hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-28 18:11:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: fix library-test compile errors and rebless after CFG migration

Browse Source 
Library-test compile fixes after the shared-CFG migration:
- PointsTo/global, PointsTo/local: use `f.getNode() = s.getValue()`
  instead of `s.getValue().getAFlowNode() = f` (the new CFG does not
  surface getAFlowNode on AST nodes).
- PointsTo/new/ImpliesDataflow: bridge new Cfg::ControlFlowNode to the
  legacy ControlFlowNodeWithPointsTo via AST identity.
- frameworks/aiohttp + frameworks/modeling-example: qualify CallNode /
  NameNode / AttrNode casts with Cfg:: now that those names live in
  the new CFG facade.

Rebless 4 expected files for toString-only differences (renamed CFG
positions like 'CFG node for foo' vs 'foo' — no semantic change):
ImpliesDataflow, EnclosingCallable, NaiveModel, ProperModel.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
yoff
2026-05-28 07:39:44 +00:00
parent b55186338e
commit 7bb9aebe97
11 changed files with 159 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/test/library-tests/PointsTo/global/Global.ql
View File

@@ -3,6 +3,6 @@ private import LegacyPointsTo
from ControlFlowNode f, PointsToContext ctx, Value obj, ControlFlowNode orig
where
exists(ExprStmt s | s.getValue().getAFlowNode() = f) and
exists(ExprStmt s | f.getNode() = s.getValue()) and
PointsTo::pointsTo(f, ctx, obj, orig)
select ctx, f, obj.toString(), orig

2
python/ql/test/library-tests/PointsTo/local/LocalPointsTo.ql
View File

@@ -4,6 +4,6 @@ import semmle.python.objects.ObjectInternal
from ControlFlowNode f, ObjectInternal obj, ControlFlowNode orig
where
exists(ExprStmt s | s.getValue().getAFlowNode() = f) and
exists(ExprStmt s | f.getNode() = s.getValue()) and
PointsTo::pointsTo(f, _, obj, orig)
select f, obj.toString(), orig

14
python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.expected
View File

@@ -1,7 +1,7 @@
| code/h_classes.py:3:1:3:16 | ControlFlowNode for ClassExpr | code/h_classes.py:10:1:10:9 | ControlFlowNode for type() |
| code/h_classes.py:3:1:3:16 | ControlFlowNode for ClassExpr | code/h_classes.py:15:5:15:13 | ControlFlowNode for type() |
| code/l_calls.py:12:1:12:20 | ControlFlowNode for ClassExpr | code/l_calls.py:16:16:16:18 | ControlFlowNode for cls |
| code/l_calls.py:12:1:12:20 | ControlFlowNode for ClassExpr | code/l_calls.py:24:13:24:22 | ControlFlowNode for Attribute() |
| code/l_calls.py:12:1:12:20 | ControlFlowNode for ClassExpr | code/l_calls.py:25:16:25:16 | ControlFlowNode for a |
| code/t_type.py:3:1:3:16 | ControlFlowNode for ClassExpr | code/t_type.py:6:1:6:9 | ControlFlowNode for type() |
| code/t_type.py:3:1:3:16 | ControlFlowNode for ClassExpr | code/t_type.py:13:5:13:13 | ControlFlowNode for type() |
| code/h_classes.py:3:1:3:16 | After ClassExpr | code/h_classes.py:10:1:10:9 | After type() |
| code/h_classes.py:3:1:3:16 | After ClassExpr | code/h_classes.py:15:5:15:13 | After type() |
| code/l_calls.py:12:1:12:20 | After ClassExpr | code/l_calls.py:16:16:16:18 | cls |
| code/l_calls.py:12:1:12:20 | After ClassExpr | code/l_calls.py:24:13:24:22 | After Attribute() |
| code/l_calls.py:12:1:12:20 | After ClassExpr | code/l_calls.py:25:16:25:16 | a |
| code/t_type.py:3:1:3:16 | After ClassExpr | code/t_type.py:6:1:6:9 | After type() |
| code/t_type.py:3:1:3:16 | After ClassExpr | code/t_type.py:13:5:13:13 | After type() |

6
python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.ql
View File

@@ -8,7 +8,11 @@ private import LegacyPointsTo
import semmle.python.dataflow.new.DataFlow
predicate pointsToOrigin(DataFlow::CfgNode pointer, DataFlow::CfgNode origin) {
origin.getNode() = pointer.getNode().(ControlFlowNodeWithPointsTo).pointsTo().getOrigin()
exists(ControlFlowNodeWithPointsTo legacyPointer, ControlFlowNode legacyOrigin |
legacyPointer.getNode() = pointer.getNode().getNode() and
legacyOrigin = legacyPointer.pointsTo().getOrigin() and
legacyOrigin.getNode() = origin.getNode().getNode()
)
}
module PointsToConfig implements DataFlow::ConfigSig {

1
python/ql/test/library-tests/dataflow/enclosing-callable/EnclosingCallable.expected
View File

@@ -19,7 +19,6 @@
| generator.py:1:1:1:23 | Function generator_func | generator.py:2:24:2:25 | xs |
| generator.py:2:12:2:26 | Function listcomp | generator.py:2:12:2:26 | .0 |
| generator.py:2:12:2:26 | Function listcomp | generator.py:2:12:2:26 | After .0 [empty] |
| generator.py:2:12:2:26 | Function listcomp | generator.py:2:12:2:26 | After .0 [non-empty] |
| generator.py:2:12:2:26 | Function listcomp | generator.py:2:13:2:13 | After Yield |
| generator.py:2:12:2:26 | Function listcomp | generator.py:2:13:2:13 | x |
| generator.py:2:12:2:26 | Function listcomp | generator.py:2:19:2:19 | x |

7
python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.ql
View File

@@ -1,8 +1,9 @@
import experimental.meta.InlineTaintTest
private import semmle.python.controlflow.internal.Cfg as Cfg
predicate isSafe(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) {
g.(CallNode).getFunction().(NameNode).getId() = "is_safe" and
node = g.(CallNode).getArg(_) and
predicate isSafe(DataFlow::GuardNode g, Cfg::ControlFlowNode node, boolean branch) {
g.(Cfg::CallNode).getFunction().(Cfg::NameNode).getId() = "is_safe" and
node = g.(Cfg::CallNode).getArg(_) and
branch = true
}

84
python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected
View File

@@ -1,46 +1,46 @@
edges
| test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
| test.py:29:11:29:18 | ControlFlowNode for source() | test.py:32:5:32:7 | ControlFlowNode for val | provenance | AdditionalTaintStep |
| test.py:32:5:32:7 | ControlFlowNode for val | test.py:33:10:33:12 | ControlFlowNode for val | provenance | |
| test.py:40:5:40:7 | ControlFlowNode for val | test.py:41:10:41:12 | ControlFlowNode for val | provenance | |
| test.py:40:11:40:25 | ControlFlowNode for Attribute() | test.py:40:5:40:7 | ControlFlowNode for val | provenance | |
| test.py:45:11:45:18 | ControlFlowNode for source() | test.py:40:11:40:25 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
| test.py:53:5:53:7 | ControlFlowNode for val | test.py:54:10:54:12 | ControlFlowNode for val | provenance | |
| test.py:53:11:53:25 | ControlFlowNode for Attribute() | test.py:53:5:53:7 | ControlFlowNode for val | provenance | |
| test.py:70:11:70:18 | ControlFlowNode for source() | test.py:53:11:53:25 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
| test.py:78:5:78:7 | ControlFlowNode for val | test.py:79:10:79:12 | ControlFlowNode for val | provenance | |
| test.py:78:11:78:14 | ControlFlowNode for bm() | test.py:78:5:78:7 | ControlFlowNode for val | provenance | |
| test.py:83:11:83:18 | ControlFlowNode for source() | test.py:78:11:78:14 | ControlFlowNode for bm() | provenance | AdditionalTaintStep |
| test.py:90:5:90:7 | ControlFlowNode for val | test.py:91:10:91:12 | ControlFlowNode for val | provenance | |
| test.py:90:11:90:14 | ControlFlowNode for bm() | test.py:90:5:90:7 | ControlFlowNode for val | provenance | |
| test.py:107:11:107:18 | ControlFlowNode for source() | test.py:90:11:90:14 | ControlFlowNode for bm() | provenance | AdditionalTaintStep |
| test.py:21:11:21:18 | After source() | test.py:22:10:22:24 | After Attribute() | provenance | AdditionalTaintStep |
| test.py:29:11:29:18 | After source() | test.py:32:5:32:7 | val | provenance | AdditionalTaintStep |
| test.py:32:5:32:7 | val | test.py:33:10:33:12 | val | provenance | |
| test.py:40:5:40:7 | val | test.py:41:10:41:12 | val | provenance | |
| test.py:40:11:40:25 | After Attribute() | test.py:40:5:40:7 | val | provenance | |
| test.py:45:11:45:18 | After source() | test.py:40:11:40:25 | After Attribute() | provenance | AdditionalTaintStep |
| test.py:53:5:53:7 | val | test.py:54:10:54:12 | val | provenance | |
| test.py:53:11:53:25 | After Attribute() | test.py:53:5:53:7 | val | provenance | |
| test.py:70:11:70:18 | After source() | test.py:53:11:53:25 | After Attribute() | provenance | AdditionalTaintStep |
| test.py:78:5:78:7 | val | test.py:79:10:79:12 | val | provenance | |
| test.py:78:11:78:14 | After bm() | test.py:78:5:78:7 | val | provenance | |
| test.py:83:11:83:18 | After source() | test.py:78:11:78:14 | After bm() | provenance | AdditionalTaintStep |
| test.py:90:5:90:7 | val | test.py:91:10:91:12 | val | provenance | |
| test.py:90:11:90:14 | After bm() | test.py:90:5:90:7 | val | provenance | |
| test.py:107:11:107:18 | After source() | test.py:90:11:90:14 | After bm() | provenance | AdditionalTaintStep |
nodes
| test.py:21:11:21:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
| test.py:22:10:22:24 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:29:11:29:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
| test.py:32:5:32:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:33:10:33:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:40:5:40:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:40:11:40:25 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:41:10:41:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:45:11:45:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
| test.py:53:5:53:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:53:11:53:25 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:54:10:54:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:70:11:70:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
| test.py:78:5:78:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:78:11:78:14 | ControlFlowNode for bm() | semmle.label | ControlFlowNode for bm() |
| test.py:79:10:79:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:83:11:83:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
| test.py:90:5:90:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:90:11:90:14 | ControlFlowNode for bm() | semmle.label | ControlFlowNode for bm() |
| test.py:91:10:91:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:107:11:107:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
| test.py:21:11:21:18 | After source() | semmle.label | After source() |
| test.py:22:10:22:24 | After Attribute() | semmle.label | After Attribute() |
| test.py:29:11:29:18 | After source() | semmle.label | After source() |
| test.py:32:5:32:7 | val | semmle.label | val |
| test.py:33:10:33:12 | val | semmle.label | val |
| test.py:40:5:40:7 | val | semmle.label | val |
| test.py:40:11:40:25 | After Attribute() | semmle.label | After Attribute() |
| test.py:41:10:41:12 | val | semmle.label | val |
| test.py:45:11:45:18 | After source() | semmle.label | After source() |
| test.py:53:5:53:7 | val | semmle.label | val |
| test.py:53:11:53:25 | After Attribute() | semmle.label | After Attribute() |
| test.py:54:10:54:12 | val | semmle.label | val |
| test.py:70:11:70:18 | After source() | semmle.label | After source() |
| test.py:78:5:78:7 | val | semmle.label | val |
| test.py:78:11:78:14 | After bm() | semmle.label | After bm() |
| test.py:79:10:79:12 | val | semmle.label | val |
| test.py:83:11:83:18 | After source() | semmle.label | After source() |
| test.py:90:5:90:7 | val | semmle.label | val |
| test.py:90:11:90:14 | After bm() | semmle.label | After bm() |
| test.py:91:10:91:12 | val | semmle.label | val |
| test.py:107:11:107:18 | After source() | semmle.label | After source() |
subpaths
#select
| test.py:22:10:22:24 | ControlFlowNode for Attribute() | test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | test flow (naive): test_simple |
| test.py:33:10:33:12 | ControlFlowNode for val | test.py:29:11:29:18 | ControlFlowNode for source() | test.py:33:10:33:12 | ControlFlowNode for val | test flow (naive): test_alias |
| test.py:41:10:41:12 | ControlFlowNode for val | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:41:10:41:12 | ControlFlowNode for val | test flow (naive): test_across_functions |
| test.py:54:10:54:12 | ControlFlowNode for val | test.py:70:11:70:18 | ControlFlowNode for source() | test.py:54:10:54:12 | ControlFlowNode for val | test flow (naive): test_deeply_nested |
| test.py:79:10:79:12 | ControlFlowNode for val | test.py:83:11:83:18 | ControlFlowNode for source() | test.py:79:10:79:12 | ControlFlowNode for val | test flow (naive): test_pass_bound_method |
| test.py:91:10:91:12 | ControlFlowNode for val | test.py:107:11:107:18 | ControlFlowNode for source() | test.py:91:10:91:12 | ControlFlowNode for val | test flow (naive): test_deeply_nested_bound_method |
| test.py:22:10:22:24 | After Attribute() | test.py:21:11:21:18 | After source() | test.py:22:10:22:24 | After Attribute() | test flow (naive): test_simple |
| test.py:33:10:33:12 | val | test.py:29:11:29:18 | After source() | test.py:33:10:33:12 | val | test flow (naive): test_alias |
| test.py:41:10:41:12 | val | test.py:45:11:45:18 | After source() | test.py:41:10:41:12 | val | test flow (naive): test_across_functions |
| test.py:54:10:54:12 | val | test.py:70:11:70:18 | After source() | test.py:54:10:54:12 | val | test flow (naive): test_deeply_nested |
| test.py:79:10:79:12 | val | test.py:83:11:83:18 | After source() | test.py:79:10:79:12 | val | test flow (naive): test_pass_bound_method |
| test.py:91:10:91:12 | val | test.py:107:11:107:18 | After source() | test.py:91:10:91:12 | val | test flow (naive): test_deeply_nested_bound_method |

3
python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.ql
View File

@@ -3,6 +3,7 @@
*/
private import python
private import semmle.python.controlflow.internal.Cfg as Cfg
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.TaintTracking
import SharedFlow::PathGraph
@@ -13,7 +14,7 @@ class MyClassGetValueAdditionalTaintStep extends TaintTracking::AdditionalTaintS
// obj -> obj.get_value()
exists(DataFlow::Node bound_method |
bound_method = myClassGetValue(nodeFrom) and
nodeTo.asCfgNode().(CallNode).getFunction() = bound_method.asCfgNode()
nodeTo.asCfgNode().(Cfg::CallNode).getFunction() = bound_method.asCfgNode()
)
}
}

180
python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected
View File

@@ -1,94 +1,94 @@
edges
| test.py:21:5:21:7 | ControlFlowNode for src | test.py:22:10:22:24 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
| test.py:21:11:21:18 | ControlFlowNode for source() | test.py:21:5:21:7 | ControlFlowNode for src | provenance | |
| test.py:29:5:29:7 | ControlFlowNode for src | test.py:30:5:30:7 | ControlFlowNode for foo | provenance | |
| test.py:29:11:29:18 | ControlFlowNode for source() | test.py:29:5:29:7 | ControlFlowNode for src | provenance | |
| test.py:30:5:30:7 | ControlFlowNode for foo | test.py:31:5:31:16 | ControlFlowNode for bound_method | provenance | AdditionalTaintStep |
| test.py:31:5:31:16 | ControlFlowNode for bound_method | test.py:32:5:32:7 | ControlFlowNode for val | provenance | AdditionalTaintStep |
| test.py:32:5:32:7 | ControlFlowNode for val | test.py:33:10:33:12 | ControlFlowNode for val | provenance | |
| test.py:39:15:39:17 | ControlFlowNode for arg | test.py:40:5:40:7 | ControlFlowNode for val | provenance | AdditionalTaintStep |
| test.py:40:5:40:7 | ControlFlowNode for val | test.py:41:10:41:12 | ControlFlowNode for val | provenance | |
| test.py:45:5:45:7 | ControlFlowNode for src | test.py:46:15:46:17 | ControlFlowNode for src | provenance | |
| test.py:45:11:45:18 | ControlFlowNode for source() | test.py:45:5:45:7 | ControlFlowNode for src | provenance | |
| test.py:46:15:46:17 | ControlFlowNode for src | test.py:39:15:39:17 | ControlFlowNode for arg | provenance | |
| test.py:52:24:52:26 | ControlFlowNode for arg | test.py:53:5:53:7 | ControlFlowNode for val | provenance | AdditionalTaintStep |
| test.py:53:5:53:7 | ControlFlowNode for val | test.py:54:10:54:12 | ControlFlowNode for val | provenance | |
| test.py:57:33:57:35 | ControlFlowNode for arg | test.py:58:24:58:26 | ControlFlowNode for arg | provenance | |
| test.py:58:24:58:26 | ControlFlowNode for arg | test.py:52:24:52:26 | ControlFlowNode for arg | provenance | |
| test.py:61:33:61:35 | ControlFlowNode for arg | test.py:62:33:62:35 | ControlFlowNode for arg | provenance | |
| test.py:62:33:62:35 | ControlFlowNode for arg | test.py:57:33:57:35 | ControlFlowNode for arg | provenance | |
| test.py:65:33:65:35 | ControlFlowNode for arg | test.py:66:33:66:35 | ControlFlowNode for arg | provenance | |
| test.py:66:33:66:35 | ControlFlowNode for arg | test.py:61:33:61:35 | ControlFlowNode for arg | provenance | |
| test.py:70:5:70:7 | ControlFlowNode for src | test.py:71:33:71:35 | ControlFlowNode for src | provenance | |
| test.py:70:11:70:18 | ControlFlowNode for source() | test.py:70:5:70:7 | ControlFlowNode for src | provenance | |
| test.py:71:33:71:35 | ControlFlowNode for src | test.py:65:33:65:35 | ControlFlowNode for arg | provenance | |
| test.py:77:23:77:24 | ControlFlowNode for bm | test.py:78:5:78:7 | ControlFlowNode for val | provenance | AdditionalTaintStep |
| test.py:78:5:78:7 | ControlFlowNode for val | test.py:79:10:79:12 | ControlFlowNode for val | provenance | |
| test.py:83:5:83:7 | ControlFlowNode for src | test.py:84:23:84:35 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| test.py:83:11:83:18 | ControlFlowNode for source() | test.py:83:5:83:7 | ControlFlowNode for src | provenance | |
| test.py:84:23:84:35 | ControlFlowNode for Attribute | test.py:77:23:77:24 | ControlFlowNode for bm | provenance | |
| test.py:89:37:89:38 | ControlFlowNode for bm | test.py:90:5:90:7 | ControlFlowNode for val | provenance | AdditionalTaintStep |
| test.py:90:5:90:7 | ControlFlowNode for val | test.py:91:10:91:12 | ControlFlowNode for val | provenance | |
| test.py:94:46:94:47 | ControlFlowNode for bm | test.py:95:37:95:38 | ControlFlowNode for bm | provenance | |
| test.py:95:37:95:38 | ControlFlowNode for bm | test.py:89:37:89:38 | ControlFlowNode for bm | provenance | |
| test.py:98:46:98:47 | ControlFlowNode for bm | test.py:99:46:99:47 | ControlFlowNode for bm | provenance | |
| test.py:99:46:99:47 | ControlFlowNode for bm | test.py:94:46:94:47 | ControlFlowNode for bm | provenance | |
| test.py:102:46:102:47 | ControlFlowNode for bm | test.py:103:46:103:47 | ControlFlowNode for bm | provenance | |
| test.py:103:46:103:47 | ControlFlowNode for bm | test.py:98:46:98:47 | ControlFlowNode for bm | provenance | |
| test.py:107:5:107:7 | ControlFlowNode for src | test.py:108:46:108:58 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| test.py:107:11:107:18 | ControlFlowNode for source() | test.py:107:5:107:7 | ControlFlowNode for src | provenance | |
| test.py:108:46:108:58 | ControlFlowNode for Attribute | test.py:102:46:102:47 | ControlFlowNode for bm | provenance | |
| test.py:21:5:21:7 | src | test.py:22:10:22:24 | After Attribute() | provenance | AdditionalTaintStep |
| test.py:21:11:21:18 | After source() | test.py:21:5:21:7 | src | provenance | |
| test.py:29:5:29:7 | src | test.py:30:5:30:7 | foo | provenance | |
| test.py:29:11:29:18 | After source() | test.py:29:5:29:7 | src | provenance | |
| test.py:30:5:30:7 | foo | test.py:31:5:31:16 | bound_method | provenance | AdditionalTaintStep |
| test.py:31:5:31:16 | bound_method | test.py:32:5:32:7 | val | provenance | AdditionalTaintStep |
| test.py:32:5:32:7 | val | test.py:33:10:33:12 | val | provenance | |
| test.py:39:15:39:17 | arg | test.py:40:5:40:7 | val | provenance | AdditionalTaintStep |
| test.py:40:5:40:7 | val | test.py:41:10:41:12 | val | provenance | |
| test.py:45:5:45:7 | src | test.py:46:15:46:17 | src | provenance | |
| test.py:45:11:45:18 | After source() | test.py:45:5:45:7 | src | provenance | |
| test.py:46:15:46:17 | src | test.py:39:15:39:17 | arg | provenance | |
| test.py:52:24:52:26 | arg | test.py:53:5:53:7 | val | provenance | AdditionalTaintStep |
| test.py:53:5:53:7 | val | test.py:54:10:54:12 | val | provenance | |
| test.py:57:33:57:35 | arg | test.py:58:24:58:26 | arg | provenance | |
| test.py:58:24:58:26 | arg | test.py:52:24:52:26 | arg | provenance | |
| test.py:61:33:61:35 | arg | test.py:62:33:62:35 | arg | provenance | |
| test.py:62:33:62:35 | arg | test.py:57:33:57:35 | arg | provenance | |
| test.py:65:33:65:35 | arg | test.py:66:33:66:35 | arg | provenance | |
| test.py:66:33:66:35 | arg | test.py:61:33:61:35 | arg | provenance | |
| test.py:70:5:70:7 | src | test.py:71:33:71:35 | src | provenance | |
| test.py:70:11:70:18 | After source() | test.py:70:5:70:7 | src | provenance | |
| test.py:71:33:71:35 | src | test.py:65:33:65:35 | arg | provenance | |
| test.py:77:23:77:24 | bm | test.py:78:5:78:7 | val | provenance | AdditionalTaintStep |
| test.py:78:5:78:7 | val | test.py:79:10:79:12 | val | provenance | |
| test.py:83:5:83:7 | src | test.py:84:23:84:35 | After Attribute | provenance | AdditionalTaintStep |
| test.py:83:11:83:18 | After source() | test.py:83:5:83:7 | src | provenance | |
| test.py:84:23:84:35 | After Attribute | test.py:77:23:77:24 | bm | provenance | |
| test.py:89:37:89:38 | bm | test.py:90:5:90:7 | val | provenance | AdditionalTaintStep |
| test.py:90:5:90:7 | val | test.py:91:10:91:12 | val | provenance | |
| test.py:94:46:94:47 | bm | test.py:95:37:95:38 | bm | provenance | |
| test.py:95:37:95:38 | bm | test.py:89:37:89:38 | bm | provenance | |
| test.py:98:46:98:47 | bm | test.py:99:46:99:47 | bm | provenance | |
| test.py:99:46:99:47 | bm | test.py:94:46:94:47 | bm | provenance | |
| test.py:102:46:102:47 | bm | test.py:103:46:103:47 | bm | provenance | |
| test.py:103:46:103:47 | bm | test.py:98:46:98:47 | bm | provenance | |
| test.py:107:5:107:7 | src | test.py:108:46:108:58 | After Attribute | provenance | AdditionalTaintStep |
| test.py:107:11:107:18 | After source() | test.py:107:5:107:7 | src | provenance | |
| test.py:108:46:108:58 | After Attribute | test.py:102:46:102:47 | bm | provenance | |
nodes
| test.py:21:5:21:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src |
| test.py:21:11:21:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
| test.py:22:10:22:24 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:29:5:29:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src |
| test.py:29:11:29:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
| test.py:30:5:30:7 | ControlFlowNode for foo | semmle.label | ControlFlowNode for foo |
| test.py:31:5:31:16 | ControlFlowNode for bound_method | semmle.label | ControlFlowNode for bound_method |
| test.py:32:5:32:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:33:10:33:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:39:15:39:17 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg |
| test.py:40:5:40:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:41:10:41:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:45:5:45:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src |
| test.py:45:11:45:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
| test.py:46:15:46:17 | ControlFlowNode for src | semmle.label | ControlFlowNode for src |
| test.py:52:24:52:26 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg |
| test.py:53:5:53:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:54:10:54:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:57:33:57:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg |
| test.py:58:24:58:26 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg |
| test.py:61:33:61:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg |
| test.py:62:33:62:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg |
| test.py:65:33:65:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg |
| test.py:66:33:66:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg |
| test.py:70:5:70:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src |
| test.py:70:11:70:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
| test.py:71:33:71:35 | ControlFlowNode for src | semmle.label | ControlFlowNode for src |
| test.py:77:23:77:24 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm |
| test.py:78:5:78:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:79:10:79:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:83:5:83:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src |
| test.py:83:11:83:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
| test.py:84:23:84:35 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| test.py:89:37:89:38 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm |
| test.py:90:5:90:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:91:10:91:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val |
| test.py:94:46:94:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm |
| test.py:95:37:95:38 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm |
| test.py:98:46:98:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm |
| test.py:99:46:99:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm |
| test.py:102:46:102:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm |
| test.py:103:46:103:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm |
| test.py:107:5:107:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src |
| test.py:107:11:107:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
| test.py:108:46:108:58 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| test.py:21:5:21:7 | src | semmle.label | src |
| test.py:21:11:21:18 | After source() | semmle.label | After source() |
| test.py:22:10:22:24 | After Attribute() | semmle.label | After Attribute() |
| test.py:29:5:29:7 | src | semmle.label | src |
| test.py:29:11:29:18 | After source() | semmle.label | After source() |
| test.py:30:5:30:7 | foo | semmle.label | foo |
| test.py:31:5:31:16 | bound_method | semmle.label | bound_method |
| test.py:32:5:32:7 | val | semmle.label | val |
| test.py:33:10:33:12 | val | semmle.label | val |
| test.py:39:15:39:17 | arg | semmle.label | arg |
| test.py:40:5:40:7 | val | semmle.label | val |
| test.py:41:10:41:12 | val | semmle.label | val |
| test.py:45:5:45:7 | src | semmle.label | src |
| test.py:45:11:45:18 | After source() | semmle.label | After source() |
| test.py:46:15:46:17 | src | semmle.label | src |
| test.py:52:24:52:26 | arg | semmle.label | arg |
| test.py:53:5:53:7 | val | semmle.label | val |
| test.py:54:10:54:12 | val | semmle.label | val |
| test.py:57:33:57:35 | arg | semmle.label | arg |
| test.py:58:24:58:26 | arg | semmle.label | arg |
| test.py:61:33:61:35 | arg | semmle.label | arg |
| test.py:62:33:62:35 | arg | semmle.label | arg |
| test.py:65:33:65:35 | arg | semmle.label | arg |
| test.py:66:33:66:35 | arg | semmle.label | arg |
| test.py:70:5:70:7 | src | semmle.label | src |
| test.py:70:11:70:18 | After source() | semmle.label | After source() |
| test.py:71:33:71:35 | src | semmle.label | src |
| test.py:77:23:77:24 | bm | semmle.label | bm |
| test.py:78:5:78:7 | val | semmle.label | val |
| test.py:79:10:79:12 | val | semmle.label | val |
| test.py:83:5:83:7 | src | semmle.label | src |
| test.py:83:11:83:18 | After source() | semmle.label | After source() |
| test.py:84:23:84:35 | After Attribute | semmle.label | After Attribute |
| test.py:89:37:89:38 | bm | semmle.label | bm |
| test.py:90:5:90:7 | val | semmle.label | val |
| test.py:91:10:91:12 | val | semmle.label | val |
| test.py:94:46:94:47 | bm | semmle.label | bm |
| test.py:95:37:95:38 | bm | semmle.label | bm |
| test.py:98:46:98:47 | bm | semmle.label | bm |
| test.py:99:46:99:47 | bm | semmle.label | bm |
| test.py:102:46:102:47 | bm | semmle.label | bm |
| test.py:103:46:103:47 | bm | semmle.label | bm |
| test.py:107:5:107:7 | src | semmle.label | src |
| test.py:107:11:107:18 | After source() | semmle.label | After source() |
| test.py:108:46:108:58 | After Attribute | semmle.label | After Attribute |
subpaths
#select
| test.py:22:10:22:24 | ControlFlowNode for Attribute() | test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | test flow (proper): test_simple |
| test.py:33:10:33:12 | ControlFlowNode for val | test.py:29:11:29:18 | ControlFlowNode for source() | test.py:33:10:33:12 | ControlFlowNode for val | test flow (proper): test_alias |
| test.py:41:10:41:12 | ControlFlowNode for val | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:41:10:41:12 | ControlFlowNode for val | test flow (proper): test_across_functions |
| test.py:54:10:54:12 | ControlFlowNode for val | test.py:70:11:70:18 | ControlFlowNode for source() | test.py:54:10:54:12 | ControlFlowNode for val | test flow (proper): test_deeply_nested |
| test.py:79:10:79:12 | ControlFlowNode for val | test.py:83:11:83:18 | ControlFlowNode for source() | test.py:79:10:79:12 | ControlFlowNode for val | test flow (proper): test_pass_bound_method |
| test.py:91:10:91:12 | ControlFlowNode for val | test.py:107:11:107:18 | ControlFlowNode for source() | test.py:91:10:91:12 | ControlFlowNode for val | test flow (proper): test_deeply_nested_bound_method |
| test.py:22:10:22:24 | After Attribute() | test.py:21:11:21:18 | After source() | test.py:22:10:22:24 | After Attribute() | test flow (proper): test_simple |
| test.py:33:10:33:12 | val | test.py:29:11:29:18 | After source() | test.py:33:10:33:12 | val | test flow (proper): test_alias |
| test.py:41:10:41:12 | val | test.py:45:11:45:18 | After source() | test.py:41:10:41:12 | val | test flow (proper): test_across_functions |
| test.py:54:10:54:12 | val | test.py:70:11:70:18 | After source() | test.py:54:10:54:12 | val | test flow (proper): test_deeply_nested |
| test.py:79:10:79:12 | val | test.py:83:11:83:18 | After source() | test.py:79:10:79:12 | val | test flow (proper): test_pass_bound_method |
| test.py:91:10:91:12 | val | test.py:107:11:107:18 | After source() | test.py:91:10:91:12 | val | test flow (proper): test_deeply_nested_bound_method |

5
python/ql/test/library-tests/frameworks/modeling-example/ProperModel.ql
View File

@@ -3,6 +3,7 @@
*/
private import python
private import semmle.python.controlflow.internal.Cfg as Cfg
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.TaintTracking
import SharedFlow::PathGraph
@@ -11,12 +12,12 @@ import SharedCode
class MyClassGetValueAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
// obj -> obj.get_value
nodeTo.asCfgNode().(AttrNode).getObject("get_value") = nodeFrom.asCfgNode() and
nodeTo.asCfgNode().(Cfg::AttrNode).getObject("get_value") = nodeFrom.asCfgNode() and
nodeTo = myClassGetValue(_)
or
// get_value -> get_value()
nodeFrom = myClassGetValue(_) and
nodeTo.asCfgNode().(CallNode).getFunction() = nodeFrom.asCfgNode()
nodeTo.asCfgNode().(Cfg::CallNode).getFunction() = nodeFrom.asCfgNode()
}
}

7
python/ql/test/library-tests/frameworks/modeling-example/SharedCode.qll
View File

@@ -1,4 +1,5 @@
private import python
private import semmle.python.controlflow.internal.Cfg as Cfg
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.TaintTracking
@@ -19,15 +20,15 @@ DataFlow::Node myClassGetValue(MyClass qualifier) {
// Config
class SourceCall extends DataFlow::Node, MyClass {
SourceCall() { this.asCfgNode().(CallNode).getFunction().(NameNode).getId() = "source" }
SourceCall() { this.asCfgNode().(Cfg::CallNode).getFunction().(Cfg::NameNode).getId() = "source" }
}
private module SharedConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof SourceCall }
predicate isSink(DataFlow::Node sink) {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "sink" and
exists(Cfg::CallNode call |
call.getFunction().(Cfg::NameNode).getId() = "sink" and
call.getArg(0) = sink.asCfgNode()
)
}