Merge pull request #4757 from yoff/python-dataflow-synthetic-callables

Python: Enclosing callable for synthetic arguments
2025-12-17 01:03:14 +01:00 · 2020-12-18 16:06:26 +01:00
parent a08eb99778 0629d3e6e7
commit 49f902d28b
3 changed files with 36 additions and 0 deletions
--- a/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
+++ b/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
@@ -287,6 +287,13 @@ class PosOverflowNode extends Node, TPosOverflowNode {

  override string toString() { result = "PosOverflowNode for " + call.getNode().toString() }

+  override DataFlowCallable getEnclosingCallable() {
+    exists(Node node |
+      node = TCfgNode(call) and
+      result = node.getEnclosingCallable()
+    )
+  }
+
  override Location getLocation() { result = call.getLocation() }
 }

@@ -301,6 +308,13 @@ class KwOverflowNode extends Node, TKwOverflowNode {

  override string toString() { result = "KwOverflowNode for " + call.getNode().toString() }

+  override DataFlowCallable getEnclosingCallable() {
+    exists(Node node |
+      node = TCfgNode(call) and
+      result = node.getEnclosingCallable()
+    )
+  }
+
  override Location getLocation() { result = call.getLocation() }
 }

@@ -316,6 +330,13 @@ class KwUnpacked extends Node, TKwUnpacked {

  override string toString() { result = "KwUnpacked " + name }

+  override DataFlowCallable getEnclosingCallable() {
+    exists(Node node |
+      node = TCfgNode(call) and
+      result = node.getEnclosingCallable()
+    )
+  }
+
  override Location getLocation() { result = call.getLocation() }
 }

--- a/python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected
@@ -1,4 +1,5 @@
 uniqueEnclosingCallable
+| test.py:239:27:239:27 | ControlFlowNode for p | Node should have one enclosing callable but has 0. |
 uniqueType
 uniqueNodeLocation
 missingLocation
--- a/python/ql/test/experimental/dataflow/consistency/test.py
+++ b/python/ql/test/experimental/dataflow/consistency/test.py
@@ -235,3 +235,17 @@ def non_const_eq_preserves_taint(x):
        SINK(tainted) # unsafe
    if tainted == x:
        SINK(tainted) # unsafe
+
+def overflowCallee(*args, p="", **kwargs):
+    print("args", args)
+    print("p", p)
+    print("kwargs", kwargs)
+
+def synth_arg_posOverflow():
+    overflowCallee(42)
+
+def synth_arg_kwOverflow():
+    overflowCallee(foo=42)
+
+def synth_arg_kwUnpacked():
+    overflowCallee(**{"p": "42"})