hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit of Python queries and QL libraries.

Browse Source
This commit is contained in:
Mark Shannon
2018-11-19 13:13:39 +00:00
committed by Mark Shannon
parent 90c75cd362
commit 5f58824d1b
725 changed files with 63520 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
python/ql/src/Expressions/HashedButNoHash.ql Normal file
View File

@@ -0,0 +1,59 @@
/**
* @name Unhashable object hashed
* @description Hashing an object which is not hashable will result in a TypeError at runtime.
* @kind problem
* @tags reliability
* correctness
* @problem.severity error
* @sub-severity low
* @precision very-high
* @id py/hash-unhashable-value
*/
import python
/* This assumes that any indexing operation where the value is not a sequence or numpy array involves hashing.
* For sequences, the index must be an int, which are hashable, so we don't need to treat them specially.
* For numpy arrays, the index may be a list, which are not hashable and needs to be treated specially.
*/
predicate numpy_array_type(ClassObject na) {
exists(ModuleObject np | np.getName() = "numpy" or np.getName() = "numpy.core" |
na.getAnImproperSuperType() = np.getAttribute("ndarray")
)
}
predicate has_custom_getitem(ClassObject cls) {
cls.lookupAttribute("__getitem__") instanceof PyFunctionObject
or
numpy_array_type(cls)
}
predicate explicitly_hashed(ControlFlowNode f) {
exists(CallNode c, GlobalVariable hash | c.getArg(0) = f and c.getFunction().(NameNode).uses(hash) and hash.getId() = "hash")
}
predicate unhashable_subscript(ControlFlowNode f, ClassObject c, ControlFlowNode origin) {
is_unhashable(f, c, origin) and
exists(SubscriptNode sub | sub.getIndex() = f |
exists(ClassObject custom_getitem |
sub.getObject().refersTo(_, custom_getitem, _) and
not has_custom_getitem(custom_getitem)
)
)
}
predicate is_unhashable(ControlFlowNode f, ClassObject cls, ControlFlowNode origin) {
f.refersTo(_, cls, origin) and
(not cls.hasAttribute("__hash__") and not cls.unknowableAttributes() and cls.isNewStyle()
or
cls.lookupAttribute("__hash__") = theNoneObject()
)
}
from ControlFlowNode f, ClassObject c, ControlFlowNode origin
where
explicitly_hashed(f) and is_unhashable(f, c, origin)
or
unhashable_subscript(f, c, origin)
select f.getNode(), "This $@ of $@ is unhashable.", origin, "instance", c, c.getQualifiedName()