From 5dbbd17bb27d56cd95baa20be60daa9f24fd5b72 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Wed, 13 Apr 2022 12:27:06 +0200 Subject: [PATCH 1/4] Python: Add test to ensure we keep DataFlow imports clean Currently we're not in a good state :( --- .../experimental/dataflow/qll-private-imports/README.md | 3 +++ .../dataflow/qll-private-imports/Test.expected | 1 + .../experimental/dataflow/qll-private-imports/Test.ql | 8 ++++++++ .../experimental/dataflow/qll-private-imports/test.py | 1 + 4 files changed, 13 insertions(+) create mode 100644 python/ql/test/experimental/dataflow/qll-private-imports/README.md create mode 100644 python/ql/test/experimental/dataflow/qll-private-imports/Test.expected create mode 100644 python/ql/test/experimental/dataflow/qll-private-imports/Test.ql create mode 100644 python/ql/test/experimental/dataflow/qll-private-imports/test.py diff --git a/python/ql/test/experimental/dataflow/qll-private-imports/README.md b/python/ql/test/experimental/dataflow/qll-private-imports/README.md new file mode 100644 index 00000000000..f11beca34d9 --- /dev/null +++ b/python/ql/test/experimental/dataflow/qll-private-imports/README.md @@ -0,0 +1,3 @@ +Sometimes we accidentally re-export too much from `DataFlow` such that for example we can access `Add` from `DataFlow::Add` :disappointed: + +This test should always FAIL to compile! diff --git a/python/ql/test/experimental/dataflow/qll-private-imports/Test.expected b/python/ql/test/experimental/dataflow/qll-private-imports/Test.expected new file mode 100644 index 00000000000..94b2fd22d12 --- /dev/null +++ b/python/ql/test/experimental/dataflow/qll-private-imports/Test.expected @@ -0,0 +1 @@ +| Add | diff --git a/python/ql/test/experimental/dataflow/qll-private-imports/Test.ql b/python/ql/test/experimental/dataflow/qll-private-imports/Test.ql new file mode 100644 index 00000000000..302504fcf96 --- /dev/null +++ b/python/ql/test/experimental/dataflow/qll-private-imports/Test.ql @@ -0,0 +1,8 @@ +import python +private import semmle.python.dataflow.new.DataFlow + +// Sometimes we accidentally re-export too much from `DataFlow` such that for example we can access `Add` from `DataFlow::Add` :( +// +// This test should always FAIL to compile! +from DataFlow::Add this_should_not_work +select this_should_not_work diff --git a/python/ql/test/experimental/dataflow/qll-private-imports/test.py b/python/ql/test/experimental/dataflow/qll-private-imports/test.py new file mode 100644 index 00000000000..c040fa67d34 --- /dev/null +++ b/python/ql/test/experimental/dataflow/qll-private-imports/test.py @@ -0,0 +1 @@ +1+1 From 084c8eb22e8507b3bea78f538de5b6890634e3aa Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Wed, 13 Apr 2022 12:36:09 +0200 Subject: [PATCH 2/4] Python: Don't re-export `python` under `DataFlow::` --- .../python/dataflow/new/internal/DataFlowImplSpecific.qll | 6 ++++++ .../semmle/python/dataflow/new/internal/DataFlowUtil.qll | 1 + .../semmle/python/dataflow/new/internal/LocalSources.qll | 2 +- .../experimental/dataflow/qll-private-imports/Test.expected | 2 +- 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplSpecific.qll index e88726b158b..cdbd1eecb2c 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplSpecific.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplSpecific.qll @@ -1,9 +1,15 @@ /** * Provides Python-specific definitions for use in the data flow library. */ + +// we need to export `Unit` for the DataFlowImpl* files +private import python as Python + module Private { import DataFlowPrivate + // import DataFlowDispatch + class Unit = Python::Unit; } module Public { diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowUtil.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowUtil.qll index 4dbf2a5d4cd..4d0d52e9a4b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowUtil.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowUtil.qll @@ -2,6 +2,7 @@ * Contains utility functions for writing data flow queries */ +private import python private import DataFlowPrivate import DataFlowPublic diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll b/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll index 5bf6f22e945..08d8dff2a02 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll @@ -6,7 +6,7 @@ * local tracking within a function. */ -import python +private import python import DataFlowPublic private import DataFlowPrivate private import semmle.python.internal.CachedStages diff --git a/python/ql/test/experimental/dataflow/qll-private-imports/Test.expected b/python/ql/test/experimental/dataflow/qll-private-imports/Test.expected index 94b2fd22d12..c0963a9ef61 100644 --- a/python/ql/test/experimental/dataflow/qll-private-imports/Test.expected +++ b/python/ql/test/experimental/dataflow/qll-private-imports/Test.expected @@ -1 +1 @@ -| Add | +ERROR: Could not resolve type DataFlow::Add (Test.ql:7,6-19) From d70f2470019b8d906141a62d56fd02028390ce99 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Wed, 13 Apr 2022 12:36:29 +0200 Subject: [PATCH 3/4] Python: More `private import python` --- python/ql/lib/semmle/python/SpecialMethods.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/lib/semmle/python/SpecialMethods.qll b/python/ql/lib/semmle/python/SpecialMethods.qll index afa9367c269..eb960005f4d 100644 --- a/python/ql/lib/semmle/python/SpecialMethods.qll +++ b/python/ql/lib/semmle/python/SpecialMethods.qll @@ -8,7 +8,7 @@ * Extend `SpecialMethod::Potential` to capture more cases. */ -import python +private import python /** A control flow node which might correspond to a special method call. */ class PotentialSpecialMethodCallNode extends ControlFlowNode { From 888a38c060ee74cfc06152f318d0410a10ecba87 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Wed, 20 Apr 2022 11:46:09 +0200 Subject: [PATCH 4/4] Python: Add change-note --- .../change-notes/2022-04-20-export-python-under-DataFlow.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 python/ql/lib/change-notes/2022-04-20-export-python-under-DataFlow.md diff --git a/python/ql/lib/change-notes/2022-04-20-export-python-under-DataFlow.md b/python/ql/lib/change-notes/2022-04-20-export-python-under-DataFlow.md new file mode 100644 index 00000000000..2729b834ccf --- /dev/null +++ b/python/ql/lib/change-notes/2022-04-20-export-python-under-DataFlow.md @@ -0,0 +1,4 @@ +--- + category: breaking +--- + * The imports made available from `import python` are no longer exposed under `DataFlow::` after doing `import semmle.python.dataflow.new.DataFlow`, for example using `DataFlow::Add` will now cause a compile error.