diff --git a/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.ql b/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.ql index dd894ad5cea..c9e7d4caf3e 100644 --- a/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.ql +++ b/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.ql @@ -1,10 +1,10 @@ import python -from NameNode name, CallNode call, string debug +from ControlFlowNode arg, CallNode call, string debug where - call.getAnArg() = name and + call.getAnArg() = arg and call.getFunction().(NameNode).getId() = "check" and - if exists(name.pointsTo()) - then debug = name.pointsTo().toString() + if exists(arg.pointsTo()) + then debug = arg.pointsTo().toString() else debug = "" -select name, debug +select arg, debug diff --git a/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.ql b/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.ql index dd894ad5cea..c9e7d4caf3e 100644 --- a/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.ql +++ b/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.ql @@ -1,10 +1,10 @@ import python -from NameNode name, CallNode call, string debug +from ControlFlowNode arg, CallNode call, string debug where - call.getAnArg() = name and + call.getAnArg() = arg and call.getFunction().(NameNode).getId() = "check" and - if exists(name.pointsTo()) - then debug = name.pointsTo().toString() + if exists(arg.pointsTo()) + then debug = arg.pointsTo().toString() else debug = "" -select name, debug +select arg, debug diff --git a/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.expected b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.expected new file mode 100644 index 00000000000..d780fa840e9 --- /dev/null +++ b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.expected @@ -0,0 +1,2 @@ +| test.py:10:11:10:14 | ControlFlowNode for open | | +| test.py:14:11:14:14 | ControlFlowNode for open | Builtin-function open | diff --git a/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.ql b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.ql new file mode 100644 index 00000000000..c9e7d4caf3e --- /dev/null +++ b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.ql @@ -0,0 +1,10 @@ +import python + +from ControlFlowNode arg, CallNode call, string debug +where + call.getAnArg() = arg and + call.getFunction().(NameNode).getId() = "check" and + if exists(arg.pointsTo()) + then debug = arg.pointsTo().toString() + else debug = "" +select arg, debug diff --git a/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/test.py b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/test.py new file mode 100644 index 00000000000..4998326af0b --- /dev/null +++ b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/test.py @@ -0,0 +1,18 @@ +# Points-to information seems to be missing if our analysis thinks the enclosing function +# is never called. However, as illustrated by the code below, it's easy to fool our +# analysis :( + +# This was inspired by a problem in real code, where our analysis doesn't have any +# points-to information about the `open` call in +# https://google-gruyere.appspot.com/code/gruyere.py on line 227 + +def _func_not_called(filename, mode='rb'): + check(open) + return open(filename, mode) + +def _func_called(filename, mode='rb'): + check(open) + return open(filename, mode) + +globals()['_func_not_called']('test.txt') +_func_called('test.txt')