Merge pull request #15711 from RasmusWL/tt-content

Python: Add type tracking for content
2025-12-16 16:53:25 +01:00 · 2024-04-09 10:37:43 +02:00
parent 44fba68015 a22b9947c0
commit 1048cf7c5e
13 changed files with 360 additions and 84 deletions
--- a/python/ql/consistency-queries/TypeTrackingConsistency.ql
+++ b/python/ql/consistency-queries/TypeTrackingConsistency.ql
@@ -27,15 +27,18 @@ private module ConsistencyChecksInput implements ConsistencyChecksInputSig {
      TypeTrackingInput::simpleLocalSmallStep*(m, n)
    )
    or
-    // TODO: when adding support for proper content, handle iterable unpacking better
-    // such as `for k,v in items:`, or `a, (b,c) = ...`
-    n instanceof DataFlow::IterableSequenceNode
-    or
    // We have missing use-use flow in
    // https://github.com/python/cpython/blob/0fb18b02c8ad56299d6a2910be0bab8ad601ef24/Lib/socketserver.py#L276-L303
    // which I couldn't just fix. We ignore the problems here, and instead rely on the
    // test-case added in https://github.com/github/codeql/pull/15841
    n.getLocation().getFile().getAbsolutePath().matches("%/socketserver.py")
+    or
+    // for iterable unpacking like `a,b = some_list`, we currently don't want to allow
+    // type-tracking... however, in the future when we allow tracking list indexes
+    // precisely (that is, move away from ListElementContent), we should ensure we have
+    // proper flow to the synthetic `IterableElementNode`.
+    exists(DataFlow::ListElementContent c) and
+    n instanceof DataFlow::IterableElementNode
  }
 }