Python: add meta-query for calls to summarized callables

2025-12-18 01:33:15 +01:00 · 2023-05-26 11:40:58 +02:00
parent 1c7f6dc32e
commit 75fd20b3b8
1 changed files with 24 additions and 0 deletions
--- a/python/ql/src/meta/analysis-quality/SummarizedCallableCallSites.ql
+++ b/python/ql/src/meta/analysis-quality/SummarizedCallableCallSites.ql
@@ -0,0 +1,24 @@
+/**
+ * @name Summarized callable call sites
+ * @description A call site for which we have a summarized callable
+ * @kind problem
+ * @problem.severity recommendation
+ * @id py/meta/summarized-callable-call-sites
+ * @tags meta
+ * @precision very-low
+ */
+
+import python
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.FlowSummary
+import meta.MetaMetrics
+
+from DataFlow::Node useSite, SummarizedCallable target, string kind
+where
+  (
+    useSite = target.getACall() and kind = "Call"
+    or
+    useSite = target.getACallback() and kind = "Callback"
+  ) and
+  not useSite.getLocation().getFile() instanceof IgnoredFile
+select useSite, kind + " to " + target