Python: Use ModuleObject::named more consistently.

taus-semmle · taus-semmle · commit f14f7b50ed2d · 2019-03-20T17:41:23.000+01:00
diff --git a/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql b/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql
@@ -15,10 +15,7 @@ import semmle.python.web.Http
 
 
 FunctionObject requestFunction() {
-    exists(ModuleObject req |
-        req.getName() = "requests" and
-        result = req.attr(httpVerbLower())
-    )
+    result = ModuleObject::named("requests").attr(httpVerbLower())
 }
 
 /** requests treats None as the default and all other "falsey" values as False */
diff --git a/python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql b/python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql
@@ -13,11 +13,11 @@
 import python
 
 FunctionObject ssl_wrap_socket() {
-    result = any(ModuleObject ssl | ssl.getName() = "ssl").attr("wrap_socket")
+    result = ModuleObject::named("ssl").attr("wrap_socket")
 }
 
 ClassObject ssl_Context_class() {
-    result = any(ModuleObject ssl | ssl.getName() = "ssl").attr("SSLContext")
+    result = ModuleObject::named("ssl").attr("SSLContext")
 }
 
 CallNode unsafe_call(string method_name) {
diff --git a/python/ql/src/Security/CWE-327/InsecureProtocol.ql b/python/ql/src/Security/CWE-327/InsecureProtocol.ql
@@ -34,11 +34,11 @@ string insecure_version_name() {
 }
 
 private ModuleObject the_ssl_module() {
-    result = any(ModuleObject m | m.getName() = "ssl")
+    result = ModuleObject::named("ssl")
 }
 
 private ModuleObject the_pyOpenSSL_module() {
-    result = any(ModuleObject m | m.getName() = "pyOpenSSL.SSL")
+    result = ModuleObject::named("pyOpenSSL.SSL")
 }
 
 /* A syntactic check for cases where points-to analysis cannot infer the presence of
@@ -76,7 +76,7 @@ predicate unsafe_ssl_wrap_socket_call(CallNode call, string method_name, string
 }
 
 ClassObject the_pyOpenSSL_Context_class() {
-    result = any(ModuleObject m | m.getName() = "pyOpenSSL.SSL").attr("Context")
+    result = ModuleObject::named("pyOpenSSL.SSL").attr("Context")
 }
 
 predicate unsafe_pyOpenSSL_Context_call(CallNode call, string insecure_version) {
diff --git a/python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql b/python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql
@@ -23,7 +23,7 @@ FunctionObject temporary_name_function(string mod, string function) {
             function = "tempnam"
         )
     ) and
-    result = any(ModuleObject m | m.getName() = mod).getAttribute(function)
+    result = ModuleObject::named(mod).getAttribute(function)
 }
 
 from Call c, string mod, string function
diff --git a/python/ql/src/Security/CWE-732/WeakFilePermissions.ql b/python/ql/src/Security/CWE-732/WeakFilePermissions.ql
@@ -35,12 +35,12 @@ string permissive_permission(int p) {
 }
 
 predicate chmod_call(CallNode call, FunctionObject chmod, NumericObject num) {
-    any(ModuleObject os | os.getName() = "os").attr("chmod") = chmod and
+    ModuleObject::named("os").attr("chmod") = chmod and
     chmod.getACall() = call and call.getArg(1).refersTo(num)
 }
 
 predicate open_call(CallNode call, FunctionObject open, NumericObject num) {
-    any(ModuleObject os | os.getName() = "os").attr("open") = open and
+    ModuleObject::named("os").attr("open") = open and
     open.getACall() = call and call.getArg(2).refersTo(num)
 }
 
diff --git a/python/ql/src/Security/CWE-798/HardcodedCredentials.ql b/python/ql/src/Security/CWE-798/HardcodedCredentials.ql
@@ -40,7 +40,7 @@ predicate possible_reflective_name(string name) {
     or
     any(ClassObject c).getName() = name
     or
-    any(ModuleObject m).getName() = name
+    exists(ModuleObject::named(name))
     or
     exists(Object::builtin(name))
 }
diff --git a/python/ql/src/semmle/python/security/injection/Command.qll b/python/ql/src/semmle/python/security/injection/Command.qll
@@ -83,7 +83,7 @@ class ShellCommand extends TaintSink {
         or
         exists(CallNode call |
             call.getAnArg() = this and
-            call.getFunction().refersTo(any(ModuleObject commands | commands.getName() = "commands"))
+            call.getFunction().refersTo(ModuleObject::named("commands"))
         )
     }
 
diff --git a/python/ql/src/semmle/python/security/strings/External.qll b/python/ql/src/semmle/python/security/strings/External.qll
@@ -91,7 +91,7 @@ private predicate json_subscript_taint(SubscriptNode sub, ControlFlowNode obj, E
 
 private predicate json_load(ControlFlowNode fromnode, CallNode tonode) {
     exists(FunctionObject json_loads |
-        any(ModuleObject json | json.getName() = "json").attr("loads") = json_loads and
+        ModuleObject::named("json").attr("loads") = json_loads and
         json_loads.getACall() = tonode and tonode.getArg(0) = fromnode
     )
 }
diff --git a/python/ql/src/semmle/python/web/bottle/General.qll b/python/ql/src/semmle/python/web/bottle/General.qll
@@ -9,7 +9,7 @@ ModuleObject theBottleModule() {
 
 /** The bottle.Bottle class */
 ClassObject theBottleClass() {
-    result = ModuleObject::named("bottle").attr("Bottle")
+    result = theBottleModule().attr("Bottle")
 }
 
 /** Holds if `route` is routed to `func`
diff --git a/python/ql/src/semmle/python/web/django/Db.qll b/python/ql/src/semmle/python/web/django/Db.qll
@@ -12,7 +12,7 @@ class DjangoDbCursor extends DbCursor {
 }
 
 private Object theDjangoConnectionObject() {
-    any(ModuleObject m | m.getName() = "django.db").attr("connection") = result
+    ModuleObject::named("django.db").attr("connection") = result
 }
 
 /** A kind of taint source representing sources of django cursor objects.
@@ -38,7 +38,7 @@ class DjangoDbCursorSource extends DbConnectionSource {
 
 
 ClassObject theDjangoRawSqlClass() {
-    result = any(ModuleObject m | m.getName() = "django.db.models.expressions").attr("RawSQL")
+    result = ModuleObject::named("django.db.models.expressions").attr("RawSQL")
 }
 
 /**
diff --git a/python/ql/src/semmle/python/web/django/Model.qll b/python/ql/src/semmle/python/web/django/Model.qll
@@ -8,7 +8,7 @@ import semmle.python.web.Http
 class DjangoModel extends ClassObject {
 
     DjangoModel() {
-        any(ModuleObject m | m.getName() = "django.db.models").attr("Model") = this.getAnImproperSuperType()
+        ModuleObject::named("django.db.models").attr("Model") = this.getAnImproperSuperType()
     }
 
 }
diff --git a/python/ql/src/semmle/python/web/django/Request.qll b/python/ql/src/semmle/python/web/django/Request.qll
@@ -82,7 +82,7 @@ private class DjangoFunctionBasedViewRequestArgument extends DjangoRequestSource
 private class DjangoView extends ClassObject {
 
     DjangoView() {
-        any(ModuleObject m | m.getName() = "django.views.generic").attr("View") = this.getAnImproperSuperType()
+        ModuleObject::named("django.views.generic").attr("View") = this.getAnImproperSuperType()
     }
 }
 
@@ -109,7 +109,7 @@ class DjangoClassBasedViewRequestArgument extends DjangoRequestSource {
 /* Function based views */
 predicate url_dispatch(CallNode call, ControlFlowNode regex, FunctionObject view) {
     exists(FunctionObject url |
-        any(ModuleObject m | m.getName() = "django.conf.urls").attr("url") = url and
+        ModuleObject::named("django.conf.urls").attr("url") = url and
         url.getArgumentForCall(call, 0) = regex and
         url.getArgumentForCall(call, 1).refersTo(view)
     )
diff --git a/python/ql/src/semmle/python/web/django/Response.qll b/python/ql/src/semmle/python/web/django/Response.qll
@@ -17,7 +17,7 @@ class DjangoResponse extends TaintKind {
 }
 
 private ClassObject theDjangoHttpResponseClass() {
-    result = any(ModuleObject m | m.getName() = "django.http.response").attr("HttpResponse") and
+    result = ModuleObject::named("django.http.response").attr("HttpResponse") and
     not result = theDjangoHttpRedirectClass()
 }
 
diff --git a/python/ql/src/semmle/python/web/django/Shared.qll b/python/ql/src/semmle/python/web/django/Shared.qll
@@ -1,9 +1,9 @@
 import python
 
 FunctionObject redirect() {
-    result = any(ModuleObject m | m.getName() = "django.shortcuts").attr("redirect")
+    result = ModuleObject::named("django.shortcuts").attr("redirect")
 }
 
 ClassObject theDjangoHttpRedirectClass() {
-    result = any(ModuleObject m | m.getName() = "django.http.response").attr("HttpResponseRedirectBase")
+    result = ModuleObject::named("django.http.response").attr("HttpResponseRedirectBase")
 }
diff --git a/python/ql/src/semmle/python/web/flask/General.qll b/python/ql/src/semmle/python/web/flask/General.qll
@@ -3,7 +3,7 @@ import semmle.python.web.Http
 
 /** The flask module */
 ModuleObject theFlaskModule() {
-    result = any(ModuleObject m | m.getName() = "flask")
+    result = ModuleObject::named("flask")
 }
 
 /** The flask app class */
@@ -13,7 +13,7 @@ ClassObject theFlaskClass() {
 
 /** The flask MethodView class */
 ClassObject theFlaskMethodViewClass() {
-    result = any(ModuleObject m | m.getName() = "flask.views").attr("MethodView")
+    result = ModuleObject::named("flask.views").attr("MethodView")
 }
 
 ClassObject theFlaskReponseClass() {
diff --git a/python/ql/src/semmle/python/web/pyramid/Request.qll b/python/ql/src/semmle/python/web/pyramid/Request.qll
@@ -12,7 +12,7 @@ class PyramidRequest extends BaseWebobRequest {
     }
 
     override ClassObject getClass() {
-        result = any(ModuleObject m | m.getName() = "pyramid.request").attr("Request")
+        result = ModuleObject::named("pyramid.request").attr("Request")
     }
 
 }
diff --git a/python/ql/src/semmle/python/web/tornado/Tornado.qll b/python/ql/src/semmle/python/web/tornado/Tornado.qll
@@ -3,7 +3,7 @@ import python
 import semmle.python.security.TaintTracking
 
 private ClassObject theTornadoRequestHandlerClass() {
-    result = any(ModuleObject m | m.getName() = "tornado.web").attr("RequestHandler")
+    result = ModuleObject::named("tornado.web").attr("RequestHandler")
 }
 
 ClassObject aTornadoRequestHandlerClass() {
diff --git a/python/ql/src/semmle/python/web/twisted/Twisted.qll b/python/ql/src/semmle/python/web/twisted/Twisted.qll
@@ -3,11 +3,11 @@ import python
 import semmle.python.security.TaintTracking
 
 private ClassObject theTwistedHttpRequestClass() {
-    result = any(ModuleObject m | m.getName() = "twisted.web.http").attr("Request")
+    result = ModuleObject::named("twisted.web.http").attr("Request")
 }
 
 private ClassObject theTwistedHttpResourceClass() {
-    result = any(ModuleObject m | m.getName() = "twisted.web.resource").attr("Resource")
+    result = ModuleObject::named("twisted.web.resource").attr("Resource")
 }
 
 ClassObject aTwistedRequestHandlerClass() {
diff --git a/python/ql/src/semmle/python/web/webob/Request.qll b/python/ql/src/semmle/python/web/webob/Request.qll
@@ -45,7 +45,7 @@ class WebobRequest extends BaseWebobRequest {
     }
 
     override ClassObject getClass() {
-        result = any(ModuleObject m | m.getName() = "webob.request").attr("Request")
+        result = ModuleObject::named("webob.request").attr("Request")
     }
 
 }

Original file line number	Diff line number	Diff line change
`@@ -15,10 +15,7 @@ import semmle.python.web.Http`
`15`	`15`
`16`	`16`
`17`	`17`	`FunctionObject requestFunction() {`
`18`		`- exists(ModuleObject req \|`
`19`		`- req.getName() = "requests" and`
`20`		`- result = req.attr(httpVerbLower())`
`21`		`- )`
	`18`	`+ result = ModuleObject::named("requests").attr(httpVerbLower())`
`22`	`19`	`}`
`23`	`20`
`24`	`21`	`/** requests treats None as the default and all other "falsey" values as False */`
Original file line number	Diff line number	Diff line change
`@@ -13,11 +13,11 @@`
`13`	`13`	`import python`
`14`	`14`
`15`	`15`	`FunctionObject ssl_wrap_socket() {`
`16`		`- result = any(ModuleObject ssl \| ssl.getName() = "ssl").attr("wrap_socket")`
	`16`	`+ result = ModuleObject::named("ssl").attr("wrap_socket")`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`ClassObject ssl_Context_class() {`
`20`		`- result = any(ModuleObject ssl \| ssl.getName() = "ssl").attr("SSLContext")`
	`20`	`+ result = ModuleObject::named("ssl").attr("SSLContext")`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`CallNode unsafe_call(string method_name) {`
Original file line number	Diff line number	Diff line change
`@@ -34,11 +34,11 @@ string insecure_version_name() {`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`private ModuleObject the_ssl_module() {`
`37`		`- result = any(ModuleObject m \| m.getName() = "ssl")`
	`37`	`+ result = ModuleObject::named("ssl")`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`private ModuleObject the_pyOpenSSL_module() {`
`41`		`- result = any(ModuleObject m \| m.getName() = "pyOpenSSL.SSL")`
	`41`	`+ result = ModuleObject::named("pyOpenSSL.SSL")`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`/* A syntactic check for cases where points-to analysis cannot infer the presence of`
`@@ -76,7 +76,7 @@ predicate unsafe_ssl_wrap_socket_call(CallNode call, string method_name, string`
`76`	`76`	`}`
`77`	`77`
`78`	`78`	`ClassObject the_pyOpenSSL_Context_class() {`
`79`		`- result = any(ModuleObject m \| m.getName() = "pyOpenSSL.SSL").attr("Context")`
	`79`	`+ result = ModuleObject::named("pyOpenSSL.SSL").attr("Context")`
`80`	`80`	`}`
`81`	`81`
`82`	`82`	`predicate unsafe_pyOpenSSL_Context_call(CallNode call, string insecure_version) {`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ FunctionObject temporary_name_function(string mod, string function) {`
`23`	`23`	`function = "tempnam"`
`24`	`24`	`)`
`25`	`25`	`) and`
`26`		`- result = any(ModuleObject m \| m.getName() = mod).getAttribute(function)`
	`26`	`+ result = ModuleObject::named(mod).getAttribute(function)`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`from Call c, string mod, string function`
Original file line number	Diff line number	Diff line change
`@@ -35,12 +35,12 @@ string permissive_permission(int p) {`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`predicate chmod_call(CallNode call, FunctionObject chmod, NumericObject num) {`
`38`		`- any(ModuleObject os \| os.getName() = "os").attr("chmod") = chmod and`
	`38`	`+ ModuleObject::named("os").attr("chmod") = chmod and`
`39`	`39`	`chmod.getACall() = call and call.getArg(1).refersTo(num)`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`predicate open_call(CallNode call, FunctionObject open, NumericObject num) {`
`43`		`- any(ModuleObject os \| os.getName() = "os").attr("open") = open and`
	`43`	`+ ModuleObject::named("os").attr("open") = open and`
`44`	`44`	`open.getACall() = call and call.getArg(2).refersTo(num)`
`45`	`45`	`}`
`46`	`46`
Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ predicate possible_reflective_name(string name) {`
`40`	`40`	`or`
`41`	`41`	`any(ClassObject c).getName() = name`
`42`	`42`	`or`
`43`		`- any(ModuleObject m).getName() = name`
	`43`	`+ exists(ModuleObject::named(name))`
`44`	`44`	`or`
`45`	`45`	`exists(Object::builtin(name))`
`46`	`46`	`}`
Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ class ShellCommand extends TaintSink {`
`83`	`83`	`or`
`84`	`84`	`exists(CallNode call \|`
`85`	`85`	`call.getAnArg() = this and`
`86`		`- call.getFunction().refersTo(any(ModuleObject commands \| commands.getName() = "commands"))`
	`86`	`+ call.getFunction().refersTo(ModuleObject::named("commands"))`
`87`	`87`	`)`
`88`	`88`	`}`
`89`	`89`
Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ private predicate json_subscript_taint(SubscriptNode sub, ControlFlowNode obj, E`
`91`	`91`
`92`	`92`	`private predicate json_load(ControlFlowNode fromnode, CallNode tonode) {`
`93`	`93`	`exists(FunctionObject json_loads \|`
`94`		`- any(ModuleObject json \| json.getName() = "json").attr("loads") = json_loads and`
	`94`	`+ ModuleObject::named("json").attr("loads") = json_loads and`
`95`	`95`	`json_loads.getACall() = tonode and tonode.getArg(0) = fromnode`
`96`	`96`	`)`
`97`	`97`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ ModuleObject theBottleModule() {`
`9`	`9`
`10`	`10`	`/** The bottle.Bottle class */`
`11`	`11`	`ClassObject theBottleClass() {`
`12`		`- result = ModuleObject::named("bottle").attr("Bottle")`
	`12`	`+ result = theBottleModule().attr("Bottle")`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	/** Holds if `route` is routed to `func`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ class DjangoDbCursor extends DbCursor {`
`12`	`12`	`}`
`13`	`13`
`14`	`14`	`private Object theDjangoConnectionObject() {`
`15`		`- any(ModuleObject m \| m.getName() = "django.db").attr("connection") = result`
	`15`	`+ ModuleObject::named("django.db").attr("connection") = result`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`/** A kind of taint source representing sources of django cursor objects.`
`@@ -38,7 +38,7 @@ class DjangoDbCursorSource extends DbConnectionSource {`
`38`	`38`
`39`	`39`
`40`	`40`	`ClassObject theDjangoRawSqlClass() {`
`41`		`- result = any(ModuleObject m \| m.getName() = "django.db.models.expressions").attr("RawSQL")`
	`41`	`+ result = ModuleObject::named("django.db.models.expressions").attr("RawSQL")`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`/**`