property writes are def nodes

2022-02-01 14:27:27 +01:00 · 2022-02-01 14:27:27 +01:00 · d8eea7ba4c
--- a/python/ql/lib/semmle/python/ApiGraphs.qll
+++ b/python/ql/lib/semmle/python/ApiGraphs.qll
@ -507,16 +507,13 @@ module API {
        lbl = Label::parameter(i) and
        argumentPassing(base, i, rhs)
      )
-      /*
-       * or // TODO:
-       *      exists(DataFlow::SourceNode src, DataFlow::PropWrite pw |
-       *        use(base, src) and pw = trackUseNode(src).getAPropertyWrite() and rhs = pw.getRhs()
-       *      |
-       *        lbl = Label::memberFromRef(pw)
-       *      )
-       */
-
-      }
+      or
+      exists(DataFlow::LocalSourceNode src, DataFlow::AttrWrite pw |
+        use(base, src) and pw = trackUseNode(src).getAnAttributeWrite() and rhs = pw.getValue()
+      |
+        lbl = Label::memberFromRef(pw)
+      )
+    }

    /**
     * Holds if `ref` is a use of a node that should have an incoming edge from `base` labeled
@ -536,7 +533,7 @@ module API {
      |
        // Referring to an attribute on a node that is a use of `base`:
        lbl = Label::memberFromRef(ref) and
-        ref = pred.getAnAttributeReference() // TODO: Change to read.
+        ref = pred.getAnAttributeRead()
        or
        // Calling a node that is a use of `base`
        lbl = Label::return() and
@ -778,7 +775,7 @@ module API {
        MkLabelParameter(int i) {
          exists(any(DataFlow::CallCfgNode c).getArg(i))
          or
-          i = [-1 .. 10] // TODO: Def nodes, figure out how to make this prettier.
+          exists(any(Function f).getArg(i))
        } or
        MkLabelReturn() or
        MkLabelSubclass() or
--- a/python/ql/test/library-tests/ApiGraphs/deftest2.py
+++ b/python/ql/test/library-tests/ApiGraphs/deftest2.py
@ -0,0 +1,19 @@
+# Subclasses
+
+from flask.views import View #$ use=moduleImport("flask").getMember("views").getMember("View")
+
+class MyView(View): #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass()
+    myvar = 45 #$ def=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("myvar")
+    def my_method(self): #$ def=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("my_method") use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("my_method").getParameter(0)
+        pass
+
+instance = MyView() #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getReturn()
+
+def internal():
+    from pflask.views import View #$ use=moduleImport("pflask").getMember("views").getMember("View")
+    class IntMyView(View): #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass()
+        my_internal_var = 35 #$ def=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_var")
+        def my_internal_method(self): #$ def=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_method") use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_method").getParameter(0)
+            pass
+
+    int_instance = IntMyView() #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getReturn()
--- a/python/ql/test/library-tests/ApiGraphs/test.py
+++ b/python/ql/test/library-tests/ApiGraphs/test.py
@ -75,27 +75,6 @@ def f():
    sink(foo) #$ use=moduleImport("danger").getMember("SOURCE")


-# Subclasses
-
-from flask.views import View #$ use=moduleImport("flask").getMember("views").getMember("View")
-
-class MyView(View): #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass()
-    myvar = 45 #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("myvar")
-    def my_method(self): #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("my_method")
-        pass
-
-instance = MyView() #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getReturn()
-
-def internal():
-    from pflask.views import View #$ use=moduleImport("pflask").getMember("views").getMember("View")
-    class IntMyView(View): #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass()
-        my_internal_var = 35 #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_var")
-        def my_internal_method(self): #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_method")
-            pass
-
-    int_instance = IntMyView() #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getReturn()
-
-
 # Built-ins

 def use_of_builtins():