Python: Model parameter with default value as DefinitionNode

2026-04-26 09:15:12 +02:00 · 2023-07-07 11:03:07 +02:00
parent cfd2d09a61
commit 6f3cb67050
4 changed files with 17 additions and 2 deletions
--- a/python/ql/lib/semmle/python/Flow.qll
+++ b/python/ql/lib/semmle/python/Flow.qll
@@ -640,12 +640,23 @@ class DefinitionNode extends ControlFlowNode {
    exists(Assign a | list_or_tuple_nested_element(a.getATarget()).getAFlowNode() = this)
    or
    exists(For for | for.getTarget().getAFlowNode() = this)
+    or
+    exists(Parameter param | this = param.asName().getAFlowNode() and exists(param.getDefault()))
  }

  /** flow node corresponding to the value assigned for the definition corresponding to this flow node */
  ControlFlowNode getValue() {
    result = assigned_value(this.getNode()).getAFlowNode() and
-    (result.getBasicBlock().dominates(this.getBasicBlock()) or result.isImport())
+    (
+      result.getBasicBlock().dominates(this.getBasicBlock())
+      or
+      result.isImport()
+      or
+      // since the default value for a parameter is evaluated in the same basic block as
+      // the function definition, but the parameter belongs to the basic block of the function,
+      // there is no dominance relationship between the two.
+      exists(Parameter param | this = param.asName().getAFlowNode())
+    )
  }
 }

@@ -795,6 +806,8 @@ private AstNode assigned_value(Expr lhs) {
  or
  /* for lhs in seq: => `result` is the `for` node, representing the `iter(next(seq))` operation. */
  result.(For).getTarget() = lhs
+  or
+  exists(Parameter param | lhs = param.asName() and result = param.getDefault())
 }

 predicate nested_sequence_assign(
--- a/python/ql/test/experimental/dataflow/typetracking/test.py
+++ b/python/ql/test/experimental/dataflow/typetracking/test.py
@@ -71,7 +71,7 @@ def from_parameter_default():
    def outer(x=tracked): # $tracked
        print(x) # $tracked
        def inner():
-            print(x) # $ MISSING: tracked
+            print(x) # $ tracked
            print(x_alias) # $tracked
        return x # $tracked
    also_x = outer() # $tracked
--- a/python/ql/test/library-tests/variables/definitions/definition-values.expected
+++ b/python/ql/test/library-tests/variables/definitions/definition-values.expected
@@ -1,3 +1,4 @@
 | test.py:3:5:3:9 | ControlFlowNode for fail5 | test.py:3:1:3:13 | ControlFlowNode for FunctionExpr |
 | test.py:4:5:4:8 | ControlFlowNode for Tuple | test.py:4:12:4:12 | ControlFlowNode for t |
 | test.py:7:5:7:26 | ControlFlowNode for default_value_in_param | test.py:7:1:7:33 | ControlFlowNode for FunctionExpr |
+| test.py:7:28:7:28 | ControlFlowNode for x | test.py:7:30:7:31 | ControlFlowNode for IntegerLiteral |
--- a/python/ql/test/library-tests/variables/definitions/test.expected
+++ b/python/ql/test/library-tests/variables/definitions/test.expected
@@ -3,3 +3,4 @@
 | 4 | 5 | ControlFlowNode for x |
 | 4 | 8 | ControlFlowNode for y |
 | 7 | 5 | ControlFlowNode for default_value_in_param |
+| 7 | 28 | ControlFlowNode for x |