Merge pull request #17653 from yoff/python/typetracking-through-comprehensions

2026-05-02 20:25:13 +02:00 · 2024-10-08 19:39:21 +02:00
parent 3c1a19c5ab 6d486f9931
commit 1f1b1b7aab
4 changed files with 14 additions and 3 deletions
--- a/python/ql/lib/change-notes/2024-10-03-typetracking-through-comprehensions.md
+++ b/python/ql/lib/change-notes/2024-10-03-typetracking-through-comprehensions.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Type tracking, and hence the API graph, is now able to correctly trace trough comprehensions.
--- a/python/ql/lib/semmle/python/ApiGraphs.qll
+++ b/python/ql/lib/semmle/python/ApiGraphs.qll
@@ -843,6 +843,13 @@ module API {
        ref = pred.getSubscript(_) and
        ref.asCfgNode().isLoad()
        or
+        // Subscript via comprehension
+        lbl = Label::subscript() and
+        exists(PY::Comp comp |
+          pred.asExpr() = comp.getIterable() and
+          ref.asExpr() = comp.getNthInnerLoop(0).getTarget()
+        )
+        or
        // Subclassing a node
        lbl = Label::subclass() and
        exists(PY::ClassExpr clsExpr, DataFlow::Node superclass | pred.flowsTo(superclass) |
--- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
@@ -304,7 +304,7 @@ module TypeTrackingInput implements Shared::TypeTrackingInput {
      var.hasDefiningNode(def)
    |
      nodeTo.(DataFlowPublic::ScopeEntryDefinitionNode).getDefinition() = e and
-      nodeFrom.asCfgNode() = def.getValue() and
+      nodeFrom.asCfgNode() = def and
      var.getScope().getScope*() = nodeFrom.getScope()
    )
  }