diff --git a/python/ql/src/semmle/python/Concepts.qll b/python/ql/src/semmle/python/Concepts.qll index 0e5814d203b0..d8e65cb2e09e 100644 --- a/python/ql/src/semmle/python/Concepts.qll +++ b/python/ql/src/semmle/python/Concepts.qll @@ -563,7 +563,9 @@ module Cryptography { /** Provides classes for modeling new key-pair generation APIs. */ module KeyGeneration { /** Gets a back-reference to the keysize argument `arg` that was used to generate a new key-pair. */ - DataFlow::LocalSourceNode keysizeBacktracker(DataFlow::TypeBackTracker t, DataFlow::Node arg) { + private DataFlow::LocalSourceNode keysizeBacktracker( + DataFlow::TypeBackTracker t, DataFlow::Node arg + ) { t.start() and arg = any(KeyGeneration::Range r).getKeySizeArg() and result = arg.getALocalSource() diff --git a/python/ql/src/semmle/python/dataflow/new/TypeTracker.qll b/python/ql/src/semmle/python/dataflow/new/TypeTracker.qll index b6c4bdb06ea5..d4ce5f606ace 100644 --- a/python/ql/src/semmle/python/dataflow/new/TypeTracker.qll +++ b/python/ql/src/semmle/python/dataflow/new/TypeTracker.qll @@ -180,7 +180,7 @@ private newtype TTypeTracker = MkTypeTracker(Boolean hasCall, OptionalAttributeN * It is recommended that all uses of this type are written in the following form, * for tracking some type `myType`: * ``` - * DataFlow::LocalSourceNode myType(DataFlow::TypeTracker t) { + * private DataFlow::LocalSourceNode myType(DataFlow::TypeTracker t) { * t.start() and * result = < source of myType > * or @@ -341,7 +341,7 @@ private newtype TTypeBackTracker = MkTypeBackTracker(Boolean hasReturn, Optional * for back-tracking some callback type `myCallback`: * * ``` - * DataFlow::LocalSourceNode myCallback(DataFlow::TypeBackTracker t) { + * private DataFlow::LocalSourceNode myCallback(DataFlow::TypeBackTracker t) { * t.start() and * result = (< some API call >).getArgument(< n >).getALocalSource() * or diff --git a/python/ql/src/semmle/python/frameworks/Cryptography.qll b/python/ql/src/semmle/python/frameworks/Cryptography.qll index ec929e78836a..3396d7dfa556 100644 --- a/python/ql/src/semmle/python/frameworks/Cryptography.qll +++ b/python/ql/src/semmle/python/frameworks/Cryptography.qll @@ -76,11 +76,11 @@ private module CryptographyModel { } /** Gets a reference to a predefined curve class instance with a specific key size (in bits), as well as the origin of the class. */ - private DataFlow::Node curveClassInstanceWithKeySize( + private DataFlow::LocalSourceNode curveClassInstanceWithKeySize( DataFlow::TypeTracker t, int keySize, DataFlow::Node origin ) { t.start() and - result.asCfgNode().(CallNode).getFunction() = curveClassWithKeySize(keySize).asCfgNode() and + result.(DataFlow::CallCfgNode).getFunction() = curveClassWithKeySize(keySize) and origin = result or // Due to bad performance when using normal setup with we have inlined that code and forced a join @@ -102,7 +102,7 @@ private module CryptographyModel { /** Gets a reference to a predefined curve class instance with a specific key size (in bits), as well as the origin of the class. */ DataFlow::Node curveClassInstanceWithKeySize(int keySize, DataFlow::Node origin) { - result = curveClassInstanceWithKeySize(DataFlow::TypeTracker::end(), keySize, origin) + curveClassInstanceWithKeySize(DataFlow::TypeTracker::end(), keySize, origin).flowsTo(result) } } diff --git a/python/ql/test/experimental/dataflow/typetracking/moduleattr.ql b/python/ql/test/experimental/dataflow/typetracking/moduleattr.ql index b546dc7491d0..0a0d5df105fd 100644 --- a/python/ql/test/experimental/dataflow/typetracking/moduleattr.ql +++ b/python/ql/test/experimental/dataflow/typetracking/moduleattr.ql @@ -2,7 +2,7 @@ import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TypeTracker -DataFlow::LocalSourceNode module_tracker(TypeTracker t) { +private DataFlow::LocalSourceNode module_tracker(TypeTracker t) { t.start() and result = DataFlow::importNode("module") or @@ -13,7 +13,7 @@ query DataFlow::Node module_tracker() { module_tracker(DataFlow::TypeTracker::end()).flowsTo(result) } -DataFlow::LocalSourceNode module_attr_tracker(TypeTracker t) { +private DataFlow::LocalSourceNode module_attr_tracker(TypeTracker t) { t.startInAttr("attr") and result = module_tracker() or diff --git a/python/ql/test/experimental/dataflow/typetracking/tracked.ql b/python/ql/test/experimental/dataflow/typetracking/tracked.ql index 91ffe7e47c12..3d46c05e4563 100644 --- a/python/ql/test/experimental/dataflow/typetracking/tracked.ql +++ b/python/ql/test/experimental/dataflow/typetracking/tracked.ql @@ -6,7 +6,7 @@ import TestUtilities.InlineExpectationsTest // ----------------------------------------------------------------------------- // tracked // ----------------------------------------------------------------------------- -DataFlow::LocalSourceNode tracked(TypeTracker t) { +private DataFlow::LocalSourceNode tracked(TypeTracker t) { t.start() and result.asCfgNode() = any(NameNode n | n.getId() = "tracked") or @@ -34,14 +34,14 @@ class TrackedTest extends InlineExpectationsTest { // ----------------------------------------------------------------------------- // int + str // ----------------------------------------------------------------------------- -DataFlow::LocalSourceNode int_type(TypeTracker t) { +private DataFlow::LocalSourceNode int_type(TypeTracker t) { t.start() and result.asCfgNode() = any(CallNode c | c.getFunction().(NameNode).getId() = "int") or exists(TypeTracker t2 | result = int_type(t2).track(t2, t)) } -DataFlow::LocalSourceNode string_type(TypeTracker t) { +private DataFlow::LocalSourceNode string_type(TypeTracker t) { t.start() and result.asCfgNode() = any(CallNode c | c.getFunction().(NameNode).getId() = "str") or @@ -83,7 +83,7 @@ class TrackedStringTest extends InlineExpectationsTest { // ----------------------------------------------------------------------------- // tracked_self // ----------------------------------------------------------------------------- -DataFlow::LocalSourceNode tracked_self(TypeTracker t) { +private DataFlow::LocalSourceNode tracked_self(TypeTracker t) { t.start() and exists(Function f | f.isMethod() and