hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Introduce DataFlowOnlyInternalUse to avoid re-evaluation

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-02-19 15:29:23 +01:00
parent d084261a79
commit 40c592ab85
4 changed files with 4197 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/src/semmle/python/Concepts.qll
View File

@@ -6,6 +6,7 @@
import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.DataFlowOnlyInternalUse
private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.dataflow.new.TaintTracking
private import semmle.python.Frameworks
@@ -565,7 +566,7 @@ module Cryptography {
/**
* A data-flow configuration for tracking integer literals.
*/
private class IntegerLiteralTrackerConfiguration extends DataFlow::Configuration {
private class IntegerLiteralTrackerConfiguration extends DataFlowOnlyInternalUse::Configuration {
IntegerLiteralTrackerConfiguration() { this = "IntegerLiteralTrackerConfiguration" }
override predicate isSource(DataFlow::Node source) {

40
python/ql/src/semmle/python/dataflow/new/DataFlowOnlyInternalUse.qll Normal file
View File

@@ -0,0 +1,40 @@
/**
* INTERNAL: Do not use.
*
* This copy exists to allow internal non-query usage of global data-flow analyses. If
* we used the same copy as was used in multiple queries (A, B, C), then all internal
* non-query configurations would have to be re-evaluated for _each_ query, which is
* expensive. By having a separate copy, we avoid this re-evaluation.
*
* Provides a library for local (intra-procedural) and global (inter-procedural)
* data flow analysis: deciding whether data can flow from a _source_ to a
* _sink_.
*
* Unless configured otherwise, _flow_ means that the exact value of
* the source may reach the sink. We do not track flow across pointer
* dereferences or array indexing. To track these types of flow, where the
* exact value may not be preserved, import
* `semmle.python.dataflow.new.TaintTracking`.
*
* To use global (interprocedural) data flow, extend the class
* `DataFlow::Configuration` as documented on that class. To use local
* (intraprocedural) data flow, call `DataFlow::localFlow` or
* `DataFlow::localFlowStep` with arguments of type `DataFlow::Node`.
*/
private import python
/**
* INTERNAL: Do not use.
*
* This copy exists to allow internal non-query usage of global data-flow analyses. If
* we used the same copy as was used in multiple queries (A, B, C), then all internal
* non-query configurations would have to be re-evaluated for _each_ query, which is
* expensive. By having a separate copy, we avoid this re-evaluation.
*
* Provides classes for performing local (intra-procedural) and
* global (inter-procedural) data flow analyses.
*/
module DataFlowOnlyInternalUse {
import semmle.python.dataflow.new.internal.DataFlowImplOnlyInternalUse
}

4153
python/ql/src/semmle/python/dataflow/new/internal/DataFlowImplOnlyInternalUse.qll Normal file
View File

File diff suppressed because it is too large Load Diff