From 48bf4fd82aea7075c4e7576fe301938099ebdd90 Mon Sep 17 00:00:00 2001
From: Taus <tausbn@github.com>
Date: Wed, 11 Mar 2026 16:01:47 +0000
Subject: [PATCH] Python: Add test for missing relative import in namespace
 packages

---
 .../pkg/caller.py                             |  5 +++
 .../pkg/helper.py                             |  2 ++
 .../test.expected                             |  1 +
 .../test.ql                                   | 35 +++++++++++++++++++
 4 files changed, 43 insertions(+)
 create mode 100644 python/ql/test/experimental/import-resolution-namespace-relative/pkg/caller.py
 create mode 100644 python/ql/test/experimental/import-resolution-namespace-relative/pkg/helper.py
 create mode 100644 python/ql/test/experimental/import-resolution-namespace-relative/test.expected
 create mode 100644 python/ql/test/experimental/import-resolution-namespace-relative/test.ql

diff --git a/python/ql/test/experimental/import-resolution-namespace-relative/pkg/caller.py b/python/ql/test/experimental/import-resolution-namespace-relative/pkg/caller.py
new file mode 100644
index 00000000000..f30065eec99
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution-namespace-relative/pkg/caller.py
@@ -0,0 +1,5 @@
+from . import helper
+
+def use_relative():
+    tainted = source()
+    helper.process(tainted)
diff --git a/python/ql/test/experimental/import-resolution-namespace-relative/pkg/helper.py b/python/ql/test/experimental/import-resolution-namespace-relative/pkg/helper.py
new file mode 100644
index 00000000000..43167b8cfa7
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution-namespace-relative/pkg/helper.py
@@ -0,0 +1,2 @@
+def process(value):
+    sink(value) #$ MISSING: prints=source
diff --git a/python/ql/test/experimental/import-resolution-namespace-relative/test.expected b/python/ql/test/experimental/import-resolution-namespace-relative/test.expected
new file mode 100644
index 00000000000..8b137891791
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution-namespace-relative/test.expected
@@ -0,0 +1 @@
+
diff --git a/python/ql/test/experimental/import-resolution-namespace-relative/test.ql b/python/ql/test/experimental/import-resolution-namespace-relative/test.ql
new file mode 100644
index 00000000000..f826c02e423
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution-namespace-relative/test.ql
@@ -0,0 +1,35 @@
+import python
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+import utils.test.InlineExpectationsTest
+
+private module TestConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) {
+    node.(DataFlow::CallCfgNode).getFunction().asCfgNode().(NameNode).getId() = "source"
+  }
+
+  predicate isSink(DataFlow::Node node) {
+    exists(DataFlow::CallCfgNode call |
+      call.getFunction().asCfgNode().(NameNode).getId() = "sink" and
+      node = call.getArg(0)
+    )
+  }
+}
+
+private module TestFlow = TaintTracking::Global<TestConfig>;
+
+module FlowTest implements TestSig {
+  string getARelevantTag() { result = "prints" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(DataFlow::Node sink |
+      TestFlow::flow(_, sink) and
+      tag = "prints" and
+      location = sink.getLocation() and
+      value = "source" and
+      element = sink.toString()
+    )
+  }
+}
+
+import MakeTest<FlowTest>