Merge pull request #3300 from RasmusWL/python-pointsto-regression-open

Python: Add points-to regression for uncalled function
2025-12-20 18:56:32 +01:00 · 2020-04-23 11:50:30 +02:00
parent adf12ba2b4 1631787336
commit 54d1991a9d
5 changed files with 40 additions and 10 deletions
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.ql
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.ql
@@ -1,10 +1,10 @@
 import python

-from NameNode name, CallNode call, string debug
+from ControlFlowNode arg, CallNode call, string debug
 where
-    call.getAnArg() = name and
+    call.getAnArg() = arg and
    call.getFunction().(NameNode).getId() = "check" and
-    if exists(name.pointsTo())
-    then debug = name.pointsTo().toString()
+    if exists(arg.pointsTo())
+    then debug = arg.pointsTo().toString()
    else debug = "<MISSING pointsTo()>"
-select name, debug
+select arg, debug
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.ql
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.ql
@@ -1,10 +1,10 @@
 import python

-from NameNode name, CallNode call, string debug
+from ControlFlowNode arg, CallNode call, string debug
 where
-    call.getAnArg() = name and
+    call.getAnArg() = arg and
    call.getFunction().(NameNode).getId() = "check" and
-    if exists(name.pointsTo())
-    then debug = name.pointsTo().toString()
+    if exists(arg.pointsTo())
+    then debug = arg.pointsTo().toString()
    else debug = "<MISSING pointsTo()>"
-select name, debug
+select arg, debug
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.expected
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.expected
@@ -0,0 +1,2 @@
+| test.py:10:11:10:14 | ControlFlowNode for open | <MISSING pointsTo()> |
+| test.py:14:11:14:14 | ControlFlowNode for open | Builtin-function open |
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.ql
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.ql
@@ -0,0 +1,10 @@
+import python
+
+from ControlFlowNode arg, CallNode call, string debug
+where
+    call.getAnArg() = arg and
+    call.getFunction().(NameNode).getId() = "check" and
+    if exists(arg.pointsTo())
+    then debug = arg.pointsTo().toString()
+    else debug = "<MISSING pointsTo()>"
+select arg, debug
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/test.py
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/test.py
@@ -0,0 +1,18 @@
+# Points-to information seems to be missing if our analysis thinks the enclosing function
+# is never called. However, as illustrated by the code below, it's easy to fool our
+# analysis :(
+
+# This was inspired by a problem in real code, where our analysis doesn't have any
+# points-to information about the `open` call in
+# https://google-gruyere.appspot.com/code/gruyere.py on line 227
+
+def _func_not_called(filename, mode='rb'):
+    check(open)
+    return open(filename, mode)
+
+def _func_called(filename, mode='rb'):
+    check(open)
+    return open(filename, mode)
+
+globals()['_func_not_called']('test.txt')
+_func_called('test.txt')