Merge pull request #12959 from MathiasVP/identity-consistency-check

DataFlow: Add an "identity-step" consistency check
2025-12-21 11:16:30 +01:00 · 2023-05-05 10:03:20 +01:00
parent 929d9dbdfa 2a4b17608f
commit 09ba9a74ce
62 changed files with 6585 additions and 0 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll
@@ -58,6 +58,9 @@ module Consistency {
    predicate uniqueParameterNodePositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) {
      none()
    }
+
+    /** Holds if `n` should be excluded from the consistency test `identityLocalStep`. */
+    predicate identityLocalStepExclude(Node n) { none() }
  }

  private class RelevantNode extends Node {
@@ -287,4 +290,10 @@ module Consistency {
    not exists(unique(ContentApprox approx | approx = getContentApprox(c))) and
    msg = "Non-unique content approximation."
  }
+
+  query predicate identityLocalStep(Node n, string msg) {
+    simpleLocalFlowStep(n, n) and
+    not any(ConsistencyConfiguration c).identityLocalStepExclude(n) and
+    msg = "Node steps to itself"
+  }
 }
--- a/python/ql/test/experimental/dataflow/TestUtil/DataFlowConsistency.qll
+++ b/python/ql/test/experimental/dataflow/TestUtil/DataFlowConsistency.qll
@@ -39,4 +39,8 @@ private class MyConsistencyConfiguration extends ConsistencyConfiguration {
  override predicate uniqueCallEnclosingCallableExclude(DataFlowCall call) {
    not exists(call.getLocation().getFile().getRelativePath())
  }
+
+  override predicate identityLocalStepExclude(Node n) {
+    not exists(n.getLocation().getFile().getRelativePath())
+  }
 }
--- a/python/ql/test/experimental/dataflow/basic/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/basic/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/callgraph_crosstalk/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/callgraph_crosstalk/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/calls/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/calls/dataflow-consistency.expected
@@ -27,3 +27,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/coverage/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/coverage/dataflow-consistency.expected
@@ -25,3 +25,17 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
+| datamodel.py:84:15:84:15 | ControlFlowNode for x | Node steps to itself |
+| datamodel.py:166:11:166:11 | ControlFlowNode for x | Node steps to itself |
+| test.py:103:10:103:15 | ControlFlowNode for SOURCE | Node steps to itself |
+| test.py:130:10:130:15 | ControlFlowNode for SOURCE | Node steps to itself |
+| test.py:162:13:162:18 | ControlFlowNode for SOURCE | Node steps to itself |
+| test.py:167:13:167:18 | ControlFlowNode for SOURCE | Node steps to itself |
+| test.py:216:10:216:15 | ControlFlowNode for SOURCE | Node steps to itself |
+| test.py:242:9:242:12 | ControlFlowNode for SINK | Node steps to itself |
+| test.py:669:9:669:12 | ControlFlowNode for SINK | Node steps to itself |
+| test.py:670:9:670:14 | ControlFlowNode for SINK_F | Node steps to itself |
+| test.py:678:9:678:12 | ControlFlowNode for SINK | Node steps to itself |
+| test.py:686:9:686:12 | ControlFlowNode for SINK | Node steps to itself |
+| test.py:692:5:692:8 | ControlFlowNode for SINK | Node steps to itself |
--- a/python/ql/test/experimental/dataflow/exceptions/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/exceptions/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/fieldflow/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/fieldflow/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/global-flow/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/global-flow/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/match/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/match/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/pep_328/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/pep_328/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/regression/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/regression/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/strange-essaflow/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/strange-essaflow/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/tainttracking/basic/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/basic/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/dataflow-consistency.expected
@@ -23,3 +23,6 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
+| test_collections.py:20:9:20:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_unpacking.py:31:9:31:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected
@@ -23,3 +23,15 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
+| test_async.py:48:9:48:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:56:10:56:21 | ControlFlowNode for tainted_list | Node steps to itself |
+| test_collections.py:63:9:63:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:65:9:65:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:79:9:79:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:81:9:81:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:114:9:114:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:116:9:116:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:213:9:213:15 | ControlFlowNode for my_dict | Node steps to itself |
+| test_collections.py:213:22:213:33 | ControlFlowNode for tainted_dict | Node steps to itself |
+| test_for.py:24:9:24:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
--- a/python/ql/test/experimental/dataflow/tainttracking/generator-flow/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/generator-flow/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/typetracking/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/typetracking/dataflow-consistency.expected
@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected
@@ -28,3 +28,7 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
+| collections.py:36:10:36:15 | ControlFlowNode for SOURCE | Node steps to itself |
+| collections.py:45:19:45:21 | ControlFlowNode for mod | Node steps to itself |
+| collections.py:52:13:52:21 | ControlFlowNode for mod_local | Node steps to itself |
--- a/python/ql/test/experimental/library-tests/CallGraph/dataflow-consistency.expected
+++ b/python/ql/test/experimental/library-tests/CallGraph/dataflow-consistency.expected
@@ -54,3 +54,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
--- a/python/ql/test/library-tests/ApiGraphs/py3/dataflow-consistency.expected
+++ b/python/ql/test/library-tests/ApiGraphs/py3/dataflow-consistency.expected
@@ -26,3 +26,6 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
+| test_captured.py:7:22:7:22 | ControlFlowNode for p | Node steps to itself |
+| test_captured.py:14:26:14:27 | ControlFlowNode for pp | Node steps to itself |
--- a/python/ql/test/library-tests/frameworks/django-orm/dataflow-consistency.expected
+++ b/python/ql/test/library-tests/frameworks/django-orm/dataflow-consistency.expected
@@ -106,3 +106,22 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
+| testapp/orm_tests.py:217:24:217:29 | ControlFlowNode for SOURCE | Node steps to itself |
+| testapp/orm_tests.py:244:24:244:29 | ControlFlowNode for SOURCE | Node steps to itself |
+| testapp/orm_tests.py:283:20:283:25 | ControlFlowNode for SOURCE | Node steps to itself |
+| testapp/orm_tests.py:299:15:299:22 | ControlFlowNode for TestLoad | Node steps to itself |
+| testapp/orm_tests.py:300:20:300:25 | ControlFlowNode for SOURCE | Node steps to itself |
+| testapp/orm_tests.py:310:9:310:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:316:9:316:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:326:9:326:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:333:9:333:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:339:9:339:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:346:9:346:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:352:9:352:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:358:9:358:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:365:9:365:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/tests.py:12:13:12:14 | ControlFlowNode for re | Node steps to itself |
+| testapp/tests.py:16:9:16:18 | ControlFlowNode for test_names | Node steps to itself |
+| testapp/tests.py:25:13:25:14 | ControlFlowNode for re | Node steps to itself |
+| testapp/tests.py:31:9:31:18 | ControlFlowNode for test_names | Node steps to itself |