diff --git a/python/ql/src/Imports/FromImportOfMutableAttribute.ql b/python/ql/src/Imports/FromImportOfMutableAttribute.ql index 63198bece30..df9a853b4ae 100644 --- a/python/ql/src/Imports/FromImportOfMutableAttribute.ql +++ b/python/ql/src/Imports/FromImportOfMutableAttribute.ql @@ -12,24 +12,26 @@ */ import python -private import LegacyPointsTo +import semmle.python.dataflow.new.DataFlow +private import semmle.python.dataflow.new.internal.ImportResolution import semmle.python.filters.Tests -from ImportMember im, ModuleValue m, AttrNode store_attr, string name +from ImportMember im, Module m, DataFlow::AttrWrite store_attr, string name where - m.importedAs(im.getModule().(ImportExpr).getImportedModuleName()) and + ImportResolution::getImmediateModuleReference(m).asExpr() = im.getModule() and im.getName() = name and /* Modification must be in a function, so it can occur during lifetime of the import value */ - store_attr.getScope() instanceof Function and + store_attr.getObject().getScope() instanceof Function and /* variable resulting from import must have a long lifetime */ not im.getScope() instanceof Function and - store_attr.isStore() and - store_attr.getObject(name).(ControlFlowNodeWithPointsTo).pointsTo(m) and + store_attr.getAttributeName() = name and + ImportResolution::getModuleReference(m) = store_attr.getObject() and /* Import not in same module as modification. */ - not im.getEnclosingModule() = store_attr.getScope().getEnclosingModule() and + not im.getEnclosingModule() = store_attr.getObject().getScope().getEnclosingModule() and /* Modification is not in a test */ - not store_attr.getScope().getScope*() instanceof TestScope + not store_attr.getObject().getScope().getScope*() instanceof TestScope select im, "Importing the value of '" + name + "' from $@ means that any change made to $@ will be not be observed locally.", m, - "module " + m.getName(), store_attr, m.getName() + "." + store_attr.getName() + "module " + ImportResolution::moduleName(m), store_attr, + ImportResolution::moduleName(m) + "." + store_attr.getAttributeName()