Python: Remove points-to references from python.qll

For now, these have just been made into `private` imports. After doing this, I went through all of the (now not compiling) files and added in private imports to the modules that they actually depended on. I also added an explicit import of `LegacyPointsTo` (even though it may be unnecessary) in cases where the points-to dependency was somewhat surprising (and one we want to get rid of). This was primarily inside the various SSA layers. For modules inside `semmle.python.{types, objects, pointsto}` I did not bother, as these are fairly clearly related to points-to.
2026-04-22 15:25:18 +02:00 · 2025-10-30 16:37:28 +00:00
parent 85cb3e026c
commit 78c33ab55a
43 changed files with 73 additions and 39 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll
@@ -9,6 +9,7 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.internal.ImportStar
 private import semmle.python.dataflow.new.TypeTracking
 private import semmle.python.dataflow.new.internal.DataFlowPrivate
+private import semmle.python.essa.SsaDefinitions

 /**
 * Python modules and the way imports are resolved are... complicated. Here's a crash course in how
--- a/python/ql/lib/semmle/python/dataflow/old/Configuration.qll
+++ b/python/ql/lib/semmle/python/dataflow/old/Configuration.qll
@@ -1,6 +1,6 @@
 import python
 import semmle.python.dataflow.TaintTracking
-private import semmle.python.objects.ObjectInternal
+private import LegacyPointsTo
 private import semmle.python.dataflow.Implementation

 module TaintTracking {
--- a/python/ql/lib/semmle/python/dataflow/old/Files.qll
+++ b/python/ql/lib/semmle/python/dataflow/old/Files.qll
@@ -1,4 +1,5 @@
 import python
+private import LegacyPointsTo
 import semmle.python.dataflow.TaintTracking

 class OpenFile extends TaintKind {
--- a/python/ql/lib/semmle/python/dataflow/old/Implementation.qll
+++ b/python/ql/lib/semmle/python/dataflow/old/Implementation.qll
@@ -1,7 +1,6 @@
 import python
 private import LegacyPointsTo
 import semmle.python.dataflow.TaintTracking
-private import semmle.python.objects.ObjectInternal
 private import semmle.python.pointsto.Filters as Filters
 import semmle.python.dataflow.Legacy

--- a/python/ql/lib/semmle/python/dataflow/old/StateTracking.qll
+++ b/python/ql/lib/semmle/python/dataflow/old/StateTracking.qll
@@ -9,9 +9,7 @@
 */

 import python
-private import semmle.python.pointsto.PointsTo
-private import semmle.python.pointsto.PointsToContext
-private import semmle.python.objects.ObjectInternal
+private import LegacyPointsTo

 /** A state that should be tracked. */
 abstract class TrackableState extends string {
--- a/python/ql/lib/semmle/python/dataflow/old/TaintTracking.qll
+++ b/python/ql/lib/semmle/python/dataflow/old/TaintTracking.qll
@@ -89,7 +89,6 @@
 import python
 private import LegacyPointsTo
 private import semmle.python.pointsto.Filters as Filters
-private import semmle.python.objects.ObjectInternal
 private import semmle.python.dataflow.Implementation
 import semmle.python.dataflow.Configuration