Python: Remove dependence on Builtins from attribute module

The `Builtins` module is deeply entwined with points-to, so it would be nice to not have this dependence. Happily, the only thing we used `Builtin` for was to get the names of known builtins, and for this we already maintain such a set of names in `dataflow.new.internal.Builtins`.
2025-12-16 16:53:25 +01:00 · 2025-10-31 16:16:22 +00:00
parent 9dc774aaa3
commit 5b47fcbfa4
1 changed files with 8 additions and 3 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/Attributes.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/Attributes.qll
@@ -1,9 +1,10 @@
 /** This module provides an API for attribute reads and writes. */

+private import python
 import DataFlowUtil
 import DataFlowPublic
 private import DataFlowPrivate
-private import semmle.python.types.Builtins
+private import semmle.python.dataflow.new.internal.Builtins

 /**
 * A data flow node that reads or writes an attribute of an object.
@@ -134,8 +135,12 @@ private class BuiltInCallNode extends CallNode {

  BuiltInCallNode() {
    // TODO disallow instances where the name of the built-in may refer to an in-scope variable of that name.
-    exists(NameNode id | this.getFunction() = id and id.getId() = name and id.isGlobal()) and
-    name = any(Builtin b).getName()
+    exists(NameNode id |
+      name = Builtins::getBuiltinName() and
+      this.getFunction() = id and
+      id.getId() = name and
+      id.isGlobal()
+    )
  }

  /** Gets the name of the built-in function that is called at this `CallNode` */