Python: Better handle calls on edge of context.

python/ql/src/semmle/python/objects/Callables.qll

@@ -156,6 +156,8 @@ class PythonFunctionObjectInternal extends CallableObjectInternal, TPythonFuncti
         function = this and offset = 0
     }
 
+    override predicate contextSensitiveCallee() { any() }
+
 }
 
 
@@ -277,6 +279,8 @@ class BuiltinFunctionObjectInternal extends CallableObjectInternal, TBuiltinFunc
         function = this and offset = 0
     }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 /** Class representing methods of built-in classes (otherwise known as method-descriptors) such as `list.append`.
@@ -367,6 +371,8 @@ class BuiltinMethodObjectInternal extends CallableObjectInternal, TBuiltinMethod
         function = this and offset = 0
     }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 /** Class representing bound-methods.
@@ -422,7 +428,6 @@ class BoundMethodObjectInternal extends CallableObjectInternal, TBoundMethod {
         result = this.getFunction().getName()
     }
 
-
     override Function getScope() { 
         result = this.getFunction().getScope()
     }
@@ -453,8 +458,9 @@ class BoundMethodObjectInternal extends CallableObjectInternal, TBoundMethod {
         function = this.getFunction() and offset = 1
     }
 
+    override predicate contextSensitiveCallee() {
+        this.getFunction().contextSensitiveCallee()
+    }
+
 }
 
-
-
-

python/ql/src/semmle/python/objects/Classes.qll

@@ -89,6 +89,9 @@ abstract class ClassObjectInternal extends ObjectInternal {
     }
 
     override predicate subscriptUnknown() { none() }
+
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 /** Class representing Python source classes */

python/ql/src/semmle/python/objects/Constants.qll

@@ -69,6 +69,8 @@ abstract class ConstantObjectInternal extends ObjectInternal {
 
     override string getName() { none() }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 private abstract class BooleanObjectInternal extends ConstantObjectInternal {

python/ql/src/semmle/python/objects/Descriptors.qll

@@ -91,6 +91,8 @@ class PropertyInternal extends ObjectInternal, TProperty {
         )
     }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 /** A class representing classmethods in Python */
@@ -176,6 +178,8 @@ class ClassMethodObjectInternal extends ObjectInternal, TClassMethod {
         result = this.getFunction().getName()
     }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 class StaticMethodObjectInternal extends ObjectInternal, TStaticMethod {
@@ -247,4 +251,6 @@ class StaticMethodObjectInternal extends ObjectInternal, TStaticMethod {
         result = this.getFunction().getName()
     }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }

python/ql/src/semmle/python/objects/Instances.qll

@@ -51,6 +51,8 @@ abstract class InstanceObject extends ObjectInternal {
 
     override string getName() { none() }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 private predicate self_variable_reaching_init_exit(EssaVariable self) {
@@ -366,6 +368,8 @@ class UnknownInstanceInternal extends TUnknownInstance, ObjectInternal {
 
     override string getName() { none() }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 private int lengthFromClass(ClassObjectInternal cls) {
@@ -472,5 +476,7 @@ class SuperInstance extends TSuperInstance, ObjectInternal {
 
     override string getName() { none() }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 

python/ql/src/semmle/python/objects/Modules.qll

@@ -52,6 +52,8 @@ abstract class ModuleObjectInternal extends ObjectInternal {
         any(PackageObjectInternal package).getInitModule() = this
     }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 /** A class representing built-in modules */
@@ -408,5 +410,7 @@ class AbsentModuleAttributeObjectInternal extends ObjectInternal, TAbsentModuleA
     /* We know what this is called, but not its innate name */
     override string getName() { none() }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 

python/ql/src/semmle/python/objects/ObjectInternal.qll

@@ -167,6 +167,8 @@ class ObjectInternal extends TObject {
      */
     abstract string getName();
 
+    abstract predicate contextSensitiveCallee();
+
 }
 
 
@@ -249,6 +251,9 @@ class BuiltinOpaqueObjectInternal extends ObjectInternal, TBuiltinOpaqueObject {
     override string getName() {
         result = this.getBuiltin().getName()
     }
+
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 
@@ -326,6 +331,8 @@ class UnknownInternal extends ObjectInternal, TUnknown {
 
     override string getName() { none() }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 class UndefinedInternal extends ObjectInternal, TUndefined {
@@ -404,6 +411,8 @@ class UndefinedInternal extends ObjectInternal, TUndefined {
 
     override string getName() { none() }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 module ObjectInternal {

python/ql/src/semmle/python/objects/Sequences.qll

@@ -32,6 +32,8 @@ abstract class SequenceObjectInternal extends ObjectInternal {
 
     override string getName() { none() }
 
+    override predicate contextSensitiveCallee() { none() }
+
 }
 
 abstract class TupleObjectInternal extends SequenceObjectInternal {

python/ql/src/semmle/python/pointsto/PointsTo.qll

@@ -839,6 +839,7 @@ module InterProceduralPointsTo {
             )
             or
             context.untrackableCall(f) and
+            func.contextSensitiveCallee() and
             value = ObjectInternal::unknown() and origin = f
             or
             exists(CfgOrigin orig |