hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: resolve library calls in the CFG

Browse Source 
rather than in the AST
This commit is contained in:
Rasmus Lerchedahl Petersen
2022-09-06 17:00:28 +02:00
parent e5f087518e
commit 67c3a9b2f4
2 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatchPointsTo.qll
View File

@@ -282,7 +282,7 @@ abstract class LibraryCallable extends string {
LibraryCallable() { any() }
/** Gets a call to this library callable. */
abstract Call getACall();
abstract CallNode getACall();
/** Gets a data-flow node, where this library callable is used as a call-back. */
abstract ArgumentNode getACallback();
@@ -405,7 +405,7 @@ class LibraryCallableValue extends DataFlowCallable, TLibraryCallable {
override string toString() { result = callable.toString() }
override CallNode getACall() { result.getNode() = callable.getACall() }
override CallNode getACall() { result = callable.getACall() }
/** Gets a data-flow node, where this library callable is used as a call-back. */
ArgumentNode getACallback() { result = callable.getACallback() }
@@ -639,7 +639,7 @@ class SpecialCall extends DataFlowSourceCall, TSpecialCall {
class LibraryCall extends NormalCall {
LibraryCallable callable;
LibraryCall() { call.getNode() = callable.getACall() }
LibraryCall() { call = callable.getACall() }
// TODO: Implement Python calling convention?
override Node getArg(int n) { result = TCfgNode(call.getArg(n)) }

12
python/ql/test/experimental/dataflow/summaries/TestSummaries.qll
View File

@@ -5,7 +5,7 @@ private import semmle.python.ApiGraphs
private class SummarizedCallableIdentity extends SummarizedCallable {
SummarizedCallableIdentity() { this = "identity" }
override Call getACall() { result.getFunc().(Name).getId() = this }
override CallNode getACall() { result.getFunction().(NameNode).getId() = this }
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
@@ -20,7 +20,7 @@ private class SummarizedCallableIdentity extends SummarizedCallable {
private class SummarizedCallableApplyLambda extends SummarizedCallable {
SummarizedCallableApplyLambda() { this = "apply_lambda" }
override Call getACall() { result.getFunc().(Name).getId() = this }
override CallNode getACall() { result.getFunction().(NameNode).getId() = this }
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
@@ -38,7 +38,7 @@ private class SummarizedCallableApplyLambda extends SummarizedCallable {
private class SummarizedCallableReversed extends SummarizedCallable {
SummarizedCallableReversed() { this = "reversed" }
override Call getACall() { result.getFunc().(Name).getId() = this }
override CallNode getACall() { result.getFunction().(NameNode).getId() = this }
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
@@ -52,7 +52,7 @@ private class SummarizedCallableReversed extends SummarizedCallable {
private class SummarizedCallableMap extends SummarizedCallable {
SummarizedCallableMap() { this = "map" }
override Call getACall() { result.getFunc().(Name).getId() = this }
override CallNode getACall() { result.getFunction().(NameNode).getId() = this }
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
@@ -72,8 +72,8 @@ private class SummarizedCallableMap extends SummarizedCallable {
private class SummarizedCallableJsonLoads extends SummarizedCallable {
SummarizedCallableJsonLoads() { this = "json.loads" }
override Call getACall() {
result = API::moduleImport("json").getMember("loads").getACall().asExpr()
override CallNode getACall() {
result = API::moduleImport("json").getMember("loads").getACall().getNode()
}
override DataFlow::ArgumentNode getACallback() {