Merge pull request #12590 from yoff/python/patch-uninitialized-local

Python: Patch uninitialized local query

python/ql/src/Variables/UninitializedLocal.ql

@@ -15,7 +15,9 @@ import Undefined
 import semmle.python.pointsto.PointsTo
 
 predicate uninitialized_local(NameNode use) {
-  exists(FastLocalVariable local | use.uses(local) or use.deletes(local) | not local.escapes()) and
+  exists(FastLocalVariable local | use.uses(local) or use.deletes(local) |
+    not local.escapes() and not local = any(Nonlocal nl).getAVariable()
+  ) and
   (
     any(Uninitialized uninit).taints(use) and
     PointsToInternal::reachableBlock(use.getBasicBlock(), _)

python/ql/src/change-notes/2023-03-20-uninitialized-local.md

@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Nonlocal variables are excluded from alerts.

python/ql/test/query-tests/Variables/undefined/captured.py

@@ -0,0 +1,14 @@
+#!/usr/bin/python
+
+def topLevel():
+    foo = 3
+
+    def bar():
+        nonlocal foo
+        print(foo)
+        foo = 4
+
+    bar()
+    print(foo)
+
+topLevel()