hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

python: replace points-to with API graph

Browse Source 
- values are identified via `API::builtin`
- `points-to` is approximated by `getAValueReachableFromSource`
This commit is contained in:
Rasmus Lerchedahl Petersen
2022-09-01 22:47:32 +02:00
parent 2223bc3d1f
commit 163bfc4f71
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
python/ql/src/Exceptions/UnguardedNextInGenerator.ql
View File

@@ -11,17 +11,22 @@
*/
import python
private import semmle.python.ApiGraphs
FunctionValue iter() { result = Value::named("iter") }
API::Node iter() { result = API::builtin("iter") }
BuiltinFunctionValue next() { result = Value::named("next") }
API::Node next() { result = API::builtin("next") }
API::Node stopIteration() { result = API::builtin("StopIteration") }
predicate call_to_iter(CallNode call, EssaVariable sequence) {
sequence.getAUse() = iter().getArgumentForCall(call, 0)
call = iter().getACall().asCfgNode() and
call.getArg(0) = sequence.getAUse()
}
predicate call_to_next(CallNode call, ControlFlowNode iter) {
iter = next().getArgumentForCall(call, 0)
call = next().getACall().asCfgNode() and
call.getArg(0) = iter
}
predicate call_to_next_has_default(CallNode call) {
@@ -47,7 +52,7 @@ predicate iter_not_exhausted(EssaVariable iterator) {
predicate stop_iteration_handled(CallNode call) {
exists(Try t |
t.containsInScope(call.getNode()) and
t.getAHandler().getType().pointsTo(ClassValue::stopIteration())
t.getAHandler().getType() = stopIteration().getAValueReachableFromSource().asExpr()
)
}