Python: restrict AttrRead with AttrNode.isLoad()

2026-04-27 17:55:19 +02:00 · 2022-02-02 10:46:14 +01:00
parent fb6b8eb394
commit 5774459dfb
3 changed files with 4 additions and 4 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/Attributes.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/Attributes.qll
@@ -204,6 +204,8 @@ abstract class AttrRead extends AttrRef, Node, LocalSourceNode { }
 private class AttributeReadAsAttrRead extends AttrRead, CfgNode {
  override AttrNode node;

+  AttributeReadAsAttrRead() { node.isLoad() }
+
  override Node getObject() { result.asCfgNode() = node.getObject() }

  override ExprNode getAttributeNameExpr() {
--- a/python/ql/test/experimental/attrs/AttrReads.expected
+++ b/python/ql/test/experimental/attrs/AttrReads.expected
@@ -1,4 +1,2 @@
-| test.py:6:9:6:16 | ControlFlowNode for Attribute | test.py:6:9:6:12 | ControlFlowNode for self | foo |
-| test.py:9:1:9:9 | ControlFlowNode for Attribute | test.py:9:1:9:5 | ControlFlowNode for myobj | foo |
 | test.py:10:1:10:9 | ControlFlowNode for Attribute | test.py:10:1:10:5 | ControlFlowNode for myobj | foo |
 | test.py:13:1:13:21 | ControlFlowNode for getattr() | test.py:13:9:13:13 | ControlFlowNode for myobj | foo |
--- a/python/ql/test/experimental/dataflow/typetracking/attribute_tests.py
+++ b/python/ql/test/experimental/dataflow/typetracking/attribute_tests.py
@@ -25,9 +25,9 @@ def expects_string(x): # $ str=field SPURIOUS: int=field

 def test_incompatible_types():
    x = SomeClass() # $int,str=field
-    x.field = int(5) # $int=field int SPURIOUS: str=field str
+    x.field = int(5) # $int=field int SPURIOUS: str=field
    expects_int(x) # $int=field SPURIOUS: str=field
-    x.field = str("Hello") # $str=field str SPURIOUS: int=field int
+    x.field = str("Hello") # $str=field str SPURIOUS: int=field
    expects_string(x) # $ str=field SPURIOUS: int=field

 # set in different function