Merge pull request #13178 from yoff/python-ruby/track-through-summaries-pm

ruby/python: Shared module for typetracking through flow summaries

python/ql/test/experimental/dataflow/summaries/TestSummaries.qll

@@ -60,7 +60,7 @@ private class SummarizedCallableApplyLambda extends SummarizedCallable {
 }
 
 private class SummarizedCallableReversed extends SummarizedCallable {
-  SummarizedCallableReversed() { this = "reversed" }
+  SummarizedCallableReversed() { this = "list_reversed" }
 
   override DataFlow::CallCfgNode getACall() {
     result.getFunction().asCfgNode().(NameNode).getId() = this

python/ql/test/experimental/dataflow/summaries/summaries.py

@@ -66,3 +66,21 @@ SINK(tainted_list[0])  # $ flow="SOURCE, l:-1 -> tainted_list[0]"
 from json import loads as json_loads
 tainted_resultlist = json_loads(SOURCE)
 SINK(tainted_resultlist[0])  # $ flow="SOURCE, l:-1 -> tainted_resultlist[0]"
+
+
+# Class methods are not handled right now
+
+class MyClass:
+    @staticmethod
+    def foo(x):
+        return x
+
+    def bar(self, x):
+        return x
+
+through_staticmethod = apply_lambda(MyClass.foo, SOURCE)
+through_staticmethod  # $ MISSING: flow
+
+mc = MyClass()
+through_method = apply_lambda(mc.bar, SOURCE)
+through_method  # $ MISSING: flow