArg()) - 1
         or
         call.getFunction().(AttrNode).getObject("format").refersTo(_, fmt.getAFlowNode()) and
diff --git a/python/ql/src/Expressions/UseofApply.ql b/python/ql/src/Expressions/UseofApply.ql
@@ -13,5 +13,5 @@ import python
 
 from CallNode call, ControlFlowNode func
 where
-major_version() = 2 and call.getFunction() = func and func.refersTo(theApplyFunction())
+major_version() = 2 and call.getFunction() = func and func.refersTo(BuiltinFunctionObject::apply())
 select call, "Call to the obsolete builtin function 'apply'."
diff --git a/python/ql/src/Expressions/UseofInput.ql b/python/ql/src/Expressions/UseofInput.ql
@@ -14,5 +14,5 @@ import python
 
 from CallNode call, Context context, ControlFlowNode func
 where
-context.getAVersion().includes(2, _) and call.getFunction() = func and func.refersTo(context, theInputFunction(), _, _)
+context.getAVersion().includes(2, _) and call.getFunction() = func and func.refersTo(context, BuiltinFunctionObject::input(), _, _)
 select call, "The unsafe built-in function 'input' is used."
diff --git a/python/ql/src/Functions/IncorrectRaiseInSpecialMethod.ql b/python/ql/src/Functions/IncorrectRaiseInSpecialMethod.ql
@@ -70,11 +70,11 @@ predicate correct_raise(string name, ClassObject ex) {
 predicate preferred_raise(string name, ClassObject ex) {
     attribute_method(name) and ex = theAttributeErrorType()
     or
-    indexing_method(name) and ex = builtin_object("LookupError")
+    indexing_method(name) and ex = Object::builtin("LookupError")
     or
     ordering_method(name) and ex = theTypeErrorType()
     or
-    arithmetic_method(name) and ex = builtin_object("ArithmeticError")
+    arithmetic_method(name) and ex = Object::builtin("ArithmeticError")
 }
 
 predicate no_need_to_raise(string name, string message) {
diff --git a/python/ql/src/Resources/FileOpen.qll b/python/ql/src/Resources/FileOpen.qll
@@ -128,7 +128,7 @@ predicate function_should_close_parameter(Function func) {
 }
 
 predicate function_opens_file(FunctionObject f) {
-    f = theOpenFunction()
+    f = BuiltinFunctionObject::open()
     or
     exists(EssaVariable v, Return ret |
         ret.getScope() = f.getFunction() |
diff --git a/python/ql/src/Security/CWE-798/HardcodedCredentials.ql b/python/ql/src/Security/CWE-798/HardcodedCredentials.ql
@@ -42,7 +42,7 @@ predicate possible_reflective_name(string name) {
     or
     any(ModuleObject m).getName() = name
     or
-    exists(builtin_object(name))
+    exists(Object::builtin(name))
 }
 
 int char_count(StrConst str) {
diff --git a/python/ql/src/Statements/RedundantAssignment.ql b/python/ql/src/Statements/RedundantAssignment.ql
@@ -39,14 +39,14 @@ predicate maybe_defined_in_outer_scope(Name n) {
 }
 
 Variable relevant_var(Name n) {
-	n.getVariable() = result and
-	(corresponding(n, _) or corresponding(_, n))
+    n.getVariable() = result and
+    (corresponding(n, _) or corresponding(_, n))
 }
 
 predicate same_name(Name n1, Name n2) {
     corresponding(n1, n2) and
     relevant_var(n1) = relevant_var(n2) and
-    not exists(builtin_object(n1.getId())) and
+    not exists(Object::builtin(n1.getId())) and
     not maybe_defined_in_outer_scope(n2)
 }
 
diff --git a/python/ql/src/Statements/UseOfExit.ql b/python/ql/src/Statements/UseOfExit.ql
@@ -12,5 +12,5 @@
 import python
 
 from CallNode call, string name
-where call.getFunction().refersTo(quitterObject(name))
+where call.getFunction().refersTo(Object::quitter(name))
 select call, "The '" + name + "' site.Quitter object may not exist if the 'site' module is not loaded or is modified."
diff --git a/python/ql/src/Variables/MonkeyPatched.qll b/python/ql/src/Variables/MonkeyPatched.qll
@@ -15,7 +15,7 @@ predicate monkey_patched_builtin(string name) {
         bltn.refersTo(theBuiltinModuleObject()) and
         call.getArg(1).getNode() = s and
         s.getText() = name and
-        call.getFunction().refersTo(builtin_object("setattr"))
+        call.getFunction().refersTo(Object::builtin("setattr"))
     )
     or
     exists(AttrNode attr | 
diff --git a/python/ql/src/Variables/ShadowBuiltin.ql b/python/ql/src/Variables/ShadowBuiltin.ql
@@ -45,7 +45,7 @@ predicate white_list(string name) {
 predicate shadows(Name d, string name, Scope scope, int line) {
     exists(LocalVariable l | d.defines(l) and scope instanceof Function and
            l.getId() = name and
-           exists(builtin_object(l.getId()))
+           exists(Object::builtin(l.getId()))
     ) and
     d.getScope() = scope and
     d.getLocation().getStartLine() = line and
diff --git a/python/ql/src/Variables/ShadowGlobal.ql b/python/ql/src/Variables/ShadowGlobal.ql
@@ -21,7 +21,7 @@ predicate shadows(Name d, GlobalVariable g, Scope scope, int line) {
         not exists(Import il, Import ig, Name gd | il.contains(d) and gd.defines(g) and ig.contains(gd)) and
         not exists(Assign a | a.getATarget() = d and a.getValue() = g.getAnAccess())
     ) and
-    not exists(builtin_object(g.getId())) and
+    not exists(Object::builtin(g.getId())) and
     d.getScope() = scope and
     d.getLocation().getStartLine() = line and
     exists(Name defn | defn.defines(g) |
diff --git a/python/ql/src/Variables/SuspiciousUnusedLoopIterationVariable.ql b/python/ql/src/Variables/SuspiciousUnusedLoopIterationVariable.ql
@@ -47,8 +47,8 @@ predicate one_item_only(For f) {
 predicate points_to_call_to_range(ControlFlowNode f) {
     /* (x)range is a function in Py2 and a class in Py3, so we must treat it as a plain object */ 
     exists(Object range, Object call |
-        range = builtin_object("range") or
-        range = builtin_object("xrange")
+        range = Object::builtin("range") or
+        range = Object::builtin("xrange")
     |
         f.refersTo(call) and
         call.(CallNode).getFunction().refersTo(range)
diff --git a/python/ql/src/Variables/UndefinedExport.ql b/python/ql/src/Variables/UndefinedExport.ql
@@ -24,7 +24,7 @@ predicate declaredInAll(Module m, StrConst name)
 
 predicate mutates_globals(PythonModuleObject m) {
     exists(CallNode globals |
-        globals = theGlobalsFunction().(FunctionObject).getACall() and
+        globals = BuiltinFunctionObject::globals().getACall() and
         globals.getScope() = m.getModule() |
         exists(AttrNode attr | attr.getObject() = globals)
         or
diff --git a/python/ql/src/Variables/UndefinedGlobal.ql b/python/ql/src/Variables/UndefinedGlobal.ql
@@ -90,8 +90,8 @@ predicate use_of_exec(Module m) {
     or
     exists(CallNode call, FunctionObject exec |
         exec.getACall() = call and call.getScope() = m |
-        exec = builtin_object("exec") or
-        exec = builtin_object("execfile")
+        exec = Object::builtin("exec") or
+        exec = Object::builtin("execfile")
     )
 }
 
diff --git a/python/ql/src/analysis/DefinitionTracking.qll b/python/ql/src/analysis/DefinitionTracking.qll
@@ -396,7 +396,7 @@ private predicate attribute_assignment_jump_to_defn_attribute(AttributeAssignmen
 private predicate sets_attribute(ArgumentRefinement def, string name) {
     exists(CallNode call |
         call = def.getDefiningNode() and
-        call.getFunction().refersTo(builtin_object("setattr")) and
+        call.getFunction().refersTo(Object::builtin("setattr")) and
         def.getInput().getAUse() = call.getArg(0) and
         call.getArg(1).getNode().(StrConst).getText() = name
     )
diff --git a/python/ql/src/semmle/python/SSA.qll b/python/ql/src/semmle/python/SSA.qll
@@ -201,7 +201,7 @@ private predicate gettext_installed() {
 }
 
 private predicate builtin_constant(string name) {
-    exists(builtin_object(name))
+    exists(Object::builtin(name))
     or
     name = "WindowsError"
     or
diff --git a/python/ql/src/semmle/python/pointsto/Base.qll b/python/ql/src/semmle/python/pointsto/Base.qll
@@ -196,7 +196,7 @@ predicate function_can_never_return(FunctionObject func) {
         not exists(f.getAnExitNode())
     )
     or
-    func = theExitFunctionObject()
+    func = BuiltinFunctionObject::sysExit()
 }
 
 /** Python specific sub-class of generic EssaNodeDefinition */
@@ -570,13 +570,13 @@ predicate potential_builtin_points_to(NameNode f, Object value, ClassObject cls,
     (
         builtin_name_points_to(f.getId(), value, cls)
         or
-        not exists(builtin_object(f.getId())) and value = unknownValue() and cls = theUnknownType()
+        not exists(Object::builtin(f.getId())) and value = unknownValue() and cls = theUnknownType()
     )
 }
 
 pragma [noinline]
 predicate builtin_name_points_to(string name, Object value, ClassObject cls) {
-    value = builtin_object(name) and py_cobjecttypes(value, cls)
+    value = Object::builtin(name) and py_cobjecttypes(value, cls)
 }
 
 module BaseFlow {
diff --git a/python/ql/src/semmle/python/pointsto/PointsTo.qll b/python/ql/src/semmle/python/pointsto/PointsTo.qll
@@ -322,7 +322,7 @@ module PointsTo {
 
         /** Holds if `call` is of the form `getattr(arg, "name")`. */
         cached predicate getattr(CallNode call, ControlFlowNode arg, string name) {
-            points_to(call.getFunction(), _, builtin_object("getattr"), _, _) and
+            points_to(call.getFunction(), _, Object::builtin("getattr"), _, _) and
             call.getArg(1).getNode().(StrConst).getText() = name and
             arg = call.getArg(0)
         }
@@ -1110,9 +1110,9 @@ module PointsTo {
          pragma [noinline]
          predicate call_points_to_builtin_function(CallNode f, PointsToContext context, Object value, ClassObject cls, ControlFlowNode origin) {
              exists(BuiltinCallable b |
-                 b != builtin_object("isinstance") and
-                 b != builtin_object("issubclass") and
-                 b != builtin_object("callable") and
+                 b != Object::builtin("isinstance") and
+                 b != Object::builtin("issubclass") and
+                 b != Object::builtin("callable") and
                  f = get_a_call(b, context) and
                  cls = b.getAReturnType()
              ) and
@@ -2007,9 +2007,9 @@ module PointsTo {
             exists(ControlFlowNode func, Object obj |
                 two_args_first_arg_string(def, func, name) and
                 points_to(func, _, obj, _, _) |
-                obj = builtin_object("setattr") and result = true
+                obj = Object::builtin("setattr") and result = true
                 or
-                obj != builtin_object("setattr") and result = false
+                obj != Object::builtin("setattr") and result = false
             )
         }
 
@@ -2349,7 +2349,7 @@ module PointsTo {
             (
                 exists(CallNode call |
                     call = expr and
-                    points_to(call.getFunction(), context, theLenFunction(), _, _) and
+                    points_to(call.getFunction(), context, Object::builtin("len"), _, _) and
                     use = call.getArg(0) and
                     val.(SequenceObject).getLength() = result
                 )
diff --git a/python/ql/src/semmle/python/security/TaintTracking.qll b/python/ql/src/semmle/python/security/TaintTracking.qll
@@ -246,7 +246,7 @@ private predicate copy_call(ControlFlowNode fromnode, CallNode tonode) {
         tonode.getArg(0) = fromnode
     )
     or
-    tonode.getFunction().refersTo(builtin_object("reversed")) and
+    tonode.getFunction().refersTo(Object::builtin("reversed")) and
     tonode.getArg(0) = fromnode
 }
 
@@ -937,7 +937,7 @@ library module TaintFlowImplementation {
     pragma [noinline]
     predicate getattr_step(TaintedNode fromnode, TrackedValue totaint, CallContext tocontext, CallNode tonode) {
         exists(ControlFlowNode arg, string name |
-            tonode.getFunction().refersTo(builtin_object("getattr")) and
+            tonode.getFunction().refersTo(Object::builtin("getattr")) and
             arg = tonode.getArg(0) and
             name = tonode.getArg(1).getNode().(StrConst).getText() and
             arg = fromnode.getNode() and
diff --git a/python/ql/src/semmle/python/security/injection/Exec.qll b/python/ql/src/semmle/python/security/injection/Exec.qll
@@ -12,9 +12,9 @@ import semmle.python.security.strings.Untrusted
 
 
 private FunctionObject exec_or_eval() {
-    result = builtin_object("exec")
+    result = Object::builtin("exec")
     or
-    result = builtin_object("eval")
+    result = Object::builtin("eval")
 }
 
 /** A taint sink that represents an argument to exec or eval that is vulnerable to malicious input.
diff --git a/python/ql/src/semmle/python/security/injection/Path.qll b/python/ql/src/semmle/python/security/injection/Path.qll
@@ -84,7 +84,7 @@ class OpenNode extends TaintSink {
 
     OpenNode() {
         exists(CallNode call |
-            call.getFunction().refersTo(builtin_object("open")) and
+            call.getFunction().refersTo(Object::builtin("open")) and
             call.getAnArg() = this
         )
     }
diff --git a/python/ql/src/semmle/python/security/strings/Common.qll b/python/ql/src/semmle/python/security/strings/Common.qll
@@ -11,6 +11,6 @@ predicate copy_call(ControlFlowNode fromnode, CallNode tonode) {
         tonode.getArg(0) = fromnode
     )
     or
-    tonode.getFunction().refersTo(builtin_object("reversed")) and
+    tonode.getFunction().refersTo(Object::builtin("reversed")) and
     tonode.getArg(0) = fromnode
 }
diff --git a/python/ql/src/semmle/python/types/ClassObject.qll b/python/ql/src/semmle/python/types/ClassObject.qll
@@ -495,9 +495,9 @@ ClassObject theUnicodeType() {
 
 /** The builtin class '(x)range' */
 ClassObject theRangeType() {
-    result = builtin_object("xrange")
+    result = Object::builtin("xrange")
     or
-    major_version() = 3 and result = builtin_object("range")
+    major_version() = 3 and result = Object::builtin("range")
 }
 
 /** The builtin class for bytes. str in Python2, bytes in Python3 */
@@ -590,20 +590,20 @@ ClassObject theBuiltinPropertyType() {
 
 /** The builtin class 'IOError' */
 ClassObject theIOErrorType() {
-    result = builtin_object("IOError")
+    result = Object::builtin("IOError")
 }
 
 /** The builtin class 'super' */
 ClassObject theSuperType() {
-    result = builtin_object("super")
+    result = Object::builtin("super")
 }
 
 /** The builtin class 'StopIteration' */
 ClassObject theStopIterationType() {
-    result = builtin_object("StopIteration")
+    result = Object::builtin("StopIteration")
 }
 
 /** The builtin class 'NotImplementedError' */
 ClassObject theNotImplementedErrorType() {
-    result = builtin_object("NotImplementedError")
+    result = Object::builtin("NotImplementedError")
 }
diff --git a/python/ql/src/semmle/python/types/Exceptions.qll b/python/ql/src/semmle/python/types/Exceptions.qll
@@ -31,7 +31,7 @@ class RaisingNode extends ControlFlowNode {
     }
 
     private predicate quits() {
-        this.(CallNode).getFunction().refersTo(quitterObject(_))
+        this.(CallNode).getFunction().refersTo(Object::quitter(_))
     }
 
     /** Gets the type of an exception that may be raised
@@ -49,7 +49,7 @@ class RaisingNode extends ControlFlowNode {
 
     pragma[noinline]
     private ClassObject systemExitRaise() {
-        this.quits() and result = builtin_object("SystemExit")
+        this.quits() and result = Object::builtin("SystemExit")
     }
 
     pragma [noinline, nomagic]
@@ -62,7 +62,7 @@ class RaisingNode extends ControlFlowNode {
             (ex.refersTo(result) or ex.refersTo(_, result, _))
           )
           or
-          this.getNode() instanceof ImportExpr and result = builtin_object("ImportError")
+          this.getNode() instanceof ImportExpr and result = Object::builtin("ImportError")
           or
           this.getNode() instanceof Print and result = theIOErrorType()
           or
diff --git a/python/ql/src/semmle/python/types/FunctionObject.qll b/python/ql/src/semmle/python/types/FunctionObject.qll
diff --git a/python/ql/src/semmle/python/types/Object.qll b/python/ql/src/semmle/python/types/Object.qll
diff --git a/python/ql/src/semmle/python/values/StringAttributes.qll b/python/ql/src/semmle/python/values/StringAttributes.qll

Original file line number	Diff line number	Diff line change
`@@ -67,9 +67,9 @@ predicate subscript(Stmt s) {`
`67`	`67`	`predicate encode_decode(Expr ex, ClassObject type) {`
`68`	`68`	`exists(string name \|`
`69`	`69`	`ex.(Call).getFunc().(Attribute).getName() = name \|`
`70`		`- name = "encode" and type = builtin_object("UnicodeEncodeError")`
	`70`	`+ name = "encode" and type = Object::builtin("UnicodeEncodeError")`
`71`	`71`	`or`
`72`		`- name = "decode" and type = builtin_object("UnicodeDecodeError")`
	`72`	`+ name = "decode" and type = Object::builtin("UnicodeDecodeError")`
`73`	`73`	`)`
`74`	`74`	`}`
`75`	`75`
Original file line number	Diff line number	Diff line change
`@@ -3,9 +3,9 @@ import python`
`3`	`3`
`4`	`4`	/** Holds if `notimpl` refers to `NotImplemented` or `NotImplemented()` in the `raise` statement */
`5`	`5`	`predicate use_of_not_implemented_in_raise(Raise raise, Expr notimpl) {`
`6`		`- notimpl.refersTo(theNotImplementedObject()) and`
	`6`	`+ notimpl.refersTo(Object::notImplemented()) and`
`7`	`7`	`(`
`8`		`- notimpl = raise.getException() or`
	`8`	`+ notimpl = raise.getException() or`
`9`	`9`	`notimpl = raise.getException().(Call).getFunc()`
`10`	`10`	`)`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,11 +13,11 @@`
`13`	`13`	`import python`
`14`	`14`
`15`	`15`	`FunctionObject iter() {`
`16`		`- result = builtin_object("iter")`
	`16`	`+ result = Object::builtin("iter")`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`FunctionObject next() {`
`20`		`- result = builtin_object("next")`
	`20`	`+ result = Object::builtin("next")`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`predicate call_to_iter(CallNode call, EssaVariable sequence) {`
Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,7 @@ predicate function_should_close_parameter(Function func) {`
`128`	`128`	`}`
`129`	`129`
`130`	`130`	`predicate function_opens_file(FunctionObject f) {`
`131`		`- f = theOpenFunction()`
	`131`	`+ f = BuiltinFunctionObject::open()`
`132`	`132`	`or`
`133`	`133`	`exists(EssaVariable v, Return ret \|`
`134`	`134`	`ret.getScope() = f.getFunction() \|`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ predicate possible_reflective_name(string name) {`
`42`	`42`	`or`
`43`	`43`	`any(ModuleObject m).getName() = name`
`44`	`44`	`or`
`45`		`- exists(builtin_object(name))`
	`45`	`+ exists(Object::builtin(name))`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`int char_count(StrConst str) {`
Original file line number	Diff line number	Diff line change
`@@ -39,14 +39,14 @@ predicate maybe_defined_in_outer_scope(Name n) {`
`39`	`39`	`}`
`40`	`40`
`41`	`41`	`Variable relevant_var(Name n) {`
`42`		`- n.getVariable() = result and`
`43`		`- (corresponding(n, _) or corresponding(_, n))`
	`42`	`+ n.getVariable() = result and`
	`43`	`+ (corresponding(n, _) or corresponding(_, n))`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`predicate same_name(Name n1, Name n2) {`
`47`	`47`	`corresponding(n1, n2) and`
`48`	`48`	`relevant_var(n1) = relevant_var(n2) and`
`49`		`- not exists(builtin_object(n1.getId())) and`
	`49`	`+ not exists(Object::builtin(n1.getId())) and`
`50`	`50`	`not maybe_defined_in_outer_scope(n2)`
`51`	`51`	`}`
`52`	`52`