Python: fix nonlocal captured variables

This depends on the extractor fix
2026-04-26 01:05:15 +02:00 · 2023-12-12 21:51:53 +01:00
parent 38e03216f6
commit 479d81fb75
2 changed files with 10 additions and 4 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
@@ -299,6 +299,12 @@ module LocalFlow {
      nodeTo.(CfgNode).getNode() = def.getDefiningNode()
    )
    or
+    // General definition
+    // TODO: remove other cases that are now redundant
+    nodeFrom.(CfgNode).getNode() = nodeTo.(CfgNode).getNode().(DefinitionNode).getValue() and
+    // remove jump steps (such as assignment of parameter default values)
+    nodeFrom.getEnclosingCallable() = nodeTo.getEnclosingCallable()
+    or
    // With definition
    //   `with f(42) as x:`
    //   nodeFrom is `f(42)`
--- a/python/ql/test/experimental/dataflow/variable-capture/nonlocal.py
+++ b/python/ql/test/experimental/dataflow/variable-capture/nonlocal.py
@@ -38,7 +38,7 @@ def out():
        nonlocal sinkO1
        sinkO1 = SOURCE
    captureOut1()
-    SINK(sinkO1) #$ MISSING:captured
+    SINK(sinkO1) #$ captured

    sinkO2 = ""
    def captureOut2():
@@ -47,7 +47,7 @@ def out():
            sinkO2 = SOURCE
        m()
    captureOut2()
-    SINK(sinkO2) #$ MISSING:captured
+    SINK(sinkO2) #$ captured

    nonSink1 = ""
    def captureOut1NotCalled():
@@ -74,7 +74,7 @@ def through(tainted):
        nonlocal sinkO1
        sinkO1 = tainted
    captureOut1()
-    SINK(sinkO1) #$ MISSING:captured
+    SINK(sinkO1) #$ captured

    sinkO2 = ""
    def captureOut2():
@@ -83,7 +83,7 @@ def through(tainted):
            sinkO2 = tainted
        m()
    captureOut2()
-    SINK(sinkO2) #$ MISSING:captured
+    SINK(sinkO2) #$ captured

    nonSink1 = ""
    def captureOut1NotCalled():