Merge branch 'main' of github.com:github/codeql into python-port-sql-injection

python/ql/test/experimental/dataflow/coverage/argumentRouting1.expected

@@ -1,34 +1,233 @@
-| argumentPassing.py:89:22:89:25 | ControlFlowNode for arg1 | argumentPassing.py:75:11:75:11 | ControlFlowNode for a |
-| argumentPassing.py:94:22:94:25 | ControlFlowNode for arg1 | argumentPassing.py:75:11:75:11 | ControlFlowNode for a |
-| argumentPassing.py:104:19:104:22 | ControlFlowNode for arg1 | argumentPassing.py:98:11:98:11 | ControlFlowNode for a |
-| argumentPassing.py:105:19:105:22 | ControlFlowNode for arg1 | argumentPassing.py:98:11:98:11 | ControlFlowNode for a |
-| argumentPassing.py:106:19:106:22 | ControlFlowNode for arg1 | argumentPassing.py:98:11:98:11 | ControlFlowNode for a |
-| argumentPassing.py:117:45:117:48 | ControlFlowNode for arg1 | argumentPassing.py:110:11:110:11 | ControlFlowNode for a |
-| argumentPassing.py:118:27:118:30 | ControlFlowNode for arg1 | argumentPassing.py:110:11:110:11 | ControlFlowNode for a |
-| argumentPassing.py:119:27:119:30 | ControlFlowNode for arg1 | argumentPassing.py:110:11:110:11 | ControlFlowNode for a |
-| argumentPassing.py:120:65:120:68 | ControlFlowNode for arg1 | argumentPassing.py:110:11:110:11 | ControlFlowNode for a |
-| argumentPassing.py:132:28:132:31 | ControlFlowNode for arg1 | argumentPassing.py:124:11:124:11 | ControlFlowNode for a |
-| argumentPassing.py:160:46:160:49 | ControlFlowNode for arg1 | argumentPassing.py:139:11:139:13 | ControlFlowNode for foo |
-| argumentPassing.py:168:14:168:17 | ControlFlowNode for arg1 | argumentPassing.py:166:15:166:15 | ControlFlowNode for a |
-| argumentPassing.py:175:19:175:22 | ControlFlowNode for arg1 | argumentPassing.py:173:15:173:15 | ControlFlowNode for a |
-| argumentPassing.py:183:15:183:18 | ControlFlowNode for arg1 | argumentPassing.py:181:19:181:22 | ControlFlowNode for Subscript |
-| argumentPassing.py:190:13:190:16 | ControlFlowNode for arg1 | argumentPassing.py:188:15:188:15 | ControlFlowNode for a |
-| argumentPassing.py:197:16:197:19 | ControlFlowNode for arg1 | argumentPassing.py:195:15:195:15 | ControlFlowNode for a |
-| argumentPassing.py:204:15:204:18 | ControlFlowNode for arg1 | argumentPassing.py:202:15:202:15 | ControlFlowNode for a |
-| argumentPassing.py:211:23:211:26 | ControlFlowNode for arg1 | argumentPassing.py:209:15:209:20 | ControlFlowNode for Subscript |
-| classes.py:563:5:563:16 | SSA variable with_getitem | classes.py:557:15:557:18 | ControlFlowNode for self |
-| classes.py:578:5:578:16 | SSA variable with_setitem | classes.py:573:15:573:18 | ControlFlowNode for self |
-| classes.py:593:5:593:16 | SSA variable with_delitem | classes.py:588:15:588:18 | ControlFlowNode for self |
-| classes.py:665:5:665:12 | SSA variable with_add | classes.py:659:15:659:18 | ControlFlowNode for self |
-| classes.py:680:5:680:12 | SSA variable with_sub | classes.py:674:15:674:18 | ControlFlowNode for self |
-| classes.py:695:5:695:12 | SSA variable with_mul | classes.py:689:15:689:18 | ControlFlowNode for self |
-| classes.py:710:5:710:15 | SSA variable with_matmul | classes.py:704:15:704:18 | ControlFlowNode for self |
-| classes.py:725:5:725:16 | SSA variable with_truediv | classes.py:719:15:719:18 | ControlFlowNode for self |
-| classes.py:740:5:740:17 | SSA variable with_floordiv | classes.py:734:15:734:18 | ControlFlowNode for self |
-| classes.py:755:5:755:12 | SSA variable with_mod | classes.py:749:15:749:18 | ControlFlowNode for self |
-| classes.py:791:5:791:12 | SSA variable with_pow | classes.py:779:15:779:18 | ControlFlowNode for self |
-| classes.py:806:5:806:15 | SSA variable with_lshift | classes.py:800:15:800:18 | ControlFlowNode for self |
-| classes.py:821:5:821:15 | SSA variable with_rshift | classes.py:815:15:815:18 | ControlFlowNode for self |
-| classes.py:836:5:836:12 | SSA variable with_and | classes.py:830:15:830:18 | ControlFlowNode for self |
-| classes.py:851:5:851:12 | SSA variable with_xor | classes.py:845:15:845:18 | ControlFlowNode for self |
-| classes.py:866:5:866:11 | SSA variable with_or | classes.py:860:15:860:18 | ControlFlowNode for self |
+edges
+| argumentPassing.py:65:5:65:5 | SSA variable a | argumentPassing.py:75:11:75:11 | ControlFlowNode for a |
+| argumentPassing.py:89:22:89:25 | ControlFlowNode for arg1 | argumentPassing.py:65:5:65:5 | SSA variable a |
+| argumentPassing.py:94:22:94:25 | ControlFlowNode for arg1 | argumentPassing.py:65:5:65:5 | SSA variable a |
+| argumentPassing.py:97:19:97:19 | SSA variable a | argumentPassing.py:98:11:98:11 | ControlFlowNode for a |
+| argumentPassing.py:104:19:104:22 | ControlFlowNode for arg1 | argumentPassing.py:97:19:97:19 | SSA variable a |
+| argumentPassing.py:105:19:105:22 | ControlFlowNode for arg1 | argumentPassing.py:97:19:97:19 | SSA variable a |
+| argumentPassing.py:106:19:106:22 | ControlFlowNode for arg1 | argumentPassing.py:97:19:97:19 | SSA variable a |
+| argumentPassing.py:109:27:109:27 | SSA variable a | argumentPassing.py:110:11:110:11 | ControlFlowNode for a |
+| argumentPassing.py:117:45:117:48 | ControlFlowNode for arg1 | argumentPassing.py:109:27:109:27 | SSA variable a |
+| argumentPassing.py:118:27:118:30 | ControlFlowNode for arg1 | argumentPassing.py:109:27:109:27 | SSA variable a |
+| argumentPassing.py:119:27:119:30 | ControlFlowNode for arg1 | argumentPassing.py:109:27:109:27 | SSA variable a |
+| argumentPassing.py:120:5:120:70 | KwUnpacked a | argumentPassing.py:109:27:109:27 | SSA variable a |
+| argumentPassing.py:120:59:120:69 | ControlFlowNode for Dict [Dictionary element at key a] | argumentPassing.py:120:5:120:70 | KwUnpacked a |
+| argumentPassing.py:120:65:120:68 | ControlFlowNode for arg1 | argumentPassing.py:120:59:120:69 | ControlFlowNode for Dict [Dictionary element at key a] |
+| argumentPassing.py:123:28:123:28 | SSA variable a | argumentPassing.py:124:11:124:11 | ControlFlowNode for a |
+| argumentPassing.py:132:28:132:31 | ControlFlowNode for arg1 | argumentPassing.py:123:28:123:28 | SSA variable a |
+| argumentPassing.py:138:22:138:24 | SSA variable foo | argumentPassing.py:139:11:139:13 | ControlFlowNode for foo |
+| argumentPassing.py:160:46:160:49 | ControlFlowNode for arg1 | argumentPassing.py:138:22:138:24 | SSA variable foo |
+| argumentPassing.py:165:18:165:18 | SSA variable a | argumentPassing.py:166:15:166:15 | ControlFlowNode for a |
+| argumentPassing.py:168:14:168:17 | ControlFlowNode for arg1 | argumentPassing.py:165:18:165:18 | SSA variable a |
+| argumentPassing.py:172:23:172:23 | SSA variable a | argumentPassing.py:173:15:173:15 | ControlFlowNode for a |
+| argumentPassing.py:175:19:175:22 | ControlFlowNode for arg1 | argumentPassing.py:172:23:172:23 | SSA variable a |
+| argumentPassing.py:179:20:179:20 | SSA variable a [Tuple element at index 0] | argumentPassing.py:181:19:181:19 | ControlFlowNode for a [Tuple element at index 0] |
+| argumentPassing.py:181:19:181:19 | ControlFlowNode for a [Tuple element at index 0] | argumentPassing.py:181:19:181:22 | ControlFlowNode for Subscript |
+| argumentPassing.py:183:5:183:19 | PosOverflowNode for with_star() [Tuple element at index 0] | argumentPassing.py:179:20:179:20 | SSA variable a [Tuple element at index 0] |
+| argumentPassing.py:183:15:183:18 | ControlFlowNode for arg1 | argumentPassing.py:183:5:183:19 | PosOverflowNode for with_star() [Tuple element at index 0] |
+| argumentPassing.py:187:17:187:17 | SSA variable a | argumentPassing.py:188:15:188:15 | ControlFlowNode for a |
+| argumentPassing.py:190:13:190:16 | ControlFlowNode for arg1 | argumentPassing.py:187:17:187:17 | SSA variable a |
+| argumentPassing.py:194:18:194:18 | SSA variable a | argumentPassing.py:195:15:195:15 | ControlFlowNode for a |
+| argumentPassing.py:197:16:197:19 | ControlFlowNode for arg1 | argumentPassing.py:194:18:194:18 | SSA variable a |
+| argumentPassing.py:201:17:201:17 | SSA variable a | argumentPassing.py:202:15:202:15 | ControlFlowNode for a |
+| argumentPassing.py:204:15:204:18 | ControlFlowNode for arg1 | argumentPassing.py:201:17:201:17 | SSA variable a |
+| argumentPassing.py:208:27:208:27 | SSA variable a [Dictionary element at key a] | argumentPassing.py:209:15:209:15 | ControlFlowNode for a [Dictionary element at key a] |
+| argumentPassing.py:209:15:209:15 | ControlFlowNode for a [Dictionary element at key a] | argumentPassing.py:209:15:209:20 | ControlFlowNode for Subscript |
+| argumentPassing.py:211:5:211:27 | KwOverflowNode for with_doublestar() [Dictionary element at key a] | argumentPassing.py:208:27:208:27 | SSA variable a [Dictionary element at key a] |
+| argumentPassing.py:211:23:211:26 | ControlFlowNode for arg1 | argumentPassing.py:211:5:211:27 | KwOverflowNode for with_doublestar() [Dictionary element at key a] |
+| classes.py:555:21:555:24 | SSA variable self | classes.py:557:15:557:18 | ControlFlowNode for self |
+| classes.py:563:5:563:16 | SSA variable with_getitem | classes.py:565:5:565:16 | ControlFlowNode for with_getitem |
+| classes.py:565:5:565:16 | ControlFlowNode for with_getitem | classes.py:555:21:555:24 | SSA variable self |
+| classes.py:570:21:570:24 | SSA variable self | classes.py:573:15:573:18 | ControlFlowNode for self |
+| classes.py:578:5:578:16 | SSA variable with_setitem | classes.py:581:5:581:16 | ControlFlowNode for with_setitem |
+| classes.py:581:5:581:16 | ControlFlowNode for with_setitem | classes.py:570:21:570:24 | SSA variable self |
+| classes.py:586:21:586:24 | SSA variable self | classes.py:588:15:588:18 | ControlFlowNode for self |
+| classes.py:593:5:593:16 | SSA variable with_delitem | classes.py:595:9:595:20 | ControlFlowNode for with_delitem |
+| classes.py:595:9:595:20 | ControlFlowNode for with_delitem | classes.py:586:21:586:24 | SSA variable self |
+| classes.py:657:17:657:20 | SSA variable self | classes.py:659:15:659:18 | ControlFlowNode for self |
+| classes.py:665:5:665:12 | SSA variable with_add | classes.py:667:5:667:12 | ControlFlowNode for with_add |
+| classes.py:667:5:667:12 | ControlFlowNode for with_add | classes.py:657:17:657:20 | SSA variable self |
+| classes.py:672:17:672:20 | SSA variable self | classes.py:674:15:674:18 | ControlFlowNode for self |
+| classes.py:680:5:680:12 | SSA variable with_sub | classes.py:682:5:682:12 | ControlFlowNode for with_sub |
+| classes.py:682:5:682:12 | ControlFlowNode for with_sub | classes.py:672:17:672:20 | SSA variable self |
+| classes.py:687:17:687:20 | SSA variable self | classes.py:689:15:689:18 | ControlFlowNode for self |
+| classes.py:695:5:695:12 | SSA variable with_mul | classes.py:697:5:697:12 | ControlFlowNode for with_mul |
+| classes.py:697:5:697:12 | ControlFlowNode for with_mul | classes.py:687:17:687:20 | SSA variable self |
+| classes.py:702:20:702:23 | SSA variable self | classes.py:704:15:704:18 | ControlFlowNode for self |
+| classes.py:710:5:710:15 | SSA variable with_matmul | classes.py:712:5:712:15 | ControlFlowNode for with_matmul |
+| classes.py:712:5:712:15 | ControlFlowNode for with_matmul | classes.py:702:20:702:23 | SSA variable self |
+| classes.py:717:21:717:24 | SSA variable self | classes.py:719:15:719:18 | ControlFlowNode for self |
+| classes.py:725:5:725:16 | SSA variable with_truediv | classes.py:727:5:727:16 | ControlFlowNode for with_truediv |
+| classes.py:727:5:727:16 | ControlFlowNode for with_truediv | classes.py:717:21:717:24 | SSA variable self |
+| classes.py:732:22:732:25 | SSA variable self | classes.py:734:15:734:18 | ControlFlowNode for self |
+| classes.py:740:5:740:17 | SSA variable with_floordiv | classes.py:742:5:742:17 | ControlFlowNode for with_floordiv |
+| classes.py:742:5:742:17 | ControlFlowNode for with_floordiv | classes.py:732:22:732:25 | SSA variable self |
+| classes.py:747:17:747:20 | SSA variable self | classes.py:749:15:749:18 | ControlFlowNode for self |
+| classes.py:755:5:755:12 | SSA variable with_mod | classes.py:757:5:757:12 | ControlFlowNode for with_mod |
+| classes.py:757:5:757:12 | ControlFlowNode for with_mod | classes.py:747:17:747:20 | SSA variable self |
+| classes.py:777:17:777:20 | SSA variable self | classes.py:779:15:779:18 | ControlFlowNode for self |
+| classes.py:791:5:791:12 | SSA variable with_pow | classes.py:793:5:793:12 | ControlFlowNode for with_pow |
+| classes.py:793:5:793:12 | ControlFlowNode for with_pow | classes.py:777:17:777:20 | SSA variable self |
+| classes.py:798:20:798:23 | SSA variable self | classes.py:800:15:800:18 | ControlFlowNode for self |
+| classes.py:806:5:806:15 | SSA variable with_lshift | classes.py:808:5:808:15 | ControlFlowNode for with_lshift |
+| classes.py:808:5:808:15 | ControlFlowNode for with_lshift | classes.py:798:20:798:23 | SSA variable self |
+| classes.py:813:20:813:23 | SSA variable self | classes.py:815:15:815:18 | ControlFlowNode for self |
+| classes.py:821:5:821:15 | SSA variable with_rshift | classes.py:823:5:823:15 | ControlFlowNode for with_rshift |
+| classes.py:823:5:823:15 | ControlFlowNode for with_rshift | classes.py:813:20:813:23 | SSA variable self |
+| classes.py:828:17:828:20 | SSA variable self | classes.py:830:15:830:18 | ControlFlowNode for self |
+| classes.py:836:5:836:12 | SSA variable with_and | classes.py:838:5:838:12 | ControlFlowNode for with_and |
+| classes.py:838:5:838:12 | ControlFlowNode for with_and | classes.py:828:17:828:20 | SSA variable self |
+| classes.py:843:17:843:20 | SSA variable self | classes.py:845:15:845:18 | ControlFlowNode for self |
+| classes.py:851:5:851:12 | SSA variable with_xor | classes.py:853:5:853:12 | ControlFlowNode for with_xor |
+| classes.py:853:5:853:12 | ControlFlowNode for with_xor | classes.py:843:17:843:20 | SSA variable self |
+| classes.py:858:16:858:19 | SSA variable self | classes.py:860:15:860:18 | ControlFlowNode for self |
+| classes.py:866:5:866:11 | SSA variable with_or | classes.py:868:5:868:11 | ControlFlowNode for with_or |
+| classes.py:868:5:868:11 | ControlFlowNode for with_or | classes.py:858:16:858:19 | SSA variable self |
+nodes
+| argumentPassing.py:65:5:65:5 | SSA variable a | semmle.label | SSA variable a |
+| argumentPassing.py:75:11:75:11 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
+| argumentPassing.py:89:22:89:25 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:94:22:94:25 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:97:19:97:19 | SSA variable a | semmle.label | SSA variable a |
+| argumentPassing.py:98:11:98:11 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
+| argumentPassing.py:104:19:104:22 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:105:19:105:22 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:106:19:106:22 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:109:27:109:27 | SSA variable a | semmle.label | SSA variable a |
+| argumentPassing.py:110:11:110:11 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
+| argumentPassing.py:117:45:117:48 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:118:27:118:30 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:119:27:119:30 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:120:5:120:70 | KwUnpacked a | semmle.label | KwUnpacked a |
+| argumentPassing.py:120:59:120:69 | ControlFlowNode for Dict [Dictionary element at key a] | semmle.label | ControlFlowNode for Dict [Dictionary element at key a] |
+| argumentPassing.py:120:65:120:68 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:123:28:123:28 | SSA variable a | semmle.label | SSA variable a |
+| argumentPassing.py:124:11:124:11 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
+| argumentPassing.py:132:28:132:31 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:138:22:138:24 | SSA variable foo | semmle.label | SSA variable foo |
+| argumentPassing.py:139:11:139:13 | ControlFlowNode for foo | semmle.label | ControlFlowNode for foo |
+| argumentPassing.py:160:46:160:49 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:165:18:165:18 | SSA variable a | semmle.label | SSA variable a |
+| argumentPassing.py:166:15:166:15 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
+| argumentPassing.py:168:14:168:17 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:172:23:172:23 | SSA variable a | semmle.label | SSA variable a |
+| argumentPassing.py:173:15:173:15 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
+| argumentPassing.py:175:19:175:22 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:179:20:179:20 | SSA variable a [Tuple element at index 0] | semmle.label | SSA variable a [Tuple element at index 0] |
+| argumentPassing.py:181:19:181:19 | ControlFlowNode for a [Tuple element at index 0] | semmle.label | ControlFlowNode for a [Tuple element at index 0] |
+| argumentPassing.py:181:19:181:22 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
+| argumentPassing.py:183:5:183:19 | PosOverflowNode for with_star() [Tuple element at index 0] | semmle.label | PosOverflowNode for with_star() [Tuple element at index 0] |
+| argumentPassing.py:183:15:183:18 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:187:17:187:17 | SSA variable a | semmle.label | SSA variable a |
+| argumentPassing.py:188:15:188:15 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
+| argumentPassing.py:190:13:190:16 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:194:18:194:18 | SSA variable a | semmle.label | SSA variable a |
+| argumentPassing.py:195:15:195:15 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
+| argumentPassing.py:197:16:197:19 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:201:17:201:17 | SSA variable a | semmle.label | SSA variable a |
+| argumentPassing.py:202:15:202:15 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
+| argumentPassing.py:204:15:204:18 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| argumentPassing.py:208:27:208:27 | SSA variable a [Dictionary element at key a] | semmle.label | SSA variable a [Dictionary element at key a] |
+| argumentPassing.py:209:15:209:15 | ControlFlowNode for a [Dictionary element at key a] | semmle.label | ControlFlowNode for a [Dictionary element at key a] |
+| argumentPassing.py:209:15:209:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
+| argumentPassing.py:211:5:211:27 | KwOverflowNode for with_doublestar() [Dictionary element at key a] | semmle.label | KwOverflowNode for with_doublestar() [Dictionary element at key a] |
+| argumentPassing.py:211:23:211:26 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
+| classes.py:555:21:555:24 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:557:15:557:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:563:5:563:16 | SSA variable with_getitem | semmle.label | SSA variable with_getitem |
+| classes.py:565:5:565:16 | ControlFlowNode for with_getitem | semmle.label | ControlFlowNode for with_getitem |
+| classes.py:570:21:570:24 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:573:15:573:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:578:5:578:16 | SSA variable with_setitem | semmle.label | SSA variable with_setitem |
+| classes.py:581:5:581:16 | ControlFlowNode for with_setitem | semmle.label | ControlFlowNode for with_setitem |
+| classes.py:586:21:586:24 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:588:15:588:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:593:5:593:16 | SSA variable with_delitem | semmle.label | SSA variable with_delitem |
+| classes.py:595:9:595:20 | ControlFlowNode for with_delitem | semmle.label | ControlFlowNode for with_delitem |
+| classes.py:657:17:657:20 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:659:15:659:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:665:5:665:12 | SSA variable with_add | semmle.label | SSA variable with_add |
+| classes.py:667:5:667:12 | ControlFlowNode for with_add | semmle.label | ControlFlowNode for with_add |
+| classes.py:672:17:672:20 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:674:15:674:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:680:5:680:12 | SSA variable with_sub | semmle.label | SSA variable with_sub |
+| classes.py:682:5:682:12 | ControlFlowNode for with_sub | semmle.label | ControlFlowNode for with_sub |
+| classes.py:687:17:687:20 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:689:15:689:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:695:5:695:12 | SSA variable with_mul | semmle.label | SSA variable with_mul |
+| classes.py:697:5:697:12 | ControlFlowNode for with_mul | semmle.label | ControlFlowNode for with_mul |
+| classes.py:702:20:702:23 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:704:15:704:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:710:5:710:15 | SSA variable with_matmul | semmle.label | SSA variable with_matmul |
+| classes.py:712:5:712:15 | ControlFlowNode for with_matmul | semmle.label | ControlFlowNode for with_matmul |
+| classes.py:717:21:717:24 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:719:15:719:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:725:5:725:16 | SSA variable with_truediv | semmle.label | SSA variable with_truediv |
+| classes.py:727:5:727:16 | ControlFlowNode for with_truediv | semmle.label | ControlFlowNode for with_truediv |
+| classes.py:732:22:732:25 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:734:15:734:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:740:5:740:17 | SSA variable with_floordiv | semmle.label | SSA variable with_floordiv |
+| classes.py:742:5:742:17 | ControlFlowNode for with_floordiv | semmle.label | ControlFlowNode for with_floordiv |
+| classes.py:747:17:747:20 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:749:15:749:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:755:5:755:12 | SSA variable with_mod | semmle.label | SSA variable with_mod |
+| classes.py:757:5:757:12 | ControlFlowNode for with_mod | semmle.label | ControlFlowNode for with_mod |
+| classes.py:777:17:777:20 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:779:15:779:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:791:5:791:12 | SSA variable with_pow | semmle.label | SSA variable with_pow |
+| classes.py:793:5:793:12 | ControlFlowNode for with_pow | semmle.label | ControlFlowNode for with_pow |
+| classes.py:798:20:798:23 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:800:15:800:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:806:5:806:15 | SSA variable with_lshift | semmle.label | SSA variable with_lshift |
+| classes.py:808:5:808:15 | ControlFlowNode for with_lshift | semmle.label | ControlFlowNode for with_lshift |
+| classes.py:813:20:813:23 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:815:15:815:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:821:5:821:15 | SSA variable with_rshift | semmle.label | SSA variable with_rshift |
+| classes.py:823:5:823:15 | ControlFlowNode for with_rshift | semmle.label | ControlFlowNode for with_rshift |
+| classes.py:828:17:828:20 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:830:15:830:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:836:5:836:12 | SSA variable with_and | semmle.label | SSA variable with_and |
+| classes.py:838:5:838:12 | ControlFlowNode for with_and | semmle.label | ControlFlowNode for with_and |
+| classes.py:843:17:843:20 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:845:15:845:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:851:5:851:12 | SSA variable with_xor | semmle.label | SSA variable with_xor |
+| classes.py:853:5:853:12 | ControlFlowNode for with_xor | semmle.label | ControlFlowNode for with_xor |
+| classes.py:858:16:858:19 | SSA variable self | semmle.label | SSA variable self |
+| classes.py:860:15:860:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
+| classes.py:866:5:866:11 | SSA variable with_or | semmle.label | SSA variable with_or |
+| classes.py:868:5:868:11 | ControlFlowNode for with_or | semmle.label | ControlFlowNode for with_or |
+#select
+| argumentPassing.py:89:22:89:25 | ControlFlowNode for arg1 | argumentPassing.py:89:22:89:25 | ControlFlowNode for arg1 | argumentPassing.py:75:11:75:11 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:94:22:94:25 | ControlFlowNode for arg1 | argumentPassing.py:94:22:94:25 | ControlFlowNode for arg1 | argumentPassing.py:75:11:75:11 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:104:19:104:22 | ControlFlowNode for arg1 | argumentPassing.py:104:19:104:22 | ControlFlowNode for arg1 | argumentPassing.py:98:11:98:11 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:105:19:105:22 | ControlFlowNode for arg1 | argumentPassing.py:105:19:105:22 | ControlFlowNode for arg1 | argumentPassing.py:98:11:98:11 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:106:19:106:22 | ControlFlowNode for arg1 | argumentPassing.py:106:19:106:22 | ControlFlowNode for arg1 | argumentPassing.py:98:11:98:11 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:117:45:117:48 | ControlFlowNode for arg1 | argumentPassing.py:117:45:117:48 | ControlFlowNode for arg1 | argumentPassing.py:110:11:110:11 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:118:27:118:30 | ControlFlowNode for arg1 | argumentPassing.py:118:27:118:30 | ControlFlowNode for arg1 | argumentPassing.py:110:11:110:11 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:119:27:119:30 | ControlFlowNode for arg1 | argumentPassing.py:119:27:119:30 | ControlFlowNode for arg1 | argumentPassing.py:110:11:110:11 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:120:65:120:68 | ControlFlowNode for arg1 | argumentPassing.py:120:65:120:68 | ControlFlowNode for arg1 | argumentPassing.py:110:11:110:11 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:132:28:132:31 | ControlFlowNode for arg1 | argumentPassing.py:132:28:132:31 | ControlFlowNode for arg1 | argumentPassing.py:124:11:124:11 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:160:46:160:49 | ControlFlowNode for arg1 | argumentPassing.py:160:46:160:49 | ControlFlowNode for arg1 | argumentPassing.py:139:11:139:13 | ControlFlowNode for foo | Flow found |
+| argumentPassing.py:168:14:168:17 | ControlFlowNode for arg1 | argumentPassing.py:168:14:168:17 | ControlFlowNode for arg1 | argumentPassing.py:166:15:166:15 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:175:19:175:22 | ControlFlowNode for arg1 | argumentPassing.py:175:19:175:22 | ControlFlowNode for arg1 | argumentPassing.py:173:15:173:15 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:183:15:183:18 | ControlFlowNode for arg1 | argumentPassing.py:183:15:183:18 | ControlFlowNode for arg1 | argumentPassing.py:181:19:181:22 | ControlFlowNode for Subscript | Flow found |
+| argumentPassing.py:190:13:190:16 | ControlFlowNode for arg1 | argumentPassing.py:190:13:190:16 | ControlFlowNode for arg1 | argumentPassing.py:188:15:188:15 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:197:16:197:19 | ControlFlowNode for arg1 | argumentPassing.py:197:16:197:19 | ControlFlowNode for arg1 | argumentPassing.py:195:15:195:15 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:204:15:204:18 | ControlFlowNode for arg1 | argumentPassing.py:204:15:204:18 | ControlFlowNode for arg1 | argumentPassing.py:202:15:202:15 | ControlFlowNode for a | Flow found |
+| argumentPassing.py:211:23:211:26 | ControlFlowNode for arg1 | argumentPassing.py:211:23:211:26 | ControlFlowNode for arg1 | argumentPassing.py:209:15:209:20 | ControlFlowNode for Subscript | Flow found |
+| classes.py:563:5:563:16 | SSA variable with_getitem | classes.py:563:5:563:16 | SSA variable with_getitem | classes.py:557:15:557:18 | ControlFlowNode for self | Flow found |
+| classes.py:578:5:578:16 | SSA variable with_setitem | classes.py:578:5:578:16 | SSA variable with_setitem | classes.py:573:15:573:18 | ControlFlowNode for self | Flow found |
+| classes.py:593:5:593:16 | SSA variable with_delitem | classes.py:593:5:593:16 | SSA variable with_delitem | classes.py:588:15:588:18 | ControlFlowNode for self | Flow found |
+| classes.py:665:5:665:12 | SSA variable with_add | classes.py:665:5:665:12 | SSA variable with_add | classes.py:659:15:659:18 | ControlFlowNode for self | Flow found |
+| classes.py:680:5:680:12 | SSA variable with_sub | classes.py:680:5:680:12 | SSA variable with_sub | classes.py:674:15:674:18 | ControlFlowNode for self | Flow found |
+| classes.py:695:5:695:12 | SSA variable with_mul | classes.py:695:5:695:12 | SSA variable with_mul | classes.py:689:15:689:18 | ControlFlowNode for self | Flow found |
+| classes.py:710:5:710:15 | SSA variable with_matmul | classes.py:710:5:710:15 | SSA variable with_matmul | classes.py:704:15:704:18 | ControlFlowNode for self | Flow found |
+| classes.py:725:5:725:16 | SSA variable with_truediv | classes.py:725:5:725:16 | SSA variable with_truediv | classes.py:719:15:719:18 | ControlFlowNode for self | Flow found |
+| classes.py:740:5:740:17 | SSA variable with_floordiv | classes.py:740:5:740:17 | SSA variable with_floordiv | classes.py:734:15:734:18 | ControlFlowNode for self | Flow found |
+| classes.py:755:5:755:12 | SSA variable with_mod | classes.py:755:5:755:12 | SSA variable with_mod | classes.py:749:15:749:18 | ControlFlowNode for self | Flow found |
+| classes.py:791:5:791:12 | SSA variable with_pow | classes.py:791:5:791:12 | SSA variable with_pow | classes.py:779:15:779:18 | ControlFlowNode for self | Flow found |
+| classes.py:806:5:806:15 | SSA variable with_lshift | classes.py:806:5:806:15 | SSA variable with_lshift | classes.py:800:15:800:18 | ControlFlowNode for self | Flow found |
+| classes.py:821:5:821:15 | SSA variable with_rshift | classes.py:821:5:821:15 | SSA variable with_rshift | classes.py:815:15:815:18 | ControlFlowNode for self | Flow found |
+| classes.py:836:5:836:12 | SSA variable with_and | classes.py:836:5:836:12 | SSA variable with_and | classes.py:830:15:830:18 | ControlFlowNode for self | Flow found |
+| classes.py:851:5:851:12 | SSA variable with_xor | classes.py:851:5:851:12 | SSA variable with_xor | classes.py:845:15:845:18 | ControlFlowNode for self | Flow found |
+| classes.py:866:5:866:11 | SSA variable with_or | classes.py:866:5:866:11 | SSA variable with_or | classes.py:860:15:860:18 | ControlFlowNode for self | Flow found |

python/ql/test/experimental/dataflow/coverage/argumentRouting1.ql

@@ -1,5 +1,10 @@
+/**
+ * @kind path-problem
+ */
+
 import python
 import experimental.dataflow.DataFlow
+import DataFlow::PathGraph
 private import experimental.dataflow.internal.DataFlowPrivate as DataFlowPrivate
 
 /**
@@ -25,11 +30,19 @@ class ArgumentRoutingConfig extends DataFlow::Configuration {
       node.(DataFlow::CfgNode).getNode() = call.getAnArg()
     )
   }
+
+  /**
+   * We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
+   * Use-use flow lets the argument to the first call reach the sink inside the second call,
+   * making it seem like we handle all cases even if we only handle the last one.
+   * We make the test honest by preventing flow into source nodes.
+   */
+  override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
 }
 
-from DataFlow::Node source, DataFlow::Node sink
+from DataFlow::PathNode source, DataFlow::PathNode sink
 where
-  source.getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
-  sink.getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
-  exists(ArgumentRoutingConfig cfg | cfg.hasFlow(source, sink))
-select source, sink
+  source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
+select source.getNode(), source, sink, "Flow found"

python/ql/test/experimental/dataflow/coverage/argumentRouting2.expected

@@ -1,25 +1,147 @@
-| argumentPassing.py:94:28:94:31 | ControlFlowNode for arg2 | argumentPassing.py:76:11:76:11 | ControlFlowNode for b |
-| argumentPassing.py:104:25:104:28 | ControlFlowNode for arg2 | argumentPassing.py:99:11:99:11 | ControlFlowNode for b |
-| argumentPassing.py:105:27:105:30 | ControlFlowNode for arg2 | argumentPassing.py:99:11:99:11 | ControlFlowNode for b |
-| argumentPassing.py:117:29:117:32 | ControlFlowNode for arg2 | argumentPassing.py:111:11:111:11 | ControlFlowNode for b |
-| argumentPassing.py:118:35:118:38 | ControlFlowNode for arg2 | argumentPassing.py:111:11:111:11 | ControlFlowNode for b |
-| argumentPassing.py:119:50:119:53 | ControlFlowNode for arg2 | argumentPassing.py:111:11:111:11 | ControlFlowNode for b |
-| argumentPassing.py:120:35:120:38 | ControlFlowNode for arg2 | argumentPassing.py:111:11:111:11 | ControlFlowNode for b |
-| argumentPassing.py:133:30:133:33 | ControlFlowNode for arg2 | argumentPassing.py:125:11:125:11 | ControlFlowNode for b |
-| argumentPassing.py:160:36:160:39 | ControlFlowNode for arg2 | argumentPassing.py:146:11:146:13 | ControlFlowNode for bar |
-| classes.py:565:18:565:21 | ControlFlowNode for arg2 | classes.py:556:15:556:17 | ControlFlowNode for key |
-| classes.py:581:18:581:21 | ControlFlowNode for arg2 | classes.py:572:15:572:17 | ControlFlowNode for key |
-| classes.py:595:22:595:25 | ControlFlowNode for arg2 | classes.py:587:15:587:17 | ControlFlowNode for key |
-| classes.py:667:16:667:19 | ControlFlowNode for arg2 | classes.py:658:15:658:19 | ControlFlowNode for other |
-| classes.py:682:16:682:19 | ControlFlowNode for arg2 | classes.py:673:15:673:19 | ControlFlowNode for other |
-| classes.py:697:16:697:19 | ControlFlowNode for arg2 | classes.py:688:15:688:19 | ControlFlowNode for other |
-| classes.py:712:19:712:22 | ControlFlowNode for arg2 | classes.py:703:15:703:19 | ControlFlowNode for other |
-| classes.py:727:20:727:23 | ControlFlowNode for arg2 | classes.py:718:15:718:19 | ControlFlowNode for other |
-| classes.py:742:22:742:25 | ControlFlowNode for arg2 | classes.py:733:15:733:19 | ControlFlowNode for other |
-| classes.py:757:16:757:19 | ControlFlowNode for arg2 | classes.py:748:15:748:19 | ControlFlowNode for other |
-| classes.py:793:17:793:20 | ControlFlowNode for arg2 | classes.py:778:15:778:19 | ControlFlowNode for other |
-| classes.py:808:20:808:23 | ControlFlowNode for arg2 | classes.py:799:15:799:19 | ControlFlowNode for other |
-| classes.py:823:20:823:23 | ControlFlowNode for arg2 | classes.py:814:15:814:19 | ControlFlowNode for other |
-| classes.py:838:16:838:19 | ControlFlowNode for arg2 | classes.py:829:15:829:19 | ControlFlowNode for other |
-| classes.py:853:16:853:19 | ControlFlowNode for arg2 | classes.py:844:15:844:19 | ControlFlowNode for other |
-| classes.py:868:15:868:18 | ControlFlowNode for arg2 | classes.py:859:15:859:19 | ControlFlowNode for other |
+edges
+| argumentPassing.py:66:5:66:5 | SSA variable b | argumentPassing.py:76:11:76:11 | ControlFlowNode for b |
+| argumentPassing.py:94:28:94:31 | ControlFlowNode for arg2 | argumentPassing.py:66:5:66:5 | SSA variable b |
+| argumentPassing.py:97:25:97:25 | SSA variable b | argumentPassing.py:99:11:99:11 | ControlFlowNode for b |
+| argumentPassing.py:104:25:104:28 | ControlFlowNode for arg2 | argumentPassing.py:97:25:97:25 | SSA variable b |
+| argumentPassing.py:105:27:105:30 | ControlFlowNode for arg2 | argumentPassing.py:97:25:97:25 | SSA variable b |
+| argumentPassing.py:109:30:109:30 | SSA variable b | argumentPassing.py:111:11:111:11 | ControlFlowNode for b |
+| argumentPassing.py:117:29:117:32 | ControlFlowNode for arg2 | argumentPassing.py:109:30:109:30 | SSA variable b |
+| argumentPassing.py:120:5:120:70 | KwUnpacked b | argumentPassing.py:109:30:109:30 | SSA variable b |
+| argumentPassing.py:120:29:120:39 | ControlFlowNode for Dict [Dictionary element at key b] | argumentPassing.py:120:5:120:70 | KwUnpacked b |
+| argumentPassing.py:120:35:120:38 | ControlFlowNode for arg2 | argumentPassing.py:120:29:120:39 | ControlFlowNode for Dict [Dictionary element at key b] |
+| argumentPassing.py:123:36:123:36 | SSA variable b | argumentPassing.py:125:11:125:11 | ControlFlowNode for b |
+| argumentPassing.py:133:30:133:33 | ControlFlowNode for arg2 | argumentPassing.py:123:36:123:36 | SSA variable b |
+| argumentPassing.py:138:29:138:34 | SSA variable kwargs [Dictionary element at key bar] | argumentPassing.py:140:20:140:25 | ControlFlowNode for kwargs [Dictionary element at key bar] |
+| argumentPassing.py:140:5:140:26 | KwUnpacked bar | argumentPassing.py:145:18:145:20 | SSA variable bar |
+| argumentPassing.py:140:20:140:25 | ControlFlowNode for kwargs [Dictionary element at key bar] | argumentPassing.py:140:5:140:26 | KwUnpacked bar |
+| argumentPassing.py:145:18:145:20 | SSA variable bar | argumentPassing.py:146:11:146:13 | ControlFlowNode for bar |
+| argumentPassing.py:160:5:160:50 | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key bar] | argumentPassing.py:138:29:138:34 | SSA variable kwargs [Dictionary element at key bar] |
+| argumentPassing.py:160:36:160:39 | ControlFlowNode for arg2 | argumentPassing.py:160:5:160:50 | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key bar] |
+| classes.py:555:27:555:29 | SSA variable key | classes.py:556:15:556:17 | ControlFlowNode for key |
+| classes.py:565:18:565:21 | ControlFlowNode for arg2 | classes.py:555:27:555:29 | SSA variable key |
+| classes.py:570:27:570:29 | SSA variable key | classes.py:572:15:572:17 | ControlFlowNode for key |
+| classes.py:581:18:581:21 | ControlFlowNode for arg2 | classes.py:570:27:570:29 | SSA variable key |
+| classes.py:586:27:586:29 | SSA variable key | classes.py:587:15:587:17 | ControlFlowNode for key |
+| classes.py:595:22:595:25 | ControlFlowNode for arg2 | classes.py:586:27:586:29 | SSA variable key |
+| classes.py:657:23:657:27 | SSA variable other | classes.py:658:15:658:19 | ControlFlowNode for other |
+| classes.py:667:16:667:19 | ControlFlowNode for arg2 | classes.py:657:23:657:27 | SSA variable other |
+| classes.py:672:23:672:27 | SSA variable other | classes.py:673:15:673:19 | ControlFlowNode for other |
+| classes.py:682:16:682:19 | ControlFlowNode for arg2 | classes.py:672:23:672:27 | SSA variable other |
+| classes.py:687:23:687:27 | SSA variable other | classes.py:688:15:688:19 | ControlFlowNode for other |
+| classes.py:697:16:697:19 | ControlFlowNode for arg2 | classes.py:687:23:687:27 | SSA variable other |
+| classes.py:702:26:702:30 | SSA variable other | classes.py:703:15:703:19 | ControlFlowNode for other |
+| classes.py:712:19:712:22 | ControlFlowNode for arg2 | classes.py:702:26:702:30 | SSA variable other |
+| classes.py:717:27:717:31 | SSA variable other | classes.py:718:15:718:19 | ControlFlowNode for other |
+| classes.py:727:20:727:23 | ControlFlowNode for arg2 | classes.py:717:27:717:31 | SSA variable other |
+| classes.py:732:28:732:32 | SSA variable other | classes.py:733:15:733:19 | ControlFlowNode for other |
+| classes.py:742:22:742:25 | ControlFlowNode for arg2 | classes.py:732:28:732:32 | SSA variable other |
+| classes.py:747:23:747:27 | SSA variable other | classes.py:748:15:748:19 | ControlFlowNode for other |
+| classes.py:757:16:757:19 | ControlFlowNode for arg2 | classes.py:747:23:747:27 | SSA variable other |
+| classes.py:777:23:777:27 | SSA variable other | classes.py:778:15:778:19 | ControlFlowNode for other |
+| classes.py:793:17:793:20 | ControlFlowNode for arg2 | classes.py:777:23:777:27 | SSA variable other |
+| classes.py:798:26:798:30 | SSA variable other | classes.py:799:15:799:19 | ControlFlowNode for other |
+| classes.py:808:20:808:23 | ControlFlowNode for arg2 | classes.py:798:26:798:30 | SSA variable other |
+| classes.py:813:26:813:30 | SSA variable other | classes.py:814:15:814:19 | ControlFlowNode for other |
+| classes.py:823:20:823:23 | ControlFlowNode for arg2 | classes.py:813:26:813:30 | SSA variable other |
+| classes.py:828:23:828:27 | SSA variable other | classes.py:829:15:829:19 | ControlFlowNode for other |
+| classes.py:838:16:838:19 | ControlFlowNode for arg2 | classes.py:828:23:828:27 | SSA variable other |
+| classes.py:843:23:843:27 | SSA variable other | classes.py:844:15:844:19 | ControlFlowNode for other |
+| classes.py:853:16:853:19 | ControlFlowNode for arg2 | classes.py:843:23:843:27 | SSA variable other |
+| classes.py:858:22:858:26 | SSA variable other | classes.py:859:15:859:19 | ControlFlowNode for other |
+| classes.py:868:15:868:18 | ControlFlowNode for arg2 | classes.py:858:22:858:26 | SSA variable other |
+nodes
+| argumentPassing.py:66:5:66:5 | SSA variable b | semmle.label | SSA variable b |
+| argumentPassing.py:76:11:76:11 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
+| argumentPassing.py:94:28:94:31 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| argumentPassing.py:97:25:97:25 | SSA variable b | semmle.label | SSA variable b |
+| argumentPassing.py:99:11:99:11 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
+| argumentPassing.py:104:25:104:28 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| argumentPassing.py:105:27:105:30 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| argumentPassing.py:109:30:109:30 | SSA variable b | semmle.label | SSA variable b |
+| argumentPassing.py:111:11:111:11 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
+| argumentPassing.py:117:29:117:32 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| argumentPassing.py:120:5:120:70 | KwUnpacked b | semmle.label | KwUnpacked b |
+| argumentPassing.py:120:29:120:39 | ControlFlowNode for Dict [Dictionary element at key b] | semmle.label | ControlFlowNode for Dict [Dictionary element at key b] |
+| argumentPassing.py:120:35:120:38 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| argumentPassing.py:123:36:123:36 | SSA variable b | semmle.label | SSA variable b |
+| argumentPassing.py:125:11:125:11 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
+| argumentPassing.py:133:30:133:33 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| argumentPassing.py:138:29:138:34 | SSA variable kwargs [Dictionary element at key bar] | semmle.label | SSA variable kwargs [Dictionary element at key bar] |
+| argumentPassing.py:140:5:140:26 | KwUnpacked bar | semmle.label | KwUnpacked bar |
+| argumentPassing.py:140:20:140:25 | ControlFlowNode for kwargs [Dictionary element at key bar] | semmle.label | ControlFlowNode for kwargs [Dictionary element at key bar] |
+| argumentPassing.py:145:18:145:20 | SSA variable bar | semmle.label | SSA variable bar |
+| argumentPassing.py:146:11:146:13 | ControlFlowNode for bar | semmle.label | ControlFlowNode for bar |
+| argumentPassing.py:160:5:160:50 | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key bar] | semmle.label | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key bar] |
+| argumentPassing.py:160:36:160:39 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:555:27:555:29 | SSA variable key | semmle.label | SSA variable key |
+| classes.py:556:15:556:17 | ControlFlowNode for key | semmle.label | ControlFlowNode for key |
+| classes.py:565:18:565:21 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:570:27:570:29 | SSA variable key | semmle.label | SSA variable key |
+| classes.py:572:15:572:17 | ControlFlowNode for key | semmle.label | ControlFlowNode for key |
+| classes.py:581:18:581:21 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:586:27:586:29 | SSA variable key | semmle.label | SSA variable key |
+| classes.py:587:15:587:17 | ControlFlowNode for key | semmle.label | ControlFlowNode for key |
+| classes.py:595:22:595:25 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:657:23:657:27 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:658:15:658:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:667:16:667:19 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:672:23:672:27 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:673:15:673:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:682:16:682:19 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:687:23:687:27 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:688:15:688:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:697:16:697:19 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:702:26:702:30 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:703:15:703:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:712:19:712:22 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:717:27:717:31 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:718:15:718:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:727:20:727:23 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:732:28:732:32 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:733:15:733:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:742:22:742:25 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:747:23:747:27 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:748:15:748:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:757:16:757:19 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:777:23:777:27 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:778:15:778:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:793:17:793:20 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:798:26:798:30 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:799:15:799:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:808:20:808:23 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:813:26:813:30 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:814:15:814:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:823:20:823:23 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:828:23:828:27 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:829:15:829:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:838:16:838:19 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:843:23:843:27 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:844:15:844:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:853:16:853:19 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+| classes.py:858:22:858:26 | SSA variable other | semmle.label | SSA variable other |
+| classes.py:859:15:859:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
+| classes.py:868:15:868:18 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
+#select
+| argumentPassing.py:94:28:94:31 | ControlFlowNode for arg2 | argumentPassing.py:94:28:94:31 | ControlFlowNode for arg2 | argumentPassing.py:76:11:76:11 | ControlFlowNode for b | Flow found |
+| argumentPassing.py:104:25:104:28 | ControlFlowNode for arg2 | argumentPassing.py:104:25:104:28 | ControlFlowNode for arg2 | argumentPassing.py:99:11:99:11 | ControlFlowNode for b | Flow found |
+| argumentPassing.py:105:27:105:30 | ControlFlowNode for arg2 | argumentPassing.py:105:27:105:30 | ControlFlowNode for arg2 | argumentPassing.py:99:11:99:11 | ControlFlowNode for b | Flow found |
+| argumentPassing.py:117:29:117:32 | ControlFlowNode for arg2 | argumentPassing.py:117:29:117:32 | ControlFlowNode for arg2 | argumentPassing.py:111:11:111:11 | ControlFlowNode for b | Flow found |
+| argumentPassing.py:120:35:120:38 | ControlFlowNode for arg2 | argumentPassing.py:120:35:120:38 | ControlFlowNode for arg2 | argumentPassing.py:111:11:111:11 | ControlFlowNode for b | Flow found |
+| argumentPassing.py:133:30:133:33 | ControlFlowNode for arg2 | argumentPassing.py:133:30:133:33 | ControlFlowNode for arg2 | argumentPassing.py:125:11:125:11 | ControlFlowNode for b | Flow found |
+| argumentPassing.py:160:36:160:39 | ControlFlowNode for arg2 | argumentPassing.py:160:36:160:39 | ControlFlowNode for arg2 | argumentPassing.py:146:11:146:13 | ControlFlowNode for bar | Flow found |
+| classes.py:565:18:565:21 | ControlFlowNode for arg2 | classes.py:565:18:565:21 | ControlFlowNode for arg2 | classes.py:556:15:556:17 | ControlFlowNode for key | Flow found |
+| classes.py:581:18:581:21 | ControlFlowNode for arg2 | classes.py:581:18:581:21 | ControlFlowNode for arg2 | classes.py:572:15:572:17 | ControlFlowNode for key | Flow found |
+| classes.py:595:22:595:25 | ControlFlowNode for arg2 | classes.py:595:22:595:25 | ControlFlowNode for arg2 | classes.py:587:15:587:17 | ControlFlowNode for key | Flow found |
+| classes.py:667:16:667:19 | ControlFlowNode for arg2 | classes.py:667:16:667:19 | ControlFlowNode for arg2 | classes.py:658:15:658:19 | ControlFlowNode for other | Flow found |
+| classes.py:682:16:682:19 | ControlFlowNode for arg2 | classes.py:682:16:682:19 | ControlFlowNode for arg2 | classes.py:673:15:673:19 | ControlFlowNode for other | Flow found |
+| classes.py:697:16:697:19 | ControlFlowNode for arg2 | classes.py:697:16:697:19 | ControlFlowNode for arg2 | classes.py:688:15:688:19 | ControlFlowNode for other | Flow found |
+| classes.py:712:19:712:22 | ControlFlowNode for arg2 | classes.py:712:19:712:22 | ControlFlowNode for arg2 | classes.py:703:15:703:19 | ControlFlowNode for other | Flow found |
+| classes.py:727:20:727:23 | ControlFlowNode for arg2 | classes.py:727:20:727:23 | ControlFlowNode for arg2 | classes.py:718:15:718:19 | ControlFlowNode for other | Flow found |
+| classes.py:742:22:742:25 | ControlFlowNode for arg2 | classes.py:742:22:742:25 | ControlFlowNode for arg2 | classes.py:733:15:733:19 | ControlFlowNode for other | Flow found |
+| classes.py:757:16:757:19 | ControlFlowNode for arg2 | classes.py:757:16:757:19 | ControlFlowNode for arg2 | classes.py:748:15:748:19 | ControlFlowNode for other | Flow found |
+| classes.py:793:17:793:20 | ControlFlowNode for arg2 | classes.py:793:17:793:20 | ControlFlowNode for arg2 | classes.py:778:15:778:19 | ControlFlowNode for other | Flow found |
+| classes.py:808:20:808:23 | ControlFlowNode for arg2 | classes.py:808:20:808:23 | ControlFlowNode for arg2 | classes.py:799:15:799:19 | ControlFlowNode for other | Flow found |
+| classes.py:823:20:823:23 | ControlFlowNode for arg2 | classes.py:823:20:823:23 | ControlFlowNode for arg2 | classes.py:814:15:814:19 | ControlFlowNode for other | Flow found |
+| classes.py:838:16:838:19 | ControlFlowNode for arg2 | classes.py:838:16:838:19 | ControlFlowNode for arg2 | classes.py:829:15:829:19 | ControlFlowNode for other | Flow found |
+| classes.py:853:16:853:19 | ControlFlowNode for arg2 | classes.py:853:16:853:19 | ControlFlowNode for arg2 | classes.py:844:15:844:19 | ControlFlowNode for other | Flow found |
+| classes.py:868:15:868:18 | ControlFlowNode for arg2 | classes.py:868:15:868:18 | ControlFlowNode for arg2 | classes.py:859:15:859:19 | ControlFlowNode for other | Flow found |

python/ql/test/experimental/dataflow/coverage/argumentRouting2.ql

@@ -1,5 +1,10 @@
+/**
+ * @kind path-problem
+ */
+
 import python
 import experimental.dataflow.DataFlow
+import DataFlow::PathGraph
 
 /**
  * A configuration to check routing of arguments through magic methods.
@@ -17,11 +22,19 @@ class ArgumentRoutingConfig extends DataFlow::Configuration {
       node.(DataFlow::CfgNode).getNode() = call.getAnArg()
     )
   }
+
+  /**
+   * We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
+   * Use-use flow lets the argument to the first call reach the sink inside the second call,
+   * making it seem like we handle all cases even if we only handle the last one.
+   * We make the test honest by preventing flow into source nodes.
+   */
+  override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
 }
 
-from DataFlow::Node source, DataFlow::Node sink
+from DataFlow::PathNode source, DataFlow::PathNode sink
 where
-  source.getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
-  sink.getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
-  exists(ArgumentRoutingConfig cfg | cfg.hasFlow(source, sink))
-select source, sink
+  source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
+select source.getNode(), source, sink, "Flow found"

python/ql/test/experimental/dataflow/coverage/argumentRouting3.expected

@@ -1,8 +1,63 @@
-| argumentPassing.py:94:34:94:37 | ControlFlowNode for arg3 | argumentPassing.py:77:11:77:11 | ControlFlowNode for c |
-| argumentPassing.py:117:37:117:40 | ControlFlowNode for arg3 | argumentPassing.py:112:11:112:11 | ControlFlowNode for c |
-| argumentPassing.py:118:43:118:46 | ControlFlowNode for arg3 | argumentPassing.py:112:11:112:11 | ControlFlowNode for c |
-| argumentPassing.py:119:41:119:44 | ControlFlowNode for arg3 | argumentPassing.py:112:11:112:11 | ControlFlowNode for c |
-| argumentPassing.py:120:50:120:53 | ControlFlowNode for arg3 | argumentPassing.py:112:11:112:11 | ControlFlowNode for c |
-| argumentPassing.py:134:36:134:39 | ControlFlowNode for arg3 | argumentPassing.py:126:11:126:11 | ControlFlowNode for c |
-| argumentPassing.py:160:26:160:29 | ControlFlowNode for arg3 | argumentPassing.py:155:11:155:13 | ControlFlowNode for baz |
-| classes.py:581:26:581:29 | ControlFlowNode for arg3 | classes.py:571:15:571:19 | ControlFlowNode for value |
+edges
+| argumentPassing.py:68:5:68:5 | SSA variable c | argumentPassing.py:77:11:77:11 | ControlFlowNode for c |
+| argumentPassing.py:94:34:94:37 | ControlFlowNode for arg3 | argumentPassing.py:68:5:68:5 | SSA variable c |
+| argumentPassing.py:109:33:109:33 | SSA variable c | argumentPassing.py:112:11:112:11 | ControlFlowNode for c |
+| argumentPassing.py:117:37:117:40 | ControlFlowNode for arg3 | argumentPassing.py:109:33:109:33 | SSA variable c |
+| argumentPassing.py:119:5:119:54 | KwUnpacked c | argumentPassing.py:109:33:109:33 | SSA variable c |
+| argumentPassing.py:119:35:119:45 | ControlFlowNode for Dict [Dictionary element at key c] | argumentPassing.py:119:5:119:54 | KwUnpacked c |
+| argumentPassing.py:119:41:119:44 | ControlFlowNode for arg3 | argumentPassing.py:119:35:119:45 | ControlFlowNode for Dict [Dictionary element at key c] |
+| argumentPassing.py:120:5:120:70 | KwUnpacked c | argumentPassing.py:109:33:109:33 | SSA variable c |
+| argumentPassing.py:120:44:120:54 | ControlFlowNode for Dict [Dictionary element at key c] | argumentPassing.py:120:5:120:70 | KwUnpacked c |
+| argumentPassing.py:120:50:120:53 | ControlFlowNode for arg3 | argumentPassing.py:120:44:120:54 | ControlFlowNode for Dict [Dictionary element at key c] |
+| argumentPassing.py:123:44:123:44 | SSA variable c | argumentPassing.py:126:11:126:11 | ControlFlowNode for c |
+| argumentPassing.py:134:5:134:41 | KwUnpacked c | argumentPassing.py:123:44:123:44 | SSA variable c |
+| argumentPassing.py:134:30:134:40 | ControlFlowNode for Dict [Dictionary element at key c] | argumentPassing.py:134:5:134:41 | KwUnpacked c |
+| argumentPassing.py:134:36:134:39 | ControlFlowNode for arg3 | argumentPassing.py:134:30:134:40 | ControlFlowNode for Dict [Dictionary element at key c] |
+| argumentPassing.py:138:29:138:34 | SSA variable kwargs [Dictionary element at key baz] | argumentPassing.py:140:5:140:26 | KwOverflowNode for grab_bar_baz() [Dictionary element at key baz] |
+| argumentPassing.py:140:5:140:26 | KwOverflowNode for grab_bar_baz() [Dictionary element at key baz] | argumentPassing.py:145:25:145:30 | SSA variable kwargs [Dictionary element at key baz] |
+| argumentPassing.py:145:25:145:30 | SSA variable kwargs [Dictionary element at key baz] | argumentPassing.py:151:16:151:21 | ControlFlowNode for kwargs [Dictionary element at key baz] |
+| argumentPassing.py:151:5:151:22 | KwUnpacked baz | argumentPassing.py:154:14:154:16 | SSA variable baz |
+| argumentPassing.py:151:16:151:21 | ControlFlowNode for kwargs [Dictionary element at key baz] | argumentPassing.py:151:5:151:22 | KwUnpacked baz |
+| argumentPassing.py:154:14:154:16 | SSA variable baz | argumentPassing.py:155:11:155:13 | ControlFlowNode for baz |
+| argumentPassing.py:160:5:160:50 | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key baz] | argumentPassing.py:138:29:138:34 | SSA variable kwargs [Dictionary element at key baz] |
+| argumentPassing.py:160:26:160:29 | ControlFlowNode for arg3 | argumentPassing.py:160:5:160:50 | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key baz] |
+| classes.py:570:32:570:36 | SSA variable value | classes.py:571:15:571:19 | ControlFlowNode for value |
+| classes.py:581:26:581:29 | ControlFlowNode for arg3 | classes.py:570:32:570:36 | SSA variable value |
+nodes
+| argumentPassing.py:68:5:68:5 | SSA variable c | semmle.label | SSA variable c |
+| argumentPassing.py:77:11:77:11 | ControlFlowNode for c | semmle.label | ControlFlowNode for c |
+| argumentPassing.py:94:34:94:37 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
+| argumentPassing.py:109:33:109:33 | SSA variable c | semmle.label | SSA variable c |
+| argumentPassing.py:112:11:112:11 | ControlFlowNode for c | semmle.label | ControlFlowNode for c |
+| argumentPassing.py:117:37:117:40 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
+| argumentPassing.py:119:5:119:54 | KwUnpacked c | semmle.label | KwUnpacked c |
+| argumentPassing.py:119:35:119:45 | ControlFlowNode for Dict [Dictionary element at key c] | semmle.label | ControlFlowNode for Dict [Dictionary element at key c] |
+| argumentPassing.py:119:41:119:44 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
+| argumentPassing.py:120:5:120:70 | KwUnpacked c | semmle.label | KwUnpacked c |
+| argumentPassing.py:120:44:120:54 | ControlFlowNode for Dict [Dictionary element at key c] | semmle.label | ControlFlowNode for Dict [Dictionary element at key c] |
+| argumentPassing.py:120:50:120:53 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
+| argumentPassing.py:123:44:123:44 | SSA variable c | semmle.label | SSA variable c |
+| argumentPassing.py:126:11:126:11 | ControlFlowNode for c | semmle.label | ControlFlowNode for c |
+| argumentPassing.py:134:5:134:41 | KwUnpacked c | semmle.label | KwUnpacked c |
+| argumentPassing.py:134:30:134:40 | ControlFlowNode for Dict [Dictionary element at key c] | semmle.label | ControlFlowNode for Dict [Dictionary element at key c] |
+| argumentPassing.py:134:36:134:39 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
+| argumentPassing.py:138:29:138:34 | SSA variable kwargs [Dictionary element at key baz] | semmle.label | SSA variable kwargs [Dictionary element at key baz] |
+| argumentPassing.py:140:5:140:26 | KwOverflowNode for grab_bar_baz() [Dictionary element at key baz] | semmle.label | KwOverflowNode for grab_bar_baz() [Dictionary element at key baz] |
+| argumentPassing.py:145:25:145:30 | SSA variable kwargs [Dictionary element at key baz] | semmle.label | SSA variable kwargs [Dictionary element at key baz] |
+| argumentPassing.py:151:5:151:22 | KwUnpacked baz | semmle.label | KwUnpacked baz |
+| argumentPassing.py:151:16:151:21 | ControlFlowNode for kwargs [Dictionary element at key baz] | semmle.label | ControlFlowNode for kwargs [Dictionary element at key baz] |
+| argumentPassing.py:154:14:154:16 | SSA variable baz | semmle.label | SSA variable baz |
+| argumentPassing.py:155:11:155:13 | ControlFlowNode for baz | semmle.label | ControlFlowNode for baz |
+| argumentPassing.py:160:5:160:50 | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key baz] | semmle.label | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key baz] |
+| argumentPassing.py:160:26:160:29 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
+| classes.py:570:32:570:36 | SSA variable value | semmle.label | SSA variable value |
+| classes.py:571:15:571:19 | ControlFlowNode for value | semmle.label | ControlFlowNode for value |
+| classes.py:581:26:581:29 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
+#select
+| argumentPassing.py:94:34:94:37 | ControlFlowNode for arg3 | argumentPassing.py:94:34:94:37 | ControlFlowNode for arg3 | argumentPassing.py:77:11:77:11 | ControlFlowNode for c | Flow found |
+| argumentPassing.py:117:37:117:40 | ControlFlowNode for arg3 | argumentPassing.py:117:37:117:40 | ControlFlowNode for arg3 | argumentPassing.py:112:11:112:11 | ControlFlowNode for c | Flow found |
+| argumentPassing.py:119:41:119:44 | ControlFlowNode for arg3 | argumentPassing.py:119:41:119:44 | ControlFlowNode for arg3 | argumentPassing.py:112:11:112:11 | ControlFlowNode for c | Flow found |
+| argumentPassing.py:120:50:120:53 | ControlFlowNode for arg3 | argumentPassing.py:120:50:120:53 | ControlFlowNode for arg3 | argumentPassing.py:112:11:112:11 | ControlFlowNode for c | Flow found |
+| argumentPassing.py:134:36:134:39 | ControlFlowNode for arg3 | argumentPassing.py:134:36:134:39 | ControlFlowNode for arg3 | argumentPassing.py:126:11:126:11 | ControlFlowNode for c | Flow found |
+| argumentPassing.py:160:26:160:29 | ControlFlowNode for arg3 | argumentPassing.py:160:26:160:29 | ControlFlowNode for arg3 | argumentPassing.py:155:11:155:13 | ControlFlowNode for baz | Flow found |
+| classes.py:581:26:581:29 | ControlFlowNode for arg3 | classes.py:581:26:581:29 | ControlFlowNode for arg3 | classes.py:571:15:571:19 | ControlFlowNode for value | Flow found |

python/ql/test/experimental/dataflow/coverage/argumentRouting3.ql

@@ -1,5 +1,10 @@
+/**
+ * @kind path-problem
+ */
+
 import python
 import experimental.dataflow.DataFlow
+import DataFlow::PathGraph
 
 /**
  * A configuration to check routing of arguments through magic methods.
@@ -17,11 +22,19 @@ class ArgumentRoutingConfig extends DataFlow::Configuration {
       node.(DataFlow::CfgNode).getNode() = call.getAnArg()
     )
   }
+
+  /**
+   * We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
+   * Use-use flow lets the argument to the first call reach the sink inside the second call,
+   * making it seem like we handle all cases even if we only handle the last one.
+   * We make the test honest by preventing flow into source nodes.
+   */
+  override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
 }
 
-from DataFlow::Node source, DataFlow::Node sink
+from DataFlow::PathNode source, DataFlow::PathNode sink
 where
-  source.getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
-  sink.getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
-  exists(ArgumentRoutingConfig cfg | cfg.hasFlow(source, sink))
-select source, sink
+  source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
+select source.getNode(), source, sink, "Flow found"

python/ql/test/experimental/dataflow/coverage/argumentRouting4.expected

@@ -0,0 +1,3 @@
+edges
+nodes
+#select

python/ql/test/experimental/dataflow/coverage/argumentRouting4.ql

@@ -1,5 +1,10 @@
+/**
+ * @kind path-problem
+ */
+
 import python
 import experimental.dataflow.DataFlow
+import DataFlow::PathGraph
 
 /**
  * A configuration to check routing of arguments through magic methods.
@@ -17,11 +22,19 @@ class ArgumentRoutingConfig extends DataFlow::Configuration {
       node.(DataFlow::CfgNode).getNode() = call.getAnArg()
     )
   }
+
+  /**
+   * We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
+   * Use-use flow lets the argument to the first call reach the sink inside the second call,
+   * making it seem like we handle all cases even if we only handle the last one.
+   * We make the test honest by preventing flow into source nodes.
+   */
+  override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
 }
 
-from DataFlow::Node source, DataFlow::Node sink
+from DataFlow::PathNode source, DataFlow::PathNode sink
 where
-  source.getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
-  sink.getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
-  exists(ArgumentRoutingConfig cfg | cfg.hasFlow(source, sink))
-select source, sink
+  source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
+select source.getNode(), source, sink, "Flow found"

python/ql/test/experimental/dataflow/coverage/argumentRouting5.expected

@@ -0,0 +1,3 @@
+edges
+nodes
+#select

python/ql/test/experimental/dataflow/coverage/argumentRouting5.ql

@@ -0,0 +1,40 @@
+/**
+ * @kind path-problem
+ */
+
+import python
+import experimental.dataflow.DataFlow
+import DataFlow::PathGraph
+
+/**
+ * A configuration to check routing of arguments through magic methods.
+ */
+class ArgumentRoutingConfig extends DataFlow::Configuration {
+  ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
+
+  override predicate isSource(DataFlow::Node node) {
+    node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg5"
+  }
+
+  override predicate isSink(DataFlow::Node node) {
+    exists(CallNode call |
+      call.getFunction().(NameNode).getId() = "SINK5" and
+      node.(DataFlow::CfgNode).getNode() = call.getAnArg()
+    )
+  }
+
+  /**
+   * We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
+   * Use-use flow lets the argument to the first call reach the sink inside the second call,
+   * making it seem like we handle all cases even if we only handle the last one.
+   * We make the test honest by preventing flow into source nodes.
+   */
+  override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
+}
+
+from DataFlow::PathNode source, DataFlow::PathNode sink
+where
+  source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
+select source.getNode(), source, sink, "Flow found"

python/ql/test/experimental/dataflow/coverage/argumentRouting6.expected

@@ -0,0 +1,3 @@
+edges
+nodes
+#select

python/ql/test/experimental/dataflow/coverage/argumentRouting6.ql

@@ -0,0 +1,40 @@
+/**
+ * @kind path-problem
+ */
+
+import python
+import experimental.dataflow.DataFlow
+import DataFlow::PathGraph
+
+/**
+ * A configuration to check routing of arguments through magic methods.
+ */
+class ArgumentRoutingConfig extends DataFlow::Configuration {
+  ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
+
+  override predicate isSource(DataFlow::Node node) {
+    node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg6"
+  }
+
+  override predicate isSink(DataFlow::Node node) {
+    exists(CallNode call |
+      call.getFunction().(NameNode).getId() = "SINK6" and
+      node.(DataFlow::CfgNode).getNode() = call.getAnArg()
+    )
+  }
+
+  /**
+   * We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
+   * Use-use flow lets the argument to the first call reach the sink inside the second call,
+   * making it seem like we handle all cases even if we only handle the last one.
+   * We make the test honest by preventing flow into source nodes.
+   */
+  override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
+}
+
+from DataFlow::PathNode source, DataFlow::PathNode sink
+where
+  source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
+select source.getNode(), source, sink, "Flow found"

python/ql/test/experimental/dataflow/coverage/argumentRouting7.expected

@@ -0,0 +1,15 @@
+edges
+| argumentPassing.py:73:7:73:7 | SSA variable g [Dictionary element at key g] | argumentPassing.py:82:15:82:15 | ControlFlowNode for g [Dictionary element at key g] |
+| argumentPassing.py:82:15:82:15 | ControlFlowNode for g [Dictionary element at key g] | argumentPassing.py:82:15:82:20 | ControlFlowNode for Subscript |
+| argumentPassing.py:89:5:89:81 | KwOverflowNode for argument_passing() [Dictionary element at key g] | argumentPassing.py:73:7:73:7 | SSA variable g [Dictionary element at key g] |
+| argumentPassing.py:89:59:89:80 | ControlFlowNode for Dict [Dictionary element at key g] | argumentPassing.py:89:5:89:81 | KwOverflowNode for argument_passing() [Dictionary element at key g] |
+| argumentPassing.py:89:76:89:79 | ControlFlowNode for arg7 | argumentPassing.py:89:59:89:80 | ControlFlowNode for Dict [Dictionary element at key g] |
+nodes
+| argumentPassing.py:73:7:73:7 | SSA variable g [Dictionary element at key g] | semmle.label | SSA variable g [Dictionary element at key g] |
+| argumentPassing.py:82:15:82:15 | ControlFlowNode for g [Dictionary element at key g] | semmle.label | ControlFlowNode for g [Dictionary element at key g] |
+| argumentPassing.py:82:15:82:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
+| argumentPassing.py:89:5:89:81 | KwOverflowNode for argument_passing() [Dictionary element at key g] | semmle.label | KwOverflowNode for argument_passing() [Dictionary element at key g] |
+| argumentPassing.py:89:59:89:80 | ControlFlowNode for Dict [Dictionary element at key g] | semmle.label | ControlFlowNode for Dict [Dictionary element at key g] |
+| argumentPassing.py:89:76:89:79 | ControlFlowNode for arg7 | semmle.label | ControlFlowNode for arg7 |
+#select
+| argumentPassing.py:89:76:89:79 | ControlFlowNode for arg7 | argumentPassing.py:89:76:89:79 | ControlFlowNode for arg7 | argumentPassing.py:82:15:82:20 | ControlFlowNode for Subscript | Flow found |

python/ql/test/experimental/dataflow/coverage/argumentRouting7.ql

@@ -0,0 +1,40 @@
+/**
+ * @kind path-problem
+ */
+
+import python
+import experimental.dataflow.DataFlow
+import DataFlow::PathGraph
+
+/**
+ * A configuration to check routing of arguments through magic methods.
+ */
+class ArgumentRoutingConfig extends DataFlow::Configuration {
+  ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
+
+  override predicate isSource(DataFlow::Node node) {
+    node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg7"
+  }
+
+  override predicate isSink(DataFlow::Node node) {
+    exists(CallNode call |
+      call.getFunction().(NameNode).getId() = "SINK7" and
+      node.(DataFlow::CfgNode).getNode() = call.getAnArg()
+    )
+  }
+
+  /**
+   * We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
+   * Use-use flow lets the argument to the first call reach the sink inside the second call,
+   * making it seem like we handle all cases even if we only handle the last one.
+   * We make the test honest by preventing flow into source nodes.
+   */
+  override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
+}
+
+from DataFlow::PathNode source, DataFlow::PathNode sink
+where
+  source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
+  exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
+select source.getNode(), source, sink, "Flow found"

python/ql/test/experimental/dataflow/pep_328/__init__.py

@@ -0,0 +1 @@
+pass

python/ql/test/experimental/dataflow/pep_328/package/__init__.py

@@ -0,0 +1 @@
+bar = "bar"

python/ql/test/experimental/dataflow/pep_328/package/moduleA.py

@@ -0,0 +1 @@
+foo = "foo"

python/ql/test/experimental/dataflow/pep_328/package/subpackage1/__init__.py

@@ -0,0 +1,16 @@
+from .moduleY import spam
+from .moduleY import spam as ham
+from . import moduleY
+from ..subpackage1 import moduleY
+from ..subpackage2.moduleZ import eggs
+from ..moduleA import foo
+
+try:
+    from ...package import bar
+except Exception as e:
+    print(e)
+
+try:
+    from ...sys import path
+except Exception as e:
+    print(e)

python/ql/test/experimental/dataflow/pep_328/package/subpackage1/moduleX.py

@@ -0,0 +1,16 @@
+from .moduleY import spam
+from .moduleY import spam as ham
+from . import moduleY
+from ..subpackage1 import moduleY
+from ..subpackage2.moduleZ import eggs
+from ..moduleA import foo
+
+try:
+    from ...package import bar
+except Exception as e:
+    print(e)
+
+try:
+    from ...sys import path
+except Exception as e:
+    print(e)

python/ql/test/experimental/dataflow/pep_328/package/subpackage1/moduleY.py

@@ -0,0 +1 @@
+spam = "spam"

python/ql/test/experimental/dataflow/pep_328/package/subpackage2/__init__.py

@@ -0,0 +1 @@
+pass

python/ql/test/experimental/dataflow/pep_328/package/subpackage2/moduleZ.py

@@ -0,0 +1 @@
+eggs = "eggs"

python/ql/test/experimental/dataflow/pep_328/start.py

@@ -0,0 +1 @@
+import package.subpackage1.moduleX

python/ql/test/experimental/dataflow/regression/dataflow.expected

@@ -1,3 +1,7 @@
+| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:89:10:89:10 | ControlFlowNode for t |
+| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:106:10:106:14 | ControlFlowNode for Attribute |
+| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:111:10:111:12 | ControlFlowNode for Attribute |
+| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:156:6:156:11 | ControlFlowNode for unsafe |
 | module.py:6:12:6:17 | ControlFlowNode for SOURCE | test.py:101:10:101:10 | ControlFlowNode for t |
 | test.py:3:10:3:15 | ControlFlowNode for SOURCE | test.py:3:10:3:15 | ControlFlowNode for SOURCE |
 | test.py:6:9:6:14 | ControlFlowNode for SOURCE | test.py:7:10:7:10 | ControlFlowNode for s |

python/ql/test/experimental/dataflow/regression/test.py

@@ -86,7 +86,7 @@ import module
 
 def test13():
     t = module.dangerous
-    SINK(t)  # Flow not found
+    SINK(t)
 
 def test14():
     t = module.safe
@@ -108,13 +108,13 @@ def x_sink(arg):
 def test17():
     t = C()
     t.x = module.dangerous
-    SINK(t.x)  # Flow not found
+    SINK(t.x)
 
 def test18():
     t = C()
     t.x = module.dangerous
     t = hub(t)
-    x_sink(t)  # Flow not found
+    x_sink(t)
 
 def test19():
     t = CUSTOM_SOURCE
@@ -153,7 +153,7 @@ def test22(cond):
         SINK(t)
 
 from module import dangerous as unsafe
-SINK(unsafe)  # Flow not found
+SINK(unsafe)
 
 def test23():
     with SOURCE as t:

python/ql/test/experimental/dataflow/typetracking/mymodule.py

@@ -2,3 +2,6 @@ x = tracked # $tracked
 
 def func():
     return tracked # $tracked
+
+z = tracked # $tracked
+some_func(z) # $tracked

python/ql/test/experimental/dataflow/typetracking/test.py

@@ -51,9 +51,10 @@ def global_var_write_test():
 
 def test_import():
     import mymodule
-    mymodule.x # $f-:tracked
+    mymodule.x # $tracked
     y = mymodule.func() # $tracked
     y # $tracked
+    mymodule.z # $tracked
 
 # ------------------------------------------------------------------------------
 

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/ConceptsTest.ql

@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/README.md

@@ -0,0 +1,17 @@
+Tests for Django in version 2.x and 3.x.
+
+This folder contains a runable django application generated with `django-admin startproject testproj` and `django-admin startapp testapp`.
+
+To run the development server, install django (in venv), and run `python manage.py runserver`
+
+To understand how things work, see
+- https://docs.djangoproject.com/en/3.1/intro/tutorial01/#creating-a-project
+- https://docs.djangoproject.com/en/3.1/intro/tutorial02/#activating-models
+
+---
+
+Note that from [Django 2.0 only Python 3 is supported](https://docs.djangoproject.com/en/stable/releases/2.0/#python-compatibility) (enforced by `options` file).
+
+As I see it, from a QL modeling perspective, the important part of [Django 3.0](https://docs.djangoproject.com/en/stable/releases/3.0/) was the added support for ASGI (Asynchronous Server Gateway Interface), and [Django 3.1](https://docs.djangoproject.com/en/stable/releases/3.1/) added support for async views, async middleware.
+
+We currently don't have any tests specific to Django 3.0, since it's very compatible with Django 2.0 in general, but we could split the tests in the future.

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/TestTaint.expected

@@ -0,0 +1,82 @@
+| taint_test.py:7 | ok   | test_taint | bar |
+| taint_test.py:7 | ok   | test_taint | foo |
+| taint_test.py:8 | ok   | test_taint | baz |
+| taint_test.py:14 | ok   | test_taint | request |
+| taint_test.py:16 | ok   | test_taint | request.body |
+| taint_test.py:17 | ok   | test_taint | request.path |
+| taint_test.py:18 | ok   | test_taint | request.path_info |
+| taint_test.py:22 | ok   | test_taint | request.method |
+| taint_test.py:24 | ok   | test_taint | request.encoding |
+| taint_test.py:25 | ok   | test_taint | request.content_type |
+| taint_test.py:28 | ok   | test_taint | request.content_params |
+| taint_test.py:29 | ok   | test_taint | request.content_params["key"] |
+| taint_test.py:30 | ok   | test_taint | request.content_params.get(..) |
+| taint_test.py:34 | ok   | test_taint | request.GET |
+| taint_test.py:35 | ok   | test_taint | request.GET["key"] |
+| taint_test.py:36 | ok   | test_taint | request.GET.get(..) |
+| taint_test.py:37 | fail | test_taint | request.GET.getlist(..) |
+| taint_test.py:38 | fail | test_taint | request.GET.getlist(..)[0] |
+| taint_test.py:39 | ok   | test_taint | request.GET.pop(..) |
+| taint_test.py:40 | ok   | test_taint | request.GET.pop(..)[0] |
+| taint_test.py:41 | ok   | test_taint | request.GET.popitem()[0] |
+| taint_test.py:42 | ok   | test_taint | request.GET.popitem()[1] |
+| taint_test.py:43 | ok   | test_taint | request.GET.popitem()[1][0] |
+| taint_test.py:44 | fail | test_taint | request.GET.dict() |
+| taint_test.py:45 | fail | test_taint | request.GET.dict()["key"] |
+| taint_test.py:46 | fail | test_taint | request.GET.urlencode() |
+| taint_test.py:49 | ok   | test_taint | request.POST |
+| taint_test.py:52 | ok   | test_taint | request.COOKIES |
+| taint_test.py:53 | ok   | test_taint | request.COOKIES["key"] |
+| taint_test.py:54 | ok   | test_taint | request.COOKIES.get(..) |
+| taint_test.py:57 | ok   | test_taint | request.FILES |
+| taint_test.py:58 | ok   | test_taint | request.FILES["key"] |
+| taint_test.py:59 | fail | test_taint | request.FILES["key"].content_type |
+| taint_test.py:60 | fail | test_taint | request.FILES["key"].content_type_extra |
+| taint_test.py:61 | fail | test_taint | request.FILES["key"].content_type_extra["key"] |
+| taint_test.py:62 | fail | test_taint | request.FILES["key"].charset |
+| taint_test.py:63 | fail | test_taint | request.FILES["key"].name |
+| taint_test.py:64 | fail | test_taint | request.FILES["key"].file |
+| taint_test.py:65 | fail | test_taint | request.FILES["key"].file.read() |
+| taint_test.py:67 | ok   | test_taint | request.FILES.get(..) |
+| taint_test.py:68 | fail | test_taint | request.FILES.get(..).name |
+| taint_test.py:69 | fail | test_taint | request.FILES.getlist(..) |
+| taint_test.py:70 | fail | test_taint | request.FILES.getlist(..)[0] |
+| taint_test.py:71 | fail | test_taint | request.FILES.getlist(..)[0].name |
+| taint_test.py:72 | fail | test_taint | request.FILES.dict() |
+| taint_test.py:73 | fail | test_taint | request.FILES.dict()["key"] |
+| taint_test.py:74 | fail | test_taint | request.FILES.dict()["key"].name |
+| taint_test.py:77 | ok   | test_taint | request.META |
+| taint_test.py:78 | ok   | test_taint | request.META["HTTP_USER_AGENT"] |
+| taint_test.py:79 | ok   | test_taint | request.META.get(..) |
+| taint_test.py:82 | ok   | test_taint | request.headers |
+| taint_test.py:83 | ok   | test_taint | request.headers["user-agent"] |
+| taint_test.py:84 | ok   | test_taint | request.headers["USER_AGENT"] |
+| taint_test.py:87 | ok   | test_taint | request.resolver_match |
+| taint_test.py:88 | fail | test_taint | request.resolver_match.args |
+| taint_test.py:89 | fail | test_taint | request.resolver_match.args[0] |
+| taint_test.py:90 | fail | test_taint | request.resolver_match.kwargs |
+| taint_test.py:91 | fail | test_taint | request.resolver_match.kwargs["key"] |
+| taint_test.py:93 | fail | test_taint | request.get_full_path() |
+| taint_test.py:94 | fail | test_taint | request.get_full_path_info() |
+| taint_test.py:98 | fail | test_taint | request.read() |
+| taint_test.py:99 | fail | test_taint | request.readline() |
+| taint_test.py:100 | fail | test_taint | request.readlines() |
+| taint_test.py:101 | fail | test_taint | request.readlines()[0] |
+| taint_test.py:102 | fail | test_taint | ListComp |
+| taint_test.py:108 | ok   | test_taint | args |
+| taint_test.py:109 | ok   | test_taint | args[0] |
+| taint_test.py:110 | ok   | test_taint | kwargs |
+| taint_test.py:111 | ok   | test_taint | kwargs["key"] |
+| taint_test.py:115 | ok   | test_taint | request.current_app |
+| taint_test.py:120 | ok   | test_taint | request.get_host() |
+| taint_test.py:121 | ok   | test_taint | request.get_port() |
+| taint_test.py:128 | fail | test_taint | request.build_absolute_uri() |
+| taint_test.py:129 | fail | test_taint | request.build_absolute_uri(..) |
+| taint_test.py:130 | fail | test_taint | request.build_absolute_uri(..) |
+| taint_test.py:133 | ok   | test_taint | request.build_absolute_uri(..) |
+| taint_test.py:134 | ok   | test_taint | request.build_absolute_uri(..) |
+| taint_test.py:142 | ok   | test_taint | request.get_signed_cookie(..) |
+| taint_test.py:143 | ok   | test_taint | request.get_signed_cookie(..) |
+| taint_test.py:144 | ok   | test_taint | request.get_signed_cookie(..) |
+| taint_test.py:148 | fail | test_taint | request.get_signed_cookie(..) |
+| taint_test.py:149 | fail | test_taint | request.get_signed_cookie(..) |

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/TestTaint.ql

@@ -0,0 +1,6 @@
+import experimental.dataflow.tainttracking.TestTaintLib
+import experimental.dataflow.RemoteFlowSources
+
+class RemoteFlowTestTaintConfiguration extends TestTaintTrackingConfiguration {
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+}

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/dummy_import.py

@@ -0,0 +1,10 @@
+# to force extractor to see files. since we use `--max-import-depth=1`, we use this
+# "fake" import that doesn't actually work, but tricks the python extractor to look at
+# all the files
+
+from testproj import *
+from testapp import *
+
+import os.path as pth
+
+pth.join("foo", "bar")

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/manage.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+"""Django's command-line utility for administrative tasks."""
+import os
+import sys
+
+
+def main():
+    """Run administrative tasks."""
+    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'testproj.settings')
+    try:
+        from django.core.management import execute_from_command_line
+    except ImportError as exc:
+        raise ImportError(
+            "Couldn't import Django. Are you sure it's installed and "
+            "available on your PYTHONPATH environment variable? Did you "
+            "forget to activate a virtual environment?"
+        ) from exc
+    execute_from_command_line(sys.argv)
+
+
+if __name__ == '__main__':
+    main()

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/options

@@ -0,0 +1 @@
+semmle-extractor-options: --max-import-depth=1 --lang=3

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/routing_test.py

@@ -0,0 +1,99 @@
+"""testing views for Django 2.x and 3.x"""
+from django.urls import path, re_path
+from django.http import HttpResponse, HttpResponseRedirect, JsonResponse, HttpResponseNotFound
+from django.views import View
+
+
+def url_match_xss(request, foo, bar, no_taint=None):  # $routeHandler $routedParameter=foo $routedParameter=bar
+    return HttpResponse('url_match_xss: {} {}'.format(foo, bar))
+
+
+def get_params_xss(request):  # $routeHandler
+    return HttpResponse(request.GET.get("untrusted"))
+
+
+def post_params_xss(request):  # $routeHandler
+    return HttpResponse(request.POST.get("untrusted"))
+
+
+def http_resp_write(request):  # $routeHandler
+    rsp = HttpResponse()
+    rsp.write(request.GET.get("untrusted"))
+    return rsp
+
+
+class Foo(object):
+    # Note: since Foo is used as the super type in a class view, it will be able to handle requests.
+
+
+    def post(self, request, untrusted):  # $f-:routeHandler $f-:routedParameter=untrusted
+        return HttpResponse('Foo post: {}'.format(untrusted))
+
+
+class ClassView(View, Foo):
+
+    def get(self, request, untrusted):  # $f-:routeHandler $f-:routedParameter=untrusted
+        return HttpResponse('ClassView get: {}'.format(untrusted))
+
+
+def show_articles(request, page_number=1):  # $routeHandler $routedParameter=page_number
+    page_number = int(page_number)
+    return HttpResponse('articles page: {}'.format(page_number))
+
+
+def xxs_positional_arg(request, arg0, arg1, no_taint=None):  # $routeHandler $routedParameter=arg0 $routedParameter=arg1
+    return HttpResponse('xxs_positional_arg: {} {}'.format(arg0, arg1))
+
+
+urlpatterns = [
+    re_path(r"^url_match/(?P<foo>[^/]+)/(?P<bar>[^/]+)", url_match_xss),  # $routeSetup="^url_match/(?P<foo>[^/]+)/(?P<bar>[^/]+)"
+    re_path(r"^get_params", get_params_xss),  # $routeSetup="^get_params"
+    re_path(r"^post_params", post_params_xss),  # $routeSetup="^post_params"
+    re_path(r"^http_resp_write", http_resp_write),  # $routeSetup="^http_resp_write"
+    re_path(r"^class_view/(?P<untrusted>.+)", ClassView.as_view()),  # $routeSetup="^class_view/(?P<untrusted>.+)"
+
+    # one pattern to support `articles/page-<n>` and ensuring that articles/ goes to page-1
+    re_path(r"articles/^(?:page-(?P<page_number>\d+)/)?", show_articles),  # $routeSetup="articles/^(?:page-(?P<page_number>\d+)/)?"
+    # passing as positional argument is not the recommended way of doing things, but it is certainly
+    # possible
+    re_path(r"^([^/]+)/(?:foo|bar)/([^/]+)", xxs_positional_arg, name='xxs_positional_arg'),  # $routeSetup="^([^/]+)/(?:foo|bar)/([^/]+)"
+]
+
+
+# Show we understand the keyword arguments to django.urls.re_path
+
+def re_path_kwargs(request):  # $routeHandler
+    return HttpResponse('re_path_kwargs')
+
+
+urlpatterns = [
+    re_path(view=re_path_kwargs, route=r"^specifying-as-kwargs-is-not-a-problem")  # $routeSetup="^specifying-as-kwargs-is-not-a-problem"
+]
+
+################################################################################
+# Using path
+################################################################################
+
+# saying page_number is an externally controlled *string* is a bit strange, when we have an int converter :O
+def page_number(request, page_number=1):  # $routeHandler $routedParameter=page_number
+    return HttpResponse('page_number: {}'.format(page_number))
+
+def foo_bar_baz(request, foo, bar, baz):  # $routeHandler $routedParameter=foo $routedParameter=bar $routedParameter=baz
+    return HttpResponse('foo_bar_baz: {} {} {}'.format(foo, bar, baz))
+
+def path_kwargs(request, foo, bar):  # $routeHandler $routedParameter=foo $routedParameter=bar
+    return HttpResponse('path_kwargs: {} {} {}'.format(foo, bar))
+
+def not_valid_identifier(request):  # $routeHandler
+    return HttpResponse('<foo!>')
+
+urlpatterns = [
+    path("articles/", page_number),  # $routeSetup="articles/"
+    path("articles/page-<int:page_number>", page_number),  # $routeSetup="articles/page-<int:page_number>"
+    path("<int:foo>/<str:bar>/<baz>", foo_bar_baz, name='foo-bar-baz'),  # $routeSetup="<int:foo>/<str:bar>/<baz>"
+
+    path(view=path_kwargs, route="<foo>/<bar>"),  # $routeSetup="<foo>/<bar>"
+
+    # We should not report there is a request parameter called `not_valid!`
+    path("not_valid/<not_valid!>", not_valid_identifier),  # $routeSetup="not_valid/<not_valid!>"
+]

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/taint_test.py

@@ -0,0 +1,156 @@
+"""testing views for Django 2.x and 3.x"""
+from django.urls import path
+from django.http import HttpRequest
+
+
+def test_taint(request: HttpRequest, foo, bar, baz=None):  # $routeHandler $routedParameter=foo $routedParameter=bar
+    ensure_tainted(foo, bar)
+    ensure_not_tainted(baz)
+
+    # Manually inspected all fields of the HttpRequest object
+    # https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects
+
+    ensure_tainted(
+        request,
+
+        request.body,
+        request.path,
+        request.path_info,
+
+        # With CSRF middleware disabled, it's possible to use custom methods,
+        # for example by `curl -X FOO <url>`
+        request.method,
+
+        request.encoding,
+        request.content_type,
+
+        # Dict[str, str]
+        request.content_params,
+        request.content_params["key"],
+        request.content_params.get("key"),
+
+        # django.http.QueryDict
+        # see https://docs.djangoproject.com/en/3.0/ref/request-response/#querydict-objects
+        request.GET,
+        request.GET["key"],
+        request.GET.get("key"),
+        request.GET.getlist("key"),
+        request.GET.getlist("key")[0],
+        request.GET.pop("key"),
+        request.GET.pop("key")[0],
+        request.GET.popitem()[0], # key
+        request.GET.popitem()[1], # values
+        request.GET.popitem()[1][0], # values[0]
+        request.GET.dict(),
+        request.GET.dict()["key"],
+        request.GET.urlencode(),
+
+        # django.http.QueryDict (same as above, did not duplicate tests)
+        request.POST,
+
+        # Dict[str, str]
+        request.COOKIES,
+        request.COOKIES["key"],
+        request.COOKIES.get("key"),
+
+        # MultiValueDict[str, UploadedFile]
+        request.FILES,
+        request.FILES["key"],
+        request.FILES["key"].content_type,
+        request.FILES["key"].content_type_extra,
+        request.FILES["key"].content_type_extra["key"],
+        request.FILES["key"].charset,
+        request.FILES["key"].name,
+        request.FILES["key"].file,
+        request.FILES["key"].file.read(),
+
+        request.FILES.get("key"),
+        request.FILES.get("key").name,
+        request.FILES.getlist("key"),
+        request.FILES.getlist("key")[0],
+        request.FILES.getlist("key")[0].name,
+        request.FILES.dict(),
+        request.FILES.dict()["key"],
+        request.FILES.dict()["key"].name,
+
+        # Dict[str, Any]
+        request.META,
+        request.META["HTTP_USER_AGENT"],
+        request.META.get("HTTP_USER_AGENT"),
+
+        # HttpHeaders (case insensitive dict-like)
+        request.headers,
+        request.headers["user-agent"],
+        request.headers["USER_AGENT"],
+
+        # django.urls.ResolverMatch
+        request.resolver_match,
+        request.resolver_match.args,
+        request.resolver_match.args[0],
+        request.resolver_match.kwargs,
+        request.resolver_match.kwargs["key"],
+
+        request.get_full_path(),
+        request.get_full_path_info(),
+        # build_absolute_uri handled below
+        # get_signed_cookie handled below
+
+        request.read(),
+        request.readline(),
+        request.readlines(),
+        request.readlines()[0],
+        [line for line in request],
+    )
+
+    # django.urls.ResolverMatch also supports iterable unpacking
+    _view, args, kwargs = request.resolver_match
+    ensure_tainted(
+        args,
+        args[0],
+        kwargs,
+        kwargs["key"],
+    )
+
+    ensure_not_tainted(
+        request.current_app,
+
+        # Django has `ALLOWED_HOSTS` to ensure the HOST value cannot be tampered with.
+        # It is possible to remove this protection, but it seems reasonable to assume
+        # people don"t do this by default.
+        request.get_host(),
+        request.get_port(),
+    )
+
+    ####################################
+    # build_absolute_uri
+    ####################################
+    ensure_tainted(
+        request.build_absolute_uri(),
+        request.build_absolute_uri(request.GET["key"]),
+        request.build_absolute_uri(location=request.GET["key"]),
+    )
+    ensure_not_tainted(
+        request.build_absolute_uri("/hardcoded/"),
+        request.build_absolute_uri("https://example.com"),
+    )
+
+    ####################################
+    # get_signed_cookie
+    ####################################
+    # We don't consider user to be able to tamper with cookies that are signed
+    ensure_not_tainted(
+        request.get_signed_cookie("key"),
+        request.get_signed_cookie("key", salt="salt"),
+        request.get_signed_cookie("key", max_age=60),
+    )
+    # However, providing tainted default value might result in taint
+    ensure_tainted(
+        request.get_signed_cookie("key", request.COOKIES["key"]),
+        request.get_signed_cookie("key", default=request.COOKIES["key"]),
+    )
+
+
+# fake setup, you can't actually run this
+urlpatterns = [
+    path("test-taint/<foo>/<bar>", test_taint),  # $routeSetup="test-taint/<foo>/<bar>"
+]

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/testapp/admin.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/testapp/apps.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class TestappConfig(AppConfig):
+    name = 'testapp'

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/testapp/models.py

@@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/testapp/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/testapp/urls.py

@@ -0,0 +1,11 @@
+from django.urls import path, re_path
+
+from . import views
+
+urlpatterns = [
+    path("foo/", views.foo),  # $routeSetup="foo/"
+    # TODO: Doesn't include standard `$` to mark end of string, due to problems with
+    # inline expectation tests (which thinks the `$` would mark the beginning of a new
+    # line)
+    re_path(r"^ba[rz]/", views.bar_baz),  # $routeSetup="^ba[rz]/"
+]

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/testapp/views.py

@@ -0,0 +1,7 @@
+from django.http import HttpRequest, HttpResponse
+
+def foo(request: HttpRequest):  # $routeHandler
+    return HttpResponse("foo")
+
+def bar_baz(request: HttpRequest):  # $routeHandler
+    return HttpResponse("bar_baz")

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/testproj/asgi.py

@@ -0,0 +1,16 @@
+"""
+ASGI config for testproj project.
+
+It exposes the ASGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/3.1/howto/deployment/asgi/
+"""
+
+import os
+
+from django.core.asgi import get_asgi_application
+
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'testproj.settings')
+
+application = get_asgi_application()

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/testproj/settings.py

@@ -0,0 +1,121 @@
+"""
+Django settings for testproj project.
+
+Generated by 'django-admin startproject' using Django 3.1.2.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/3.1/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/3.1/ref/settings/
+"""
+
+from pathlib import Path
+
+# Build paths inside the project like this: BASE_DIR / 'subdir'.
+BASE_DIR = Path(__file__).resolve().parent.parent
+
+
+# Quick-start development settings - unsuitable for production
+# See https://docs.djangoproject.com/en/3.1/howto/deployment/checklist/
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = '!vwm^sd$9#=ebollrn--dd3_x8-b=aj!c@lp8x)ha8r()^51^f'
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = True
+
+ALLOWED_HOSTS = []
+
+
+# Application definition
+
+INSTALLED_APPS = [
+    'testapp.apps.TestappConfig',
+    'django.contrib.admin',
+    'django.contrib.auth',
+    'django.contrib.contenttypes',
+    'django.contrib.sessions',
+    'django.contrib.messages',
+    'django.contrib.staticfiles',
+]
+
+MIDDLEWARE = [
+    'django.middleware.security.SecurityMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+]
+
+ROOT_URLCONF = 'testproj.urls'
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [],
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                'django.template.context_processors.debug',
+                'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = 'testproj.wsgi.application'
+
+
+# Database
+# https://docs.djangoproject.com/en/3.1/ref/settings/#databases
+
+# DATABASES = {
+#     'default': {
+#         'ENGINE': 'django.db.backends.sqlite3',
+#         'NAME': BASE_DIR / 'db.sqlite3',
+#     }
+# }
+
+
+# Password validation
+# https://docs.djangoproject.com/en/3.1/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+]
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/3.1/topics/i18n/
+
+LANGUAGE_CODE = 'en-us'
+
+TIME_ZONE = 'UTC'
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = True
+
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/3.1/howto/static-files/
+
+STATIC_URL = '/static/'

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/testproj/urls.py

@@ -0,0 +1,22 @@
+"""testproj URL Configuration
+
+The `urlpatterns` list routes URLs to views. For more information please see:
+    https://docs.djangoproject.com/en/3.1/topics/http/urls/
+Examples:
+Function views
+    1. Add an import:  from my_app import views
+    2. Add a URL to urlpatterns:  path('', views.home, name='home')
+Class-based views
+    1. Add an import:  from other_app.views import Home
+    2. Add a URL to urlpatterns:  path('', Home.as_view(), name='home')
+Including another URLconf
+    1. Import the include() function: from django.urls import include, path
+    2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
+"""
+from django.contrib import admin
+from django.urls import path, include
+
+urlpatterns = [
+    path("admin/", admin.site.urls),  # $routeSetup="admin/"
+    path("app/", include("testapp.urls")),  # $routeSetup="app/"
+]

python/ql/test/experimental/library-tests/frameworks/django-v2-v3/testproj/wsgi.py

@@ -0,0 +1,16 @@
+"""
+WSGI config for testproj project.
+
+It exposes the WSGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/3.1/howto/deployment/wsgi/
+"""
+
+import os
+
+from django.core.wsgi import get_wsgi_application
+
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'testproj.settings')
+
+application = get_wsgi_application()

python/ql/test/experimental/library-tests/frameworks/fabric/ConceptsTest.ql

@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest

python/ql/test/experimental/library-tests/frameworks/fabric/TestTaint.expected

@@ -0,0 +1,10 @@
+| fabric_v1_execute.py:7 | fail | unsafe | cmd |
+| fabric_v1_execute.py:7 | fail | unsafe | cmd2 |
+| fabric_v1_execute.py:8 | ok   | unsafe | safe_arg |
+| fabric_v1_execute.py:8 | ok   | unsafe | safe_optional |
+| fabric_v1_execute.py:14 | fail | unsafe | cmd |
+| fabric_v1_execute.py:14 | fail | unsafe | cmd2 |
+| fabric_v1_execute.py:15 | ok   | unsafe | safe_arg |
+| fabric_v1_execute.py:15 | ok   | unsafe | safe_optional |
+| fabric_v1_execute.py:21 | ok   | some_http_handler | cmd |
+| fabric_v1_execute.py:21 | ok   | some_http_handler | cmd2 |

python/ql/test/experimental/library-tests/frameworks/fabric/TestTaint.ql

@@ -0,0 +1 @@
+import experimental.dataflow.tainttracking.TestTaintLib

python/ql/test/experimental/library-tests/frameworks/fabric/fabric_v1_execute.py

@@ -0,0 +1,26 @@
+"""Test that shows fabric.api.execute propagates taint"""
+
+from fabric.api import run, execute
+
+
+def unsafe(cmd, safe_arg, cmd2=None, safe_optional=5):
+    ensure_tainted(cmd, cmd2)
+    ensure_not_tainted(safe_arg, safe_optional)
+
+
+class Foo(object):
+
+    def unsafe(self, cmd, safe_arg, cmd2=None, safe_optional=5):
+        ensure_tainted(cmd, cmd2)
+        ensure_not_tainted(safe_arg, safe_optional)
+
+
+def some_http_handler():
+    cmd = TAINTED_STRING
+    cmd2 = TAINTED_STRING
+    ensure_tainted(cmd, cmd2)
+
+    execute(unsafe, cmd=cmd, safe_arg='safe_arg', cmd2=cmd2)
+
+    foo = Foo()
+    execute(foo.unsafe, cmd, 'safe_arg', cmd2)

python/ql/test/experimental/library-tests/frameworks/fabric/fabric_v1_test.py

@@ -0,0 +1,14 @@
+"""tests for the 'fabric' package (v1.x)
+
+See http://docs.fabfile.org/en/1.14/tutorial.html
+"""
+
+from fabric.api import run, local, sudo
+
+local("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+run("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+sudo("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+
+local(command="cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+run(command="cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+sudo(command="cmd1; cmd2")  # $getCommand="cmd1; cmd2"

python/ql/test/experimental/library-tests/frameworks/fabric/fabric_v2_test.py

@@ -0,0 +1,64 @@
+"""tests for the 'fabric' package (v2.x)
+
+Loosely inspired by http://docs.fabfile.org/en/2.5/getting-started.html
+"""
+
+from fabric import connection, Connection, group, SerialGroup, ThreadingGroup, tasks, task
+
+
+################################################################################
+# Connection
+################################################################################
+c = Connection("web1")
+c.run("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+c.local("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+c.sudo("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+
+c.local(command="cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+c.run(command="cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+c.sudo(command="cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+
+# fully qualified usage
+c2 = connection.Connection("web2")
+c2.run("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+
+
+################################################################################
+# SerialGroup
+################################################################################
+results = SerialGroup("web1", "web2", "mac1").run("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+
+pool = SerialGroup("web1", "web2", "web3")
+pool.run("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+
+# fully qualified usage
+group.SerialGroup("web1", "web2", "mac1").run("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+
+
+################################################################################
+# ThreadingGroup
+################################################################################
+results = ThreadingGroup("web1", "web2", "mac1").run("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+
+pool = ThreadingGroup("web1", "web2", "web3")
+pool.run("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+
+# fully qualified usage
+group.ThreadingGroup("web1", "web2", "mac1").run("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+
+
+################################################################################
+# task decorator
+# using the 'fab' command-line tool
+################################################################################
+
+@task
+def foo(c):
+    # 'c' is a fabric.connection.Connection
+    c.run("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+
+# fully qualified usage
+@tasks.task
+def bar(c):
+    # 'c' is a fabric.connection.Connection
+    c.run("cmd1; cmd2")  # $getCommand="cmd1; cmd2"