Python: Fix global flow

A slightly odd fix, but still morally okay, I think. The main issue here was that global variables have their first occurrence in an inner scope inside a so-called "scope entry definition", that then subsequently flows to the first use of this variable. This meant that that first use was _not_ a `LocalSourceNode` (since _something_ flowed into it), and this blocked `trackUseNode` from type-tracking to it (as it expects all nodes to be `LocalSourceNode`s). The answer, then, is to say that a `LocalSourceNode` is simply one that doesn't have flow to it from _any `CfgNode`_ (through one or more steps). This disregards the flow from the scope entry definition, as that is flow from an `EssaNode`. Additionally, it makes sense to exclude `ModuleVariableNode`s. These should never be considered local sources, since they always have flow from (at least) the place where the corresponding global variable is introduced.
2025-12-20 02:44:30 +01:00 · 2021-02-03 16:41:22 +01:00
parent e4c3544a3f
commit 3fafb47b16
1 changed files with 4 additions and 1 deletions
--- a/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
+++ b/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
@@ -443,7 +443,10 @@ class BarrierGuard extends GuardNode {
 * - Function parameters
 */
 class LocalSourceNode extends Node {
-  LocalSourceNode() { not simpleLocalFlowStep(_, this) }
+  LocalSourceNode() {
+    not simpleLocalFlowStep+(any(CfgNode n), this) and
+    not this instanceof ModuleVariableNode
+  }

  /** Holds if this `LocalSourceNode` can flow to `nodeTo` in one or more local flow steps. */
  cached