hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Rewrite access path computation

Browse Source
This commit is contained in:
Taus
2025-08-07 13:17:33 +00:00
committed by Napalys Klicius
parent 69b5853477
commit 6133f01c81
1 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
View File

@@ -574,8 +574,8 @@ predicate globalVariableNestedFieldJumpStep(Node nodeFrom, Node nodeTo) {
) and ) and
write.getAttributeName() = read.getAttributeName() and write.getAttributeName() = read.getAttributeName() and
nodeFrom = write.getValue() and nodeFrom = write.getValue() and
nodeTo = read and nodeTo = read //and
write.getEnclosingCallable() != read.getEnclosingCallable() //write.getEnclosingCallable() != read.getEnclosingCallable()
) )
} }
@@ -583,7 +583,7 @@ predicate globalVariableNestedFieldJumpStep(Node nodeFrom, Node nodeTo) {
* Maximum depth for global variable nested attribute access. * Maximum depth for global variable nested attribute access.
* Depth 0 = globalVar.foo, depth 1 = globalVar.foo.bar, depth 2 = globalVar.foo.bar.baz, etc. * Depth 0 = globalVar.foo, depth 1 = globalVar.foo.bar, depth 2 = globalVar.foo.bar.baz, etc.
*/ */
private int getMaxGlobalVariableDepth() { result = 1 } private int getMaxGlobalVariableDepth() { result = 10 }
/** /**
* Holds if `node` is an attribute access path starting from global variable `globalVar`. * Holds if `node` is an attribute access path starting from global variable `globalVar`.
@@ -592,7 +592,7 @@ private int getMaxGlobalVariableDepth() { result = 1 }
predicate globalVariableAttrPath(ModuleVariableNode globalVar, string accessPath, Node node) { predicate globalVariableAttrPath(ModuleVariableNode globalVar, string accessPath, Node node) {
exists(int depth | exists(int depth |
globalVariableAttrPathAtDepth(globalVar, accessPath, node, depth) and globalVariableAttrPathAtDepth(globalVar, accessPath, node, depth) and
depth > 0 depth >= 0
) )
} }
@@ -607,14 +607,15 @@ predicate globalVariableAttrPathAtDepth(
node in [globalVar.getARead(), globalVar.getAWrite()] and node in [globalVar.getARead(), globalVar.getAWrite()] and
accessPath = "" accessPath = ""
or or
// Recursive case: Nested attribute access (depth > 0) exists(Node obj, string attrName, string parentAccessPath, int parentDepth |
exists(AttrRef attr, Node n, string attrName, int parentDepth, string parentAccessPath | node.(AttrRead).accesses(obj, attrName)
attr.accesses(n, attrName) and or
globalVariableAttrPathAtDepth(globalVar, parentAccessPath, n, parentDepth) and exists(AttrWrite aw | aw.accesses(obj, attrName) and aw.getValue() = node)
node = attr and |
globalVariableAttrPathAtDepth(globalVar, parentAccessPath, obj, parentDepth) and
accessPath = parentAccessPath + "." + attrName and
depth = parentDepth + 1 and depth = parentDepth + 1 and
depth <= getMaxGlobalVariableDepth() and depth <= getMaxGlobalVariableDepth()
accessPath = parentAccessPath + "." + attrName
) )
} }