Python: Fix too many results from DataFlow::importNode

2026-04-30 11:15:13 +02:00 · 2021-01-27 19:11:55 +01:00
parent 0d42e546a0
commit 5646af56dd
3 changed files with 8 additions and 6 deletions
--- a/python/ql/src/semmle/python/dataflow/new/internal/DataFlowUtil.qll
+++ b/python/ql/src/semmle/python/dataflow/new/internal/DataFlowUtil.qll
@@ -68,5 +68,11 @@ Node importNode(string name) {
  // Because named imports are modelled as `AttrRead`s, the statement `from foo import bar as baz`
  // is interpreted as if it was an assignment `baz = foo.bar`, which means `baz` gets tracked as a
  // reference to `foo.bar`, as desired.
-  result.asCfgNode().getNode() = any(ImportExpr i | i.getName() = name)
+  exists(ImportExpr imp_expr |
+    imp_expr.getName() = name and
+    result.asCfgNode().getNode() = imp_expr and
+    // in `import foo.bar` we DON'T want to give a result for `importNode("foo.bar")`,
+    // only for `importNode("foo")`. We exclude those cases with the following clause.
+    not exists(Import imp | imp.getAName().getValue() = imp_expr)
+  )
 }
--- a/python/ql/test/experimental/dataflow/import-helper/ImportHelper.expected
+++ b/python/ql/test/experimental/dataflow/import-helper/ImportHelper.expected
@@ -4,9 +4,7 @@
 | test2.py:1:19:1:21 | ControlFlowNode for ImportMember | mypkg.foo |
 | test2.py:1:24:1:26 | ControlFlowNode for ImportMember | mypkg.bar |
 | test3.py:1:8:1:16 | ControlFlowNode for ImportExpr | mypkg |
-| test3.py:1:8:1:16 | ControlFlowNode for ImportExpr | mypkg.foo |
 | test3.py:2:8:2:16 | ControlFlowNode for ImportExpr | mypkg |
-| test3.py:2:8:2:16 | ControlFlowNode for ImportExpr | mypkg.bar |
 | test4.py:1:8:1:16 | ControlFlowNode for ImportExpr | mypkg.foo |
 | test4.py:2:8:2:16 | ControlFlowNode for ImportExpr | mypkg.bar |
 | test5.py:1:8:1:12 | ControlFlowNode for ImportExpr | mypkg |
@@ -14,11 +12,9 @@
 | test5.py:9:19:9:29 | ControlFlowNode for ImportMember | mypkg.bar |
 | test6.py:1:8:1:12 | ControlFlowNode for ImportExpr | mypkg |
 | test6.py:5:8:5:16 | ControlFlowNode for ImportExpr | mypkg |
-| test6.py:5:8:5:16 | ControlFlowNode for ImportExpr | mypkg.foo |
 | test7.py:1:6:1:10 | ControlFlowNode for ImportExpr | mypkg |
 | test7.py:1:19:1:21 | ControlFlowNode for ImportMember | mypkg.foo |
 | test7.py:5:8:5:16 | ControlFlowNode for ImportExpr | mypkg |
-| test7.py:5:8:5:16 | ControlFlowNode for ImportExpr | mypkg.foo |
 | test7.py:9:6:9:10 | ControlFlowNode for ImportExpr | mypkg |
 | test7.py:9:19:9:21 | ControlFlowNode for ImportMember | mypkg.foo |
 | test_deep.py:1:6:1:21 | ControlFlowNode for ImportExpr | start.middle.end |
--- a/python/ql/test/experimental/dataflow/typetracking/test.py
+++ b/python/ql/test/experimental/dataflow/typetracking/test.py
@@ -108,7 +108,7 @@ class Bar(Foo):

 def test_long_import_chain():
    import foo.bar
-    foo.baz # $ SPURIOUS: tracked_foo_bar_baz
+    foo.baz
    x = foo.bar.baz # $ tracked_foo_bar_baz
    do_stuff(x) # $ tracked_foo_bar_baz