mirror of
https://github.com/github/codeql.git
synced 2026-05-02 04:05:14 +02:00
move API-graph tests out of the experimental test folder
This commit is contained in:
Erik Krogh Kristensen
@@ -1 +0,0 @@
|
||||
semmle-extractor-options: --lang=2 --max-import-depth=1
|
||||
@@ -1,3 +0,0 @@
|
||||
def python2_style():
|
||||
from __builtin__ import open #$ use=moduleImport("builtins").getMember("open")
|
||||
open("hello.txt") #$ use=moduleImport("builtins").getMember("open").getReturn()
|
||||
@@ -1,30 +0,0 @@
|
||||
import python
|
||||
import semmle.python.dataflow.new.DataFlow
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import semmle.python.ApiGraphs
|
||||
|
||||
class ApiUseTest extends InlineExpectationsTest {
|
||||
ApiUseTest() { this = "ApiUseTest" }
|
||||
|
||||
override string getARelevantTag() { result = "use" }
|
||||
|
||||
private predicate relevant_node(API::Node a, DataFlow::Node n, Location l) {
|
||||
n = a.getAUse() and l = n.getLocation()
|
||||
}
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
exists(API::Node a, DataFlow::Node n | relevant_node(a, n, location) |
|
||||
tag = "use" and
|
||||
// Only report the longest path on this line:
|
||||
value =
|
||||
max(API::Node a2, Location l2 |
|
||||
relevant_node(a2, _, l2) and
|
||||
l2.getFile() = location.getFile() and
|
||||
l2.getStartLine() = location.getStartLine()
|
||||
|
|
||||
a2.getPath()
|
||||
) and
|
||||
element = n.toString()
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -1,29 +0,0 @@
|
||||
import pkg # $ use=moduleImport("pkg")
|
||||
|
||||
async def foo():
|
||||
coro = pkg.async_func() # $ use=moduleImport("pkg").getMember("async_func").getReturn()
|
||||
coro # $ use=moduleImport("pkg").getMember("async_func").getReturn()
|
||||
result = await coro # $ use=moduleImport("pkg").getMember("async_func").getReturn().getAwaited() awaited=moduleImport("pkg").getMember("async_func").getReturn()
|
||||
result # $ use=moduleImport("pkg").getMember("async_func").getReturn().getAwaited() awaited=moduleImport("pkg").getMember("async_func").getReturn()
|
||||
return result # $ use=moduleImport("pkg").getMember("async_func").getReturn().getAwaited() awaited=moduleImport("pkg").getMember("async_func").getReturn()
|
||||
|
||||
async def bar():
|
||||
result = await pkg.async_func() # $ use=moduleImport("pkg").getMember("async_func").getReturn().getAwaited() awaited=moduleImport("pkg").getMember("async_func").getReturn()
|
||||
return result # $ use=moduleImport("pkg").getMember("async_func").getReturn().getAwaited() awaited=moduleImport("pkg").getMember("async_func").getReturn()
|
||||
|
||||
async def test_async_with():
|
||||
async with pkg.async_func() as result: # $ use=moduleImport("pkg").getMember("async_func").getReturn().getAwaited() awaited=moduleImport("pkg").getMember("async_func").getReturn()
|
||||
return result # $ use=moduleImport("pkg").getMember("async_func").getReturn().getAwaited() awaited=moduleImport("pkg").getMember("async_func").getReturn()
|
||||
|
||||
async def test_async_for():
|
||||
async for _ in pkg.async_func(): # $ use=moduleImport("pkg").getMember("async_func").getReturn() awaited=moduleImport("pkg").getMember("async_func").getReturn()
|
||||
pass
|
||||
|
||||
coro = pkg.async_func() # $ use=moduleImport("pkg").getMember("async_func").getReturn()
|
||||
async for _ in coro: # $ use=moduleImport("pkg").getMember("async_func").getReturn() MISSING: awaited=moduleImport("pkg").getMember("async_func").getReturn()
|
||||
pass
|
||||
|
||||
def check_annotations():
|
||||
# Just to make sure how annotations should look like :)
|
||||
result = pkg.sync_func() # $ use=moduleImport("pkg").getMember("sync_func").getReturn()
|
||||
return result # $ use=moduleImport("pkg").getMember("sync_func").getReturn()
|
||||
@@ -1,26 +0,0 @@
|
||||
import python
|
||||
import semmle.python.dataflow.new.DataFlow
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import semmle.python.ApiGraphs
|
||||
|
||||
class AwaitedTest extends InlineExpectationsTest {
|
||||
AwaitedTest() { this = "AwaitedTest" }
|
||||
|
||||
override string getARelevantTag() { result = "awaited" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
exists(API::Node awaited, DataFlow::Node use, API::Node pred |
|
||||
awaited = pred.getAwaited() and
|
||||
use = awaited.getAUse() and
|
||||
location = use.getLocation() and
|
||||
// Module variable nodes have no suitable location, so it's best to simply exclude them entirely
|
||||
// from the inline tests.
|
||||
not use instanceof DataFlow::ModuleVariableNode and
|
||||
exists(location.getFile().getRelativePath())
|
||||
|
|
||||
tag = "awaited" and
|
||||
value = pred.getPath() and
|
||||
element = use.toString()
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -1,18 +0,0 @@
|
||||
uniqueEnclosingCallable
|
||||
uniqueType
|
||||
uniqueNodeLocation
|
||||
missingLocation
|
||||
uniqueNodeToString
|
||||
missingToString
|
||||
parameterCallable
|
||||
localFlowIsLocal
|
||||
compatibleTypesReflexive
|
||||
unreachableNodeCCtx
|
||||
localCallNodes
|
||||
postIsNotPre
|
||||
postHasUniquePre
|
||||
uniquePostUpdate
|
||||
postIsInSameCallable
|
||||
reverseRead
|
||||
argHasPostUpdate
|
||||
postWithInFlow
|
||||
@@ -1 +0,0 @@
|
||||
import semmle.python.dataflow.new.internal.DataFlowImplConsistency::Consistency
|
||||
@@ -1 +0,0 @@
|
||||
foo = 42
|
||||
@@ -1 +0,0 @@
|
||||
pass
|
||||
@@ -1 +0,0 @@
|
||||
pass
|
||||
@@ -1 +0,0 @@
|
||||
semmle-extractor-options: --lang=3 --max-import-depth=1
|
||||
@@ -1,139 +0,0 @@
|
||||
import a1 #$ use=moduleImport("a1")
|
||||
|
||||
x = a1.blah1 #$ use=moduleImport("a1").getMember("blah1")
|
||||
|
||||
import a2 as m2 #$ use=moduleImport("a2")
|
||||
|
||||
x2 = m2.blah2 #$ use=moduleImport("a2").getMember("blah2")
|
||||
|
||||
import a3.b3 as m3 #$ use=moduleImport("a3").getMember("b3")
|
||||
|
||||
x3 = m3.blah3 #$ use=moduleImport("a3").getMember("b3").getMember("blah3")
|
||||
|
||||
from a4.b4 import c4 as m4 #$ use=moduleImport("a4").getMember("b4").getMember("c4")
|
||||
|
||||
x4 = m4.blah4 #$ use=moduleImport("a4").getMember("b4").getMember("c4").getMember("blah4")
|
||||
|
||||
import a.b.c.d #$ use=moduleImport("a")
|
||||
|
||||
ab = a.b #$ use=moduleImport("a").getMember("b")
|
||||
|
||||
abc = ab.c #$ use=moduleImport("a").getMember("b").getMember("c")
|
||||
|
||||
abcd = abc.d #$ use=moduleImport("a").getMember("b").getMember("c").getMember("d")
|
||||
|
||||
x5 = abcd.method() #$ use=moduleImport("a").getMember("b").getMember("c").getMember("d").getMember("method").getReturn()
|
||||
|
||||
from a6 import m6 #$ use=moduleImport("a6").getMember("m6")
|
||||
|
||||
x6 = m6().foo().bar() #$ use=moduleImport("a6").getMember("m6").getReturn().getMember("foo").getReturn().getMember("bar").getReturn()
|
||||
|
||||
import foo.baz.baz as fbb #$ use=moduleImport("foo").getMember("baz").getMember("baz")
|
||||
from foo.bar.baz import quux as fbbq #$ use=moduleImport("foo").getMember("bar").getMember("baz").getMember("quux")
|
||||
from ham.bar.eggs import spam as hbes #$ use=moduleImport("ham").getMember("bar").getMember("eggs").getMember("spam")
|
||||
fbb.quux #$ use=moduleImport("foo").getMember("baz").getMember("baz").getMember("quux")
|
||||
fbbq #$ use=moduleImport("foo").getMember("bar").getMember("baz").getMember("quux")
|
||||
hbes #$ use=moduleImport("ham").getMember("bar").getMember("eggs").getMember("spam")
|
||||
|
||||
import foo.bar.baz #$ use=moduleImport("foo")
|
||||
|
||||
# Relative imports. These are ignored
|
||||
|
||||
from .foo import bar
|
||||
|
||||
from ..foobar import baz
|
||||
|
||||
|
||||
# Use of imports across scopes
|
||||
|
||||
def use_m4():
|
||||
x = m4.blah4 #$ use=moduleImport("a4").getMember("b4").getMember("c4").getMember("blah4")
|
||||
|
||||
def local_import_use():
|
||||
from foo import bar #$ use=moduleImport("foo").getMember("bar")
|
||||
|
||||
x = bar() #$ use=moduleImport("foo").getMember("bar").getReturn()
|
||||
|
||||
from eggs import ham as spam #$ use=moduleImport("eggs").getMember("ham")
|
||||
|
||||
def bbb():
|
||||
f = spam #$ use=moduleImport("eggs").getMember("ham")
|
||||
|
||||
from danger import SOURCE #$ use=moduleImport("danger").getMember("SOURCE")
|
||||
|
||||
foo = SOURCE #$ use=moduleImport("danger").getMember("SOURCE")
|
||||
|
||||
def change_foo():
|
||||
global foo
|
||||
foo = SOURCE #$ use=moduleImport("danger").getMember("SOURCE")
|
||||
|
||||
def f():
|
||||
global foo
|
||||
sink(foo) #$ use=moduleImport("danger").getMember("SOURCE")
|
||||
foo = NONSOURCE
|
||||
change_foo()
|
||||
sink(foo) #$ use=moduleImport("danger").getMember("SOURCE")
|
||||
|
||||
|
||||
# Subclasses
|
||||
|
||||
from flask.views import View #$ use=moduleImport("flask").getMember("views").getMember("View")
|
||||
|
||||
class MyView(View): #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass()
|
||||
myvar = 45 #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("myvar")
|
||||
def my_method(self): #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("my_method")
|
||||
pass
|
||||
|
||||
instance = MyView() #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getReturn()
|
||||
|
||||
def internal():
|
||||
from pflask.views import View #$ use=moduleImport("pflask").getMember("views").getMember("View")
|
||||
class IntMyView(View): #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass()
|
||||
my_internal_var = 35 #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_var")
|
||||
def my_internal_method(self): #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_method")
|
||||
pass
|
||||
|
||||
int_instance = IntMyView() #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getReturn()
|
||||
|
||||
|
||||
# Built-ins
|
||||
|
||||
def use_of_builtins():
|
||||
for x in range(5): #$ use=moduleImport("builtins").getMember("range").getReturn()
|
||||
if x < len([]): #$ use=moduleImport("builtins").getMember("len").getReturn()
|
||||
print("Hello") #$ use=moduleImport("builtins").getMember("print").getReturn()
|
||||
raise Exception("Farewell") #$ use=moduleImport("builtins").getMember("Exception").getReturn()
|
||||
|
||||
def imported_builtins():
|
||||
import builtins #$ use=moduleImport("builtins")
|
||||
def open(f):
|
||||
return builtins.open(f) #$ MISSING: use=moduleImport("builtins").getMember("open").getReturn()
|
||||
|
||||
def redefine_print():
|
||||
def my_print(x):
|
||||
import builtins #$ use=moduleImport("builtins")
|
||||
builtins.print("I'm printing", x) #$ use=moduleImport("builtins").getMember("print").getReturn()
|
||||
print = my_print
|
||||
print("these words")
|
||||
|
||||
def local_redefine_chr():
|
||||
chr = 5
|
||||
return chr
|
||||
|
||||
def global_redefine_chr():
|
||||
global chr
|
||||
chr = 6
|
||||
return chr
|
||||
|
||||
def what_is_chr_now():
|
||||
# If global_redefine_chr has been run, then the following is _not_ a reference to the built-in chr
|
||||
return chr(123) #$ MISSING: use=moduleImport("builtins").getMember("chr").getReturn()
|
||||
|
||||
def obscured_print():
|
||||
p = print #$ use=moduleImport("builtins").getMember("print")
|
||||
p("Can you see me?") #$ use=moduleImport("builtins").getMember("print").getReturn()
|
||||
|
||||
def python2_style():
|
||||
# In Python 3, `__builtin__` has no special meaning.
|
||||
from __builtin__ import open #$ use=moduleImport("__builtin__").getMember("open")
|
||||
open("hello.txt") #$ use=moduleImport("__builtin__").getMember("open").getReturn()
|
||||
@@ -1,6 +0,0 @@
|
||||
import mypkg #$ use=moduleImport("mypkg")
|
||||
print(mypkg.foo) #$ use=moduleImport("mypkg").getMember("foo") // 42
|
||||
try:
|
||||
print(mypkg.bar) #$ use=moduleImport("mypkg").getMember("bar")
|
||||
except AttributeError as e: #$ use=moduleImport("builtins").getMember("AttributeError")
|
||||
print(e) #$ use=moduleImport("builtins").getMember("print").getReturn() // module 'mypkg' has no attribute 'bar'
|
||||
@@ -1,4 +0,0 @@
|
||||
from mypkg import foo #$ use=moduleImport("mypkg").getMember("foo")
|
||||
from mypkg import bar #$ use=moduleImport("mypkg").getMember("bar")
|
||||
print(foo) #$ use=moduleImport("mypkg").getMember("foo")
|
||||
print(bar) #$ use=moduleImport("mypkg").getMember("bar")
|
||||
@@ -1,4 +0,0 @@
|
||||
import mypkg.foo #$ use=moduleImport("mypkg")
|
||||
import mypkg.bar #$ use=moduleImport("mypkg")
|
||||
print(mypkg.foo) #$ use=moduleImport("mypkg").getMember("foo") // <module 'mypkg.foo' ...
|
||||
print(mypkg.bar) #$ use=moduleImport("mypkg").getMember("bar") // <module 'mypkg.bar' ...
|
||||
@@ -1,4 +0,0 @@
|
||||
import mypkg.foo as _foo #$ use=moduleImport("mypkg").getMember("foo")
|
||||
import mypkg.bar as _bar #$ use=moduleImport("mypkg").getMember("bar")
|
||||
print(_foo) #$ use=moduleImport("mypkg").getMember("foo") // <module 'mypkg.foo' ...
|
||||
print(_bar) #$ use=moduleImport("mypkg").getMember("bar") // <module 'mypkg.bar' ...
|
||||
@@ -1,10 +0,0 @@
|
||||
import mypkg #$ use=moduleImport("mypkg")
|
||||
|
||||
print(mypkg.foo) #$ use=moduleImport("mypkg").getMember("foo") // 42
|
||||
try:
|
||||
print(mypkg.bar) #$ use=moduleImport("mypkg").getMember("bar")
|
||||
except AttributeError as e: #$ use=moduleImport("builtins").getMember("AttributeError")
|
||||
print(e) #$ use=moduleImport("builtins").getMember("print").getReturn() // module 'mypkg' has no attribute 'bar'
|
||||
|
||||
from mypkg import bar as _bar #$ use=moduleImport("mypkg").getMember("bar")
|
||||
print(mypkg.bar) #$ use=moduleImport("mypkg").getMember("bar") // <module 'mypkg.bar' ...
|
||||
@@ -1,6 +0,0 @@
|
||||
import mypkg #$ use=moduleImport("mypkg")
|
||||
|
||||
print(mypkg.foo) #$ use=moduleImport("mypkg").getMember("foo") // 42
|
||||
|
||||
import mypkg.foo #$ use=moduleImport("mypkg")
|
||||
print(mypkg.foo) #$ use=moduleImport("mypkg").getMember("foo") // <module 'mypkg.foo' ...
|
||||
@@ -1,10 +0,0 @@
|
||||
from mypkg import foo #$ use=moduleImport("mypkg").getMember("foo")
|
||||
|
||||
print(foo) #$ use=moduleImport("mypkg").getMember("foo") // 42
|
||||
|
||||
import mypkg.foo #$ use=moduleImport("mypkg")
|
||||
print(foo) #$ use=moduleImport("mypkg").getMember("foo") // 42
|
||||
print(mypkg.foo) #$ use=moduleImport("mypkg").getMember("foo") // <module 'mypkg.foo' ...
|
||||
|
||||
from mypkg import foo #$ use=moduleImport("mypkg").getMember("foo")
|
||||
print(foo) #$ use=moduleImport("mypkg").getMember("foo") // <module 'mypkg.foo' ...
|
||||
@@ -1,4 +0,0 @@
|
||||
from start.middle.end import foo #$ use=moduleImport("start").getMember("middle").getMember("end").getMember("foo")
|
||||
from start.middle.end import bar #$ use=moduleImport("start").getMember("middle").getMember("end").getMember("bar")
|
||||
print(foo) #$ use=moduleImport("start").getMember("middle").getMember("end").getMember("foo")
|
||||
print(bar) #$ use=moduleImport("start").getMember("middle").getMember("end").getMember("bar")
|
||||
@@ -1,36 +0,0 @@
|
||||
# Star imports
|
||||
|
||||
from unknown import * #$ use=moduleImport("unknown")
|
||||
|
||||
# Currently missing, as we do not consider `hello` to be a `LocalSourceNode`, since it has flow
|
||||
# going into it from its corresponding `GlobalSsaVariable`.
|
||||
hello() #$ MISSING: use=moduleImport("unknown").getMember("hello").getReturn()
|
||||
|
||||
# We don't want our analysis to think that either `non_module_member` or `outer_bar` can
|
||||
# come from `from unknown import *`
|
||||
non_module_member
|
||||
|
||||
outer_bar = 5
|
||||
outer_bar
|
||||
|
||||
def foo():
|
||||
world() #$ use=moduleImport("unknown").getMember("world").getReturn()
|
||||
bar = 5
|
||||
bar
|
||||
non_module_member
|
||||
print(bar) #$ use=moduleImport("builtins").getMember("print").getReturn()
|
||||
|
||||
def quux():
|
||||
global non_module_member
|
||||
non_module_member = 5
|
||||
|
||||
def func1():
|
||||
var() #$ use=moduleImport("unknown").getMember("var").getReturn()
|
||||
def func2():
|
||||
var = "FOO"
|
||||
|
||||
def func3():
|
||||
var2 = print #$ use=moduleImport("builtins").getMember("print")
|
||||
def func4():
|
||||
var2() #$ MISSING: use=moduleImport("builtins").getMember("print").getReturn()
|
||||
func4()
|
||||
@@ -1,15 +0,0 @@
|
||||
# Star imports in local scope
|
||||
|
||||
hello2()
|
||||
|
||||
def foo():
|
||||
from unknown2 import * #$ use=moduleImport("unknown2")
|
||||
world2() #$ use=moduleImport("unknown2").getMember("world2").getReturn()
|
||||
bar2 = 5
|
||||
bar2
|
||||
non_module_member2
|
||||
print(bar2) #$ use=moduleImport("builtins").getMember("print").getReturn()
|
||||
|
||||
def quux2():
|
||||
global non_module_member2
|
||||
non_module_member2 = 5
|
||||
@@ -1,35 +0,0 @@
|
||||
import python
|
||||
import semmle.python.dataflow.new.DataFlow
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import semmle.python.ApiGraphs
|
||||
|
||||
class ApiUseTest extends InlineExpectationsTest {
|
||||
ApiUseTest() { this = "ApiUseTest" }
|
||||
|
||||
override string getARelevantTag() { result = "use" }
|
||||
|
||||
private predicate relevant_node(API::Node a, DataFlow::Node n, Location l) {
|
||||
n = a.getAUse() and
|
||||
l = n.getLocation() and
|
||||
// Module variable nodes have no suitable location, so it's best to simply exclude them entirely
|
||||
// from the inline tests.
|
||||
not n instanceof DataFlow::ModuleVariableNode and
|
||||
exists(l.getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
exists(API::Node a, DataFlow::Node n | relevant_node(a, n, location) |
|
||||
tag = "use" and
|
||||
// Only report the longest path on this line:
|
||||
value =
|
||||
max(API::Node a2, Location l2 |
|
||||
relevant_node(a2, _, l2) and
|
||||
l2.getFile() = location.getFile() and
|
||||
l2.getStartLine() = location.getStartLine()
|
||||
|
|
||||
a2.getPath()
|
||||
) and
|
||||
element = n.toString()
|
||||
)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user