hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Explain the funky logic in Find.ql

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2023-10-20 10:55:23 +02:00
parent 1f8f6dd0ec
commit 03aa2e27df
3 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
python/ql/src/meta/ClassHierarchy/Find.ql
View File

@@ -478,6 +478,19 @@ predicate fullyQualifiedToYamlFormat(string fullyQualified, string type2, string
from FindSubclassesSpec spec, string newModelFullyQualified, string type2, string path, Module mod
where
newModel(spec, newModelFullyQualified, _, mod, _) and
// Since a class C which is a subclass for flask.MethodView is always a subclass of
// flask.View, and we chose to care about this distinction, in a naive approach we
// would always record rows for _both_ specs... that's just wasteful, so instead we
// only record the row for the more specific spec -- this is captured by the
// .getSuperClass() method on a spec, which can links specs together in this way.
// However, if the definition actually depends on some logic, like below, we should
// still record both rows
// ```
// if <cond>:
// class C(flask.View): ...
// else:
// class C(flask.MethodView): ...
// ```
not exists(FindSubclassesSpec subclass | subclass.getSuperClass() = spec |
newModel(subclass, newModelFullyQualified, _, mod, _)
) and