From 50b3b7ee1ff76754ecde6c113bb0998f1d7d8cd4 Mon Sep 17 00:00:00 2001
From: Taus <tausbn@github.com>
Date: Thu, 19 Mar 2026 15:34:54 +0000
Subject: [PATCH] Python: Add `DuckTyping::hasUnreliableMro`

Primarily used to filter out false positives in cases where our MRO
approximation may be wrong.
---
 .../dataflow/new/internal/DataFlowDispatch.qll      | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll
index 529e90798ba..21fa6872864 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll
@@ -2118,6 +2118,19 @@ module DuckTyping {
    */
   Function getInit(Class cls) { result = invokedFunctionFromClassConstruction(cls, "__init__") }
 
+  /**
+   * Holds if `cls` or any of its superclasses uses multiple inheritance, or
+   * has an unresolved base class. In these cases, our MRO approximation may
+   * resolve to the wrong `__init__`, so we should not flag argument mismatches.
+   */
+  predicate hasUnreliableMro(Class cls) {
+    exists(Class sup | sup = getADirectSuperclass*(cls) |
+      exists(sup.getBase(1))
+      or
+      hasUnresolvedBase(sup)
+    )
+  }
+
   /**
    * Holds if `f` overrides a method in a superclass with the same name.
    */