hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Test that pointsTo implies data flow

Browse Source 
Running the test on a larger database gives some interesting results.
This commit is contained in:
Rasmus Lerchedahl Petersen
2020-09-01 11:56:22 +02:00
parent 4e963a8a8e
commit 6d23d7fa0e
2 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
python/ql/test/experimental/dataflow/regression/pointsto.expected Normal file
View File

@@ -0,0 +1,13 @@
| test.py:16:9:16:14 | ControlFlowNode for source | test.py:9:1:9:13 | ControlFlowNode for FunctionExpr |
| test.py:21:5:21:8 | ControlFlowNode for sink | test.py:12:1:12:14 | ControlFlowNode for FunctionExpr |
| test.py:24:9:24:14 | ControlFlowNode for source | test.py:9:1:9:13 | ControlFlowNode for FunctionExpr |
| test.py:25:5:25:8 | ControlFlowNode for sink | test.py:12:1:12:14 | ControlFlowNode for FunctionExpr |
| test.py:44:12:44:17 | ControlFlowNode for source | test.py:9:1:9:13 | ControlFlowNode for FunctionExpr |
| test.py:47:5:47:8 | ControlFlowNode for sink | test.py:12:1:12:14 | ControlFlowNode for FunctionExpr |
| test.py:51:9:51:12 | ControlFlowNode for sink | test.py:12:1:12:14 | ControlFlowNode for FunctionExpr |
| test.py:54:9:54:15 | ControlFlowNode for source2 | test.py:43:1:43:17 | ControlFlowNode for FunctionExpr |
| test.py:55:5:55:9 | ControlFlowNode for sink2 | test.py:46:1:46:15 | ControlFlowNode for FunctionExpr |
| test.py:63:5:63:9 | ControlFlowNode for sink3 | test.py:49:1:49:21 | ControlFlowNode for FunctionExpr |
| test.py:70:5:70:9 | ControlFlowNode for sink3 | test.py:49:1:49:21 | ControlFlowNode for FunctionExpr |
| test.py:77:9:77:11 | ControlFlowNode for hub | test.py:72:1:72:13 | ControlFlowNode for FunctionExpr |
| test.py:82:9:82:11 | ControlFlowNode for hub | test.py:72:1:72:13 | ControlFlowNode for FunctionExpr |

28
python/ql/test/experimental/dataflow/regression/pointsto.ql Normal file
View File

@@ -0,0 +1,28 @@
private import python
import experimental.dataflow.DataFlow
predicate pointsToOrigin(DataFlow::DataFlowCfgNode pointer, DataFlow::DataFlowCfgNode pointed) {
pointed = pointer.pointsTo().getOrigin()
}
class PointsToConfiguration extends DataFlow::Configuration {
PointsToConfiguration() { this = "PointsToConfiguration" }
override predicate isSource(DataFlow::Node node) { pointsToOrigin(_, node.asCfgNode()) }
override predicate isSink(DataFlow::Node node) { pointsToOrigin(node.asCfgNode(), _) }
}
predicate hasFlow(ControlFlowNode pointed, ControlFlowNode pointer) {
exists(PointsToConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink |
source.getNode().asCfgNode() = pointed and
sink.getNode().asCfgNode() = pointer and
config.hasFlowPath(source, sink)
)
}
from DataFlow::DataFlowCfgNode pointer, DataFlow::DataFlowCfgNode pointed
where
pointsToOrigin(pointer, pointed) and
not hasFlow(pointed, pointer)
select pointer, pointed