Python: Improve PoorMansFunctionResolution

RasmusWL · RasmusWL · commit 9e097f543009 · 2021-11-15T13:40:19.000+01:00
diff --git a/python/ql/lib/semmle/python/frameworks/internal/PoorMansFunctionResolution.qll b/python/ql/lib/semmle/python/frameworks/internal/PoorMansFunctionResolution.qll
@@ -80,7 +80,28 @@ private DataFlow::TypeTrackingNode poorMansFunctionTracker(DataFlow::TypeTracker
  * inst = MyClass()
  * print(inst.my_method)
  * ```
+ *
+ * But is able to handle simple method calls within a class, but does not take MRO into
+ * account.
+ * ```py
+ * class MyClass:
+ *     def method1(self);
+ *         pass
+ *
+ *     def method2(self);
+ *         self.method1()
+ * ```
  */
 DataFlow::Node poorMansFunctionTracker(Function func) {
   poorMansFunctionTracker(DataFlow::TypeTracker::end(), func).flowsTo(result)
+  or
+  // simple method calls within a class
+  // TODO: Should take MRO into account
+  exists(Class cls, Function otherFunc, DataFlow::Node selfRef |
+    cls.getAMethod() = func and
+    cls.getAMethod() = otherFunc
+  |
+    selfRef.getALocalSource().(DataFlow::ParameterNode).getParameter() = otherFunc.getArg(0) and
+    result.(DataFlow::AttrRead).accesses(selfRef, func.getName())
+  )
 }
diff --git a/python/ql/test/library-tests/frameworks/internal-ql-helpers/test.py b/python/ql/test/library-tests/frameworks/internal-ql-helpers/test.py
@@ -23,10 +23,10 @@ def static():
 
     def method2(self):
         print("method2", self)
-        self.method1()
+        self.method1() # $ resolved=method1
         self.base_method()
-        self.cls_method()
-        self.static()
+        self.cls_method() # $ resolved=cls_method
+        self.static() # $ resolved=static
 
 
 
diff --git a/python/ql/test/library-tests/frameworks/stdlib/wsgiref_simple_server_test.py b/python/ql/test/library-tests/frameworks/stdlib/wsgiref_simple_server_test.py
@@ -31,9 +31,9 @@ def __init__(self):
         super().__init__(ADDRESS, wsgiref.simple_server.WSGIRequestHandler)
         self.set_app(self.my_method)
 
-    def my_method(self, _env, start_response): # $ MISSING: requestHandler
+    def my_method(self, _env, start_response): # $ requestHandler
         start_response("200 OK", [])
-        return [b"my_method"] # $ MISSING: HttpResponse responseBody=List
+        return [b"my_method"] # $ HttpResponse responseBody=List
 
 
 case = sys.argv[1]
