hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix bug in multi_assignment_points_to.

Browse Source 
This turned out to be a fairly simple but easy to make bug. When we want to
figure out the value pointed-to in a multi-assignment, we look at the left hand
side to see what value from the right hand side we should assign. Unfortunately,
we accidentally attempted to look up this information in the _left hand side_ of
the assignment, resulting in no points-to information at all. The only thing
needed to fix this was to properly link up the left and right hand sides: using
the left hand side to figure out what index to look at, and then looking up the
points-to information for the corresponding place in the right hand side.
This commit is contained in:
Taus Brock-Nannestad
2020-02-26 16:11:43 +01:00
parent abbc9293db
commit 5c3109a324
6 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/src/semmle/python/pointsto/PointsTo.qll
View File

@@ -508,8 +508,9 @@ cached module PointsToInternal {
pragma [noinline]
private predicate multi_assignment_points_to(MultiAssignmentDefinition def, PointsToContext context, ObjectInternal value, ControlFlowNode origin) {
exists(int index, ControlFlowNode rhs, SequenceObjectInternal sequence |
def.indexOf(index, rhs) and
exists(int index, ControlFlowNode lhs, ControlFlowNode rhs, SequenceObjectInternal sequence |
def.indexOf(index, lhs) and
lhs.(DefinitionNode).getValue() = rhs and
sequence_index_points_to(rhs, context, sequence, value, index) and
origin = def.getDefiningNode()
)

3
python/ql/test/library-tests/PointsTo/new/PointsToUnknown.expected
View File

@@ -8,6 +8,9 @@
| a_simple.py:40 | ControlFlowNode for a | 38 |
| a_simple.py:40 | ControlFlowNode for b | 38 |
| a_simple.py:40 | ControlFlowNode for c | 38 |
| a_simple.py:46 | ControlFlowNode for x | 42 |
| a_simple.py:47 | ControlFlowNode for y | 42 |
| a_simple.py:48 | ControlFlowNode for z | 42 |
| a_simple.py:49 | ControlFlowNode for a | 38 |
| a_simple.py:49 | ControlFlowNode for b | 38 |
| a_simple.py:49 | ControlFlowNode for c | 38 |

5
python/ql/test/library-tests/PointsTo/new/PointsToWithContext.expected
View File

@@ -56,6 +56,11 @@ WARNING: Predicate points_to has been deprecated and may be removed in future (P
| a_simple.py:41 | ControlFlowNode for t | Tuple | builtin-class tuple | 39 | runtime |
| a_simple.py:42 | ControlFlowNode for Tuple | Tuple | builtin-class tuple | 40 | runtime |
| a_simple.py:42 | ControlFlowNode for w | Tuple | builtin-class tuple | 40 | runtime |
| a_simple.py:43 | ControlFlowNode for p | int 1 | builtin-class int | 41 | runtime |
| a_simple.py:44 | ControlFlowNode for q | int 2 | builtin-class int | 41 | runtime |
| a_simple.py:45 | ControlFlowNode for r | int 3 | builtin-class int | 41 | runtime |
| a_simple.py:47 | ControlFlowNode for y | 'b' | builtin-class str | 42 | runtime |
| a_simple.py:48 | ControlFlowNode for z | 'c' | builtin-class str | 42 | runtime |
| a_simple.py:49 | ControlFlowNode for Tuple | Tuple | builtin-class tuple | 49 | runtime |
| a_simple.py:49 | ControlFlowNode for b | 'b' | builtin-class str | 38 | runtime |
| a_simple.py:49 | ControlFlowNode for c | 'c' | builtin-class str | 38 | runtime |

5
python/ql/test/library-tests/PointsTo/new/PointsToWithType.expected
View File

@@ -56,6 +56,11 @@ WARNING: Predicate points_to has been deprecated and may be removed in future (P
| a_simple.py:41 | ControlFlowNode for t | Tuple | builtin-class tuple | 39 |
| a_simple.py:42 | ControlFlowNode for Tuple | Tuple | builtin-class tuple | 40 |
| a_simple.py:42 | ControlFlowNode for w | Tuple | builtin-class tuple | 40 |
| a_simple.py:43 | ControlFlowNode for p | int 1 | builtin-class int | 41 |
| a_simple.py:44 | ControlFlowNode for q | int 2 | builtin-class int | 41 |
| a_simple.py:45 | ControlFlowNode for r | int 3 | builtin-class int | 41 |
| a_simple.py:47 | ControlFlowNode for y | 'b' | builtin-class str | 42 |
| a_simple.py:48 | ControlFlowNode for z | 'c' | builtin-class str | 42 |
| a_simple.py:49 | ControlFlowNode for Tuple | Tuple | builtin-class tuple | 49 |
| a_simple.py:49 | ControlFlowNode for b | 'b' | builtin-class str | 38 |
| a_simple.py:49 | ControlFlowNode for c | 'c' | builtin-class str | 38 |

5
python/ql/test/library-tests/PointsTo/new/SSA.expected
View File

@@ -31,6 +31,11 @@ WARNING: Predicate ssa_variable_points_to has been deprecated and may be removed
| a_simple.py:38 | multi_assign_and_packing_0 = FunctionExpr | Function multi_assign_and_packing | builtin-class function |
| a_simple.py:39 | t_0 = Tuple | Tuple | builtin-class tuple |
| a_simple.py:40 | w_0 = Tuple | Tuple | builtin-class tuple |
| a_simple.py:41 | p_0 = t[0] | int 1 | builtin-class int |
| a_simple.py:41 | q_0 = t[1] | int 2 | builtin-class int |
| a_simple.py:41 | r_0 = t[2] | int 3 | builtin-class int |
| a_simple.py:42 | y_0 = w[1] | 'b' | builtin-class str |
| a_simple.py:42 | z_0 = w[2] | 'c' | builtin-class str |
| a_simple.py:49 | h_0 = b | 'b' | builtin-class str |
| a_simple.py:49 | i_0 = c | 'c' | builtin-class str |
| b_condition.py:0 | __name___0 = ScopeEntryDefinition | 'code.b_condition' | builtin-class str |

5
python/ql/test/library-tests/PointsTo/new/Values.expected
View File

@@ -41,6 +41,11 @@
| a_simple.py:42 | ControlFlowNode for w | runtime | (Unknown value, 'b', Unknown value, ) | builtin-class tuple |
| a_simple.py:42 | ControlFlowNode for w | runtime | (Unknown value, Unknown value, 'c', ) | builtin-class tuple |
| a_simple.py:42 | ControlFlowNode for w | runtime | (Unknown value, Unknown value, Unknown value, ) | builtin-class tuple |
| a_simple.py:43 | ControlFlowNode for p | runtime | int 1 | builtin-class int |
| a_simple.py:44 | ControlFlowNode for q | runtime | int 2 | builtin-class int |
| a_simple.py:45 | ControlFlowNode for r | runtime | int 3 | builtin-class int |
| a_simple.py:47 | ControlFlowNode for y | runtime | 'b' | builtin-class str |
| a_simple.py:48 | ControlFlowNode for z | runtime | 'c' | builtin-class str |
| a_simple.py:49 | ControlFlowNode for Tuple | runtime | (Unknown value, 'b', 'c', ) | builtin-class tuple |
| a_simple.py:49 | ControlFlowNode for Tuple | runtime | (Unknown value, 'b', Unknown value, ) | builtin-class tuple |
| a_simple.py:49 | ControlFlowNode for Tuple | runtime | (Unknown value, Unknown value, 'c', ) | builtin-class tuple |