From 7bb9aebe97f4d299d712ce2e7c07a15229bc81ae Mon Sep 17 00:00:00 2001 From: yoff Date: Thu, 28 May 2026 07:39:44 +0000 Subject: [PATCH] Python: fix library-test compile errors and rebless after CFG migration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Library-test compile fixes after the shared-CFG migration: - PointsTo/global, PointsTo/local: use `f.getNode() = s.getValue()` instead of `s.getValue().getAFlowNode() = f` (the new CFG does not surface getAFlowNode on AST nodes). - PointsTo/new/ImpliesDataflow: bridge new Cfg::ControlFlowNode to the legacy ControlFlowNodeWithPointsTo via AST identity. - frameworks/aiohttp + frameworks/modeling-example: qualify CallNode / NameNode / AttrNode casts with Cfg:: now that those names live in the new CFG facade. Rebless 4 expected files for toString-only differences (renamed CFG positions like 'CFG node for foo' vs 'foo' — no semantic change): ImpliesDataflow, EnclosingCallable, NaiveModel, ProperModel. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../library-tests/PointsTo/global/Global.ql | 2 +- .../PointsTo/local/LocalPointsTo.ql | 2 +- .../PointsTo/new/ImpliesDataflow.expected | 14 +- .../PointsTo/new/ImpliesDataflow.ql | 6 +- .../EnclosingCallable.expected | 1 - .../frameworks/aiohttp/InlineTaintTest.ql | 7 +- .../modeling-example/NaiveModel.expected | 84 ++++---- .../frameworks/modeling-example/NaiveModel.ql | 3 +- .../modeling-example/ProperModel.expected | 180 +++++++++--------- .../modeling-example/ProperModel.ql | 5 +- .../modeling-example/SharedCode.qll | 7 +- 11 files changed, 159 insertions(+), 152 deletions(-) diff --git a/python/ql/test/library-tests/PointsTo/global/Global.ql b/python/ql/test/library-tests/PointsTo/global/Global.ql index 4dc6d16d379..9887b79fbfc 100644 --- a/python/ql/test/library-tests/PointsTo/global/Global.ql +++ b/python/ql/test/library-tests/PointsTo/global/Global.ql @@ -3,6 +3,6 @@ private import LegacyPointsTo from ControlFlowNode f, PointsToContext ctx, Value obj, ControlFlowNode orig where - exists(ExprStmt s | s.getValue().getAFlowNode() = f) and + exists(ExprStmt s | f.getNode() = s.getValue()) and PointsTo::pointsTo(f, ctx, obj, orig) select ctx, f, obj.toString(), orig diff --git a/python/ql/test/library-tests/PointsTo/local/LocalPointsTo.ql b/python/ql/test/library-tests/PointsTo/local/LocalPointsTo.ql index c81bd0ed3de..ecf67aa7b33 100644 --- a/python/ql/test/library-tests/PointsTo/local/LocalPointsTo.ql +++ b/python/ql/test/library-tests/PointsTo/local/LocalPointsTo.ql @@ -4,6 +4,6 @@ import semmle.python.objects.ObjectInternal from ControlFlowNode f, ObjectInternal obj, ControlFlowNode orig where - exists(ExprStmt s | s.getValue().getAFlowNode() = f) and + exists(ExprStmt s | f.getNode() = s.getValue()) and PointsTo::pointsTo(f, _, obj, orig) select f, obj.toString(), orig diff --git a/python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.expected b/python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.expected index 96663031d9a..e6fc40a7151 100644 --- a/python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.expected +++ b/python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.expected @@ -1,7 +1,7 @@ -| code/h_classes.py:3:1:3:16 | ControlFlowNode for ClassExpr | code/h_classes.py:10:1:10:9 | ControlFlowNode for type() | -| code/h_classes.py:3:1:3:16 | ControlFlowNode for ClassExpr | code/h_classes.py:15:5:15:13 | ControlFlowNode for type() | -| code/l_calls.py:12:1:12:20 | ControlFlowNode for ClassExpr | code/l_calls.py:16:16:16:18 | ControlFlowNode for cls | -| code/l_calls.py:12:1:12:20 | ControlFlowNode for ClassExpr | code/l_calls.py:24:13:24:22 | ControlFlowNode for Attribute() | -| code/l_calls.py:12:1:12:20 | ControlFlowNode for ClassExpr | code/l_calls.py:25:16:25:16 | ControlFlowNode for a | -| code/t_type.py:3:1:3:16 | ControlFlowNode for ClassExpr | code/t_type.py:6:1:6:9 | ControlFlowNode for type() | -| code/t_type.py:3:1:3:16 | ControlFlowNode for ClassExpr | code/t_type.py:13:5:13:13 | ControlFlowNode for type() | +| code/h_classes.py:3:1:3:16 | After ClassExpr | code/h_classes.py:10:1:10:9 | After type() | +| code/h_classes.py:3:1:3:16 | After ClassExpr | code/h_classes.py:15:5:15:13 | After type() | +| code/l_calls.py:12:1:12:20 | After ClassExpr | code/l_calls.py:16:16:16:18 | cls | +| code/l_calls.py:12:1:12:20 | After ClassExpr | code/l_calls.py:24:13:24:22 | After Attribute() | +| code/l_calls.py:12:1:12:20 | After ClassExpr | code/l_calls.py:25:16:25:16 | a | +| code/t_type.py:3:1:3:16 | After ClassExpr | code/t_type.py:6:1:6:9 | After type() | +| code/t_type.py:3:1:3:16 | After ClassExpr | code/t_type.py:13:5:13:13 | After type() | diff --git a/python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.ql b/python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.ql index da4b46595e6..ebe0071a580 100644 --- a/python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.ql +++ b/python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.ql @@ -8,7 +8,11 @@ private import LegacyPointsTo import semmle.python.dataflow.new.DataFlow predicate pointsToOrigin(DataFlow::CfgNode pointer, DataFlow::CfgNode origin) { - origin.getNode() = pointer.getNode().(ControlFlowNodeWithPointsTo).pointsTo().getOrigin() + exists(ControlFlowNodeWithPointsTo legacyPointer, ControlFlowNode legacyOrigin | + legacyPointer.getNode() = pointer.getNode().getNode() and + legacyOrigin = legacyPointer.pointsTo().getOrigin() and + legacyOrigin.getNode() = origin.getNode().getNode() + ) } module PointsToConfig implements DataFlow::ConfigSig { diff --git a/python/ql/test/library-tests/dataflow/enclosing-callable/EnclosingCallable.expected b/python/ql/test/library-tests/dataflow/enclosing-callable/EnclosingCallable.expected index f5e64f97b21..58bcf1bb44e 100644 --- a/python/ql/test/library-tests/dataflow/enclosing-callable/EnclosingCallable.expected +++ b/python/ql/test/library-tests/dataflow/enclosing-callable/EnclosingCallable.expected @@ -19,7 +19,6 @@ | generator.py:1:1:1:23 | Function generator_func | generator.py:2:24:2:25 | xs | | generator.py:2:12:2:26 | Function listcomp | generator.py:2:12:2:26 | .0 | | generator.py:2:12:2:26 | Function listcomp | generator.py:2:12:2:26 | After .0 [empty] | -| generator.py:2:12:2:26 | Function listcomp | generator.py:2:12:2:26 | After .0 [non-empty] | | generator.py:2:12:2:26 | Function listcomp | generator.py:2:13:2:13 | After Yield | | generator.py:2:12:2:26 | Function listcomp | generator.py:2:13:2:13 | x | | generator.py:2:12:2:26 | Function listcomp | generator.py:2:19:2:19 | x | diff --git a/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.ql index caaa22ef194..9b960476005 100644 --- a/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.ql @@ -1,8 +1,9 @@ import experimental.meta.InlineTaintTest +private import semmle.python.controlflow.internal.Cfg as Cfg -predicate isSafe(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) { - g.(CallNode).getFunction().(NameNode).getId() = "is_safe" and - node = g.(CallNode).getArg(_) and +predicate isSafe(DataFlow::GuardNode g, Cfg::ControlFlowNode node, boolean branch) { + g.(Cfg::CallNode).getFunction().(Cfg::NameNode).getId() = "is_safe" and + node = g.(Cfg::CallNode).getArg(_) and branch = true } diff --git a/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected b/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected index 178f63b4aab..93475614b77 100644 --- a/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected +++ b/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected @@ -1,46 +1,46 @@ edges -| test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | -| test.py:29:11:29:18 | ControlFlowNode for source() | test.py:32:5:32:7 | ControlFlowNode for val | provenance | AdditionalTaintStep | -| test.py:32:5:32:7 | ControlFlowNode for val | test.py:33:10:33:12 | ControlFlowNode for val | provenance | | -| test.py:40:5:40:7 | ControlFlowNode for val | test.py:41:10:41:12 | ControlFlowNode for val | provenance | | -| test.py:40:11:40:25 | ControlFlowNode for Attribute() | test.py:40:5:40:7 | ControlFlowNode for val | provenance | | -| test.py:45:11:45:18 | ControlFlowNode for source() | test.py:40:11:40:25 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | -| test.py:53:5:53:7 | ControlFlowNode for val | test.py:54:10:54:12 | ControlFlowNode for val | provenance | | -| test.py:53:11:53:25 | ControlFlowNode for Attribute() | test.py:53:5:53:7 | ControlFlowNode for val | provenance | | -| test.py:70:11:70:18 | ControlFlowNode for source() | test.py:53:11:53:25 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | -| test.py:78:5:78:7 | ControlFlowNode for val | test.py:79:10:79:12 | ControlFlowNode for val | provenance | | -| test.py:78:11:78:14 | ControlFlowNode for bm() | test.py:78:5:78:7 | ControlFlowNode for val | provenance | | -| test.py:83:11:83:18 | ControlFlowNode for source() | test.py:78:11:78:14 | ControlFlowNode for bm() | provenance | AdditionalTaintStep | -| test.py:90:5:90:7 | ControlFlowNode for val | test.py:91:10:91:12 | ControlFlowNode for val | provenance | | -| test.py:90:11:90:14 | ControlFlowNode for bm() | test.py:90:5:90:7 | ControlFlowNode for val | provenance | | -| test.py:107:11:107:18 | ControlFlowNode for source() | test.py:90:11:90:14 | ControlFlowNode for bm() | provenance | AdditionalTaintStep | +| test.py:21:11:21:18 | After source() | test.py:22:10:22:24 | After Attribute() | provenance | AdditionalTaintStep | +| test.py:29:11:29:18 | After source() | test.py:32:5:32:7 | val | provenance | AdditionalTaintStep | +| test.py:32:5:32:7 | val | test.py:33:10:33:12 | val | provenance | | +| test.py:40:5:40:7 | val | test.py:41:10:41:12 | val | provenance | | +| test.py:40:11:40:25 | After Attribute() | test.py:40:5:40:7 | val | provenance | | +| test.py:45:11:45:18 | After source() | test.py:40:11:40:25 | After Attribute() | provenance | AdditionalTaintStep | +| test.py:53:5:53:7 | val | test.py:54:10:54:12 | val | provenance | | +| test.py:53:11:53:25 | After Attribute() | test.py:53:5:53:7 | val | provenance | | +| test.py:70:11:70:18 | After source() | test.py:53:11:53:25 | After Attribute() | provenance | AdditionalTaintStep | +| test.py:78:5:78:7 | val | test.py:79:10:79:12 | val | provenance | | +| test.py:78:11:78:14 | After bm() | test.py:78:5:78:7 | val | provenance | | +| test.py:83:11:83:18 | After source() | test.py:78:11:78:14 | After bm() | provenance | AdditionalTaintStep | +| test.py:90:5:90:7 | val | test.py:91:10:91:12 | val | provenance | | +| test.py:90:11:90:14 | After bm() | test.py:90:5:90:7 | val | provenance | | +| test.py:107:11:107:18 | After source() | test.py:90:11:90:14 | After bm() | provenance | AdditionalTaintStep | nodes -| test.py:21:11:21:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:22:10:22:24 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:29:11:29:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:32:5:32:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:33:10:33:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:40:5:40:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:40:11:40:25 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:41:10:41:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:45:11:45:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:53:5:53:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:53:11:53:25 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:54:10:54:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:70:11:70:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:78:5:78:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:78:11:78:14 | ControlFlowNode for bm() | semmle.label | ControlFlowNode for bm() | -| test.py:79:10:79:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:83:11:83:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:90:5:90:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:90:11:90:14 | ControlFlowNode for bm() | semmle.label | ControlFlowNode for bm() | -| test.py:91:10:91:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:107:11:107:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | +| test.py:21:11:21:18 | After source() | semmle.label | After source() | +| test.py:22:10:22:24 | After Attribute() | semmle.label | After Attribute() | +| test.py:29:11:29:18 | After source() | semmle.label | After source() | +| test.py:32:5:32:7 | val | semmle.label | val | +| test.py:33:10:33:12 | val | semmle.label | val | +| test.py:40:5:40:7 | val | semmle.label | val | +| test.py:40:11:40:25 | After Attribute() | semmle.label | After Attribute() | +| test.py:41:10:41:12 | val | semmle.label | val | +| test.py:45:11:45:18 | After source() | semmle.label | After source() | +| test.py:53:5:53:7 | val | semmle.label | val | +| test.py:53:11:53:25 | After Attribute() | semmle.label | After Attribute() | +| test.py:54:10:54:12 | val | semmle.label | val | +| test.py:70:11:70:18 | After source() | semmle.label | After source() | +| test.py:78:5:78:7 | val | semmle.label | val | +| test.py:78:11:78:14 | After bm() | semmle.label | After bm() | +| test.py:79:10:79:12 | val | semmle.label | val | +| test.py:83:11:83:18 | After source() | semmle.label | After source() | +| test.py:90:5:90:7 | val | semmle.label | val | +| test.py:90:11:90:14 | After bm() | semmle.label | After bm() | +| test.py:91:10:91:12 | val | semmle.label | val | +| test.py:107:11:107:18 | After source() | semmle.label | After source() | subpaths #select -| test.py:22:10:22:24 | ControlFlowNode for Attribute() | test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | test flow (naive): test_simple | -| test.py:33:10:33:12 | ControlFlowNode for val | test.py:29:11:29:18 | ControlFlowNode for source() | test.py:33:10:33:12 | ControlFlowNode for val | test flow (naive): test_alias | -| test.py:41:10:41:12 | ControlFlowNode for val | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:41:10:41:12 | ControlFlowNode for val | test flow (naive): test_across_functions | -| test.py:54:10:54:12 | ControlFlowNode for val | test.py:70:11:70:18 | ControlFlowNode for source() | test.py:54:10:54:12 | ControlFlowNode for val | test flow (naive): test_deeply_nested | -| test.py:79:10:79:12 | ControlFlowNode for val | test.py:83:11:83:18 | ControlFlowNode for source() | test.py:79:10:79:12 | ControlFlowNode for val | test flow (naive): test_pass_bound_method | -| test.py:91:10:91:12 | ControlFlowNode for val | test.py:107:11:107:18 | ControlFlowNode for source() | test.py:91:10:91:12 | ControlFlowNode for val | test flow (naive): test_deeply_nested_bound_method | +| test.py:22:10:22:24 | After Attribute() | test.py:21:11:21:18 | After source() | test.py:22:10:22:24 | After Attribute() | test flow (naive): test_simple | +| test.py:33:10:33:12 | val | test.py:29:11:29:18 | After source() | test.py:33:10:33:12 | val | test flow (naive): test_alias | +| test.py:41:10:41:12 | val | test.py:45:11:45:18 | After source() | test.py:41:10:41:12 | val | test flow (naive): test_across_functions | +| test.py:54:10:54:12 | val | test.py:70:11:70:18 | After source() | test.py:54:10:54:12 | val | test flow (naive): test_deeply_nested | +| test.py:79:10:79:12 | val | test.py:83:11:83:18 | After source() | test.py:79:10:79:12 | val | test flow (naive): test_pass_bound_method | +| test.py:91:10:91:12 | val | test.py:107:11:107:18 | After source() | test.py:91:10:91:12 | val | test flow (naive): test_deeply_nested_bound_method | diff --git a/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.ql b/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.ql index 8b6eee5113f..56d352eef4c 100644 --- a/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.ql +++ b/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.ql @@ -3,6 +3,7 @@ */ private import python +private import semmle.python.controlflow.internal.Cfg as Cfg private import semmle.python.dataflow.new.DataFlow private import semmle.python.dataflow.new.TaintTracking import SharedFlow::PathGraph @@ -13,7 +14,7 @@ class MyClassGetValueAdditionalTaintStep extends TaintTracking::AdditionalTaintS // obj -> obj.get_value() exists(DataFlow::Node bound_method | bound_method = myClassGetValue(nodeFrom) and - nodeTo.asCfgNode().(CallNode).getFunction() = bound_method.asCfgNode() + nodeTo.asCfgNode().(Cfg::CallNode).getFunction() = bound_method.asCfgNode() ) } } diff --git a/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected b/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected index 86e0a1958f2..3355dfea987 100644 --- a/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected +++ b/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected @@ -1,94 +1,94 @@ edges -| test.py:21:5:21:7 | ControlFlowNode for src | test.py:22:10:22:24 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | -| test.py:21:11:21:18 | ControlFlowNode for source() | test.py:21:5:21:7 | ControlFlowNode for src | provenance | | -| test.py:29:5:29:7 | ControlFlowNode for src | test.py:30:5:30:7 | ControlFlowNode for foo | provenance | | -| test.py:29:11:29:18 | ControlFlowNode for source() | test.py:29:5:29:7 | ControlFlowNode for src | provenance | | -| test.py:30:5:30:7 | ControlFlowNode for foo | test.py:31:5:31:16 | ControlFlowNode for bound_method | provenance | AdditionalTaintStep | -| test.py:31:5:31:16 | ControlFlowNode for bound_method | test.py:32:5:32:7 | ControlFlowNode for val | provenance | AdditionalTaintStep | -| test.py:32:5:32:7 | ControlFlowNode for val | test.py:33:10:33:12 | ControlFlowNode for val | provenance | | -| test.py:39:15:39:17 | ControlFlowNode for arg | test.py:40:5:40:7 | ControlFlowNode for val | provenance | AdditionalTaintStep | -| test.py:40:5:40:7 | ControlFlowNode for val | test.py:41:10:41:12 | ControlFlowNode for val | provenance | | -| test.py:45:5:45:7 | ControlFlowNode for src | test.py:46:15:46:17 | ControlFlowNode for src | provenance | | -| test.py:45:11:45:18 | ControlFlowNode for source() | test.py:45:5:45:7 | ControlFlowNode for src | provenance | | -| test.py:46:15:46:17 | ControlFlowNode for src | test.py:39:15:39:17 | ControlFlowNode for arg | provenance | | -| test.py:52:24:52:26 | ControlFlowNode for arg | test.py:53:5:53:7 | ControlFlowNode for val | provenance | AdditionalTaintStep | -| test.py:53:5:53:7 | ControlFlowNode for val | test.py:54:10:54:12 | ControlFlowNode for val | provenance | | -| test.py:57:33:57:35 | ControlFlowNode for arg | test.py:58:24:58:26 | ControlFlowNode for arg | provenance | | -| test.py:58:24:58:26 | ControlFlowNode for arg | test.py:52:24:52:26 | ControlFlowNode for arg | provenance | | -| test.py:61:33:61:35 | ControlFlowNode for arg | test.py:62:33:62:35 | ControlFlowNode for arg | provenance | | -| test.py:62:33:62:35 | ControlFlowNode for arg | test.py:57:33:57:35 | ControlFlowNode for arg | provenance | | -| test.py:65:33:65:35 | ControlFlowNode for arg | test.py:66:33:66:35 | ControlFlowNode for arg | provenance | | -| test.py:66:33:66:35 | ControlFlowNode for arg | test.py:61:33:61:35 | ControlFlowNode for arg | provenance | | -| test.py:70:5:70:7 | ControlFlowNode for src | test.py:71:33:71:35 | ControlFlowNode for src | provenance | | -| test.py:70:11:70:18 | ControlFlowNode for source() | test.py:70:5:70:7 | ControlFlowNode for src | provenance | | -| test.py:71:33:71:35 | ControlFlowNode for src | test.py:65:33:65:35 | ControlFlowNode for arg | provenance | | -| test.py:77:23:77:24 | ControlFlowNode for bm | test.py:78:5:78:7 | ControlFlowNode for val | provenance | AdditionalTaintStep | -| test.py:78:5:78:7 | ControlFlowNode for val | test.py:79:10:79:12 | ControlFlowNode for val | provenance | | -| test.py:83:5:83:7 | ControlFlowNode for src | test.py:84:23:84:35 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | -| test.py:83:11:83:18 | ControlFlowNode for source() | test.py:83:5:83:7 | ControlFlowNode for src | provenance | | -| test.py:84:23:84:35 | ControlFlowNode for Attribute | test.py:77:23:77:24 | ControlFlowNode for bm | provenance | | -| test.py:89:37:89:38 | ControlFlowNode for bm | test.py:90:5:90:7 | ControlFlowNode for val | provenance | AdditionalTaintStep | -| test.py:90:5:90:7 | ControlFlowNode for val | test.py:91:10:91:12 | ControlFlowNode for val | provenance | | -| test.py:94:46:94:47 | ControlFlowNode for bm | test.py:95:37:95:38 | ControlFlowNode for bm | provenance | | -| test.py:95:37:95:38 | ControlFlowNode for bm | test.py:89:37:89:38 | ControlFlowNode for bm | provenance | | -| test.py:98:46:98:47 | ControlFlowNode for bm | test.py:99:46:99:47 | ControlFlowNode for bm | provenance | | -| test.py:99:46:99:47 | ControlFlowNode for bm | test.py:94:46:94:47 | ControlFlowNode for bm | provenance | | -| test.py:102:46:102:47 | ControlFlowNode for bm | test.py:103:46:103:47 | ControlFlowNode for bm | provenance | | -| test.py:103:46:103:47 | ControlFlowNode for bm | test.py:98:46:98:47 | ControlFlowNode for bm | provenance | | -| test.py:107:5:107:7 | ControlFlowNode for src | test.py:108:46:108:58 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | -| test.py:107:11:107:18 | ControlFlowNode for source() | test.py:107:5:107:7 | ControlFlowNode for src | provenance | | -| test.py:108:46:108:58 | ControlFlowNode for Attribute | test.py:102:46:102:47 | ControlFlowNode for bm | provenance | | +| test.py:21:5:21:7 | src | test.py:22:10:22:24 | After Attribute() | provenance | AdditionalTaintStep | +| test.py:21:11:21:18 | After source() | test.py:21:5:21:7 | src | provenance | | +| test.py:29:5:29:7 | src | test.py:30:5:30:7 | foo | provenance | | +| test.py:29:11:29:18 | After source() | test.py:29:5:29:7 | src | provenance | | +| test.py:30:5:30:7 | foo | test.py:31:5:31:16 | bound_method | provenance | AdditionalTaintStep | +| test.py:31:5:31:16 | bound_method | test.py:32:5:32:7 | val | provenance | AdditionalTaintStep | +| test.py:32:5:32:7 | val | test.py:33:10:33:12 | val | provenance | | +| test.py:39:15:39:17 | arg | test.py:40:5:40:7 | val | provenance | AdditionalTaintStep | +| test.py:40:5:40:7 | val | test.py:41:10:41:12 | val | provenance | | +| test.py:45:5:45:7 | src | test.py:46:15:46:17 | src | provenance | | +| test.py:45:11:45:18 | After source() | test.py:45:5:45:7 | src | provenance | | +| test.py:46:15:46:17 | src | test.py:39:15:39:17 | arg | provenance | | +| test.py:52:24:52:26 | arg | test.py:53:5:53:7 | val | provenance | AdditionalTaintStep | +| test.py:53:5:53:7 | val | test.py:54:10:54:12 | val | provenance | | +| test.py:57:33:57:35 | arg | test.py:58:24:58:26 | arg | provenance | | +| test.py:58:24:58:26 | arg | test.py:52:24:52:26 | arg | provenance | | +| test.py:61:33:61:35 | arg | test.py:62:33:62:35 | arg | provenance | | +| test.py:62:33:62:35 | arg | test.py:57:33:57:35 | arg | provenance | | +| test.py:65:33:65:35 | arg | test.py:66:33:66:35 | arg | provenance | | +| test.py:66:33:66:35 | arg | test.py:61:33:61:35 | arg | provenance | | +| test.py:70:5:70:7 | src | test.py:71:33:71:35 | src | provenance | | +| test.py:70:11:70:18 | After source() | test.py:70:5:70:7 | src | provenance | | +| test.py:71:33:71:35 | src | test.py:65:33:65:35 | arg | provenance | | +| test.py:77:23:77:24 | bm | test.py:78:5:78:7 | val | provenance | AdditionalTaintStep | +| test.py:78:5:78:7 | val | test.py:79:10:79:12 | val | provenance | | +| test.py:83:5:83:7 | src | test.py:84:23:84:35 | After Attribute | provenance | AdditionalTaintStep | +| test.py:83:11:83:18 | After source() | test.py:83:5:83:7 | src | provenance | | +| test.py:84:23:84:35 | After Attribute | test.py:77:23:77:24 | bm | provenance | | +| test.py:89:37:89:38 | bm | test.py:90:5:90:7 | val | provenance | AdditionalTaintStep | +| test.py:90:5:90:7 | val | test.py:91:10:91:12 | val | provenance | | +| test.py:94:46:94:47 | bm | test.py:95:37:95:38 | bm | provenance | | +| test.py:95:37:95:38 | bm | test.py:89:37:89:38 | bm | provenance | | +| test.py:98:46:98:47 | bm | test.py:99:46:99:47 | bm | provenance | | +| test.py:99:46:99:47 | bm | test.py:94:46:94:47 | bm | provenance | | +| test.py:102:46:102:47 | bm | test.py:103:46:103:47 | bm | provenance | | +| test.py:103:46:103:47 | bm | test.py:98:46:98:47 | bm | provenance | | +| test.py:107:5:107:7 | src | test.py:108:46:108:58 | After Attribute | provenance | AdditionalTaintStep | +| test.py:107:11:107:18 | After source() | test.py:107:5:107:7 | src | provenance | | +| test.py:108:46:108:58 | After Attribute | test.py:102:46:102:47 | bm | provenance | | nodes -| test.py:21:5:21:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | -| test.py:21:11:21:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:22:10:22:24 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:29:5:29:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | -| test.py:29:11:29:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:30:5:30:7 | ControlFlowNode for foo | semmle.label | ControlFlowNode for foo | -| test.py:31:5:31:16 | ControlFlowNode for bound_method | semmle.label | ControlFlowNode for bound_method | -| test.py:32:5:32:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:33:10:33:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:39:15:39:17 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | -| test.py:40:5:40:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:41:10:41:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:45:5:45:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | -| test.py:45:11:45:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:46:15:46:17 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | -| test.py:52:24:52:26 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | -| test.py:53:5:53:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:54:10:54:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:57:33:57:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | -| test.py:58:24:58:26 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | -| test.py:61:33:61:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | -| test.py:62:33:62:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | -| test.py:65:33:65:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | -| test.py:66:33:66:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | -| test.py:70:5:70:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | -| test.py:70:11:70:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:71:33:71:35 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | -| test.py:77:23:77:24 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | -| test.py:78:5:78:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:79:10:79:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:83:5:83:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | -| test.py:83:11:83:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:84:23:84:35 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | -| test.py:89:37:89:38 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | -| test.py:90:5:90:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:91:10:91:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:94:46:94:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | -| test.py:95:37:95:38 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | -| test.py:98:46:98:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | -| test.py:99:46:99:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | -| test.py:102:46:102:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | -| test.py:103:46:103:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | -| test.py:107:5:107:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | -| test.py:107:11:107:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:108:46:108:58 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | +| test.py:21:5:21:7 | src | semmle.label | src | +| test.py:21:11:21:18 | After source() | semmle.label | After source() | +| test.py:22:10:22:24 | After Attribute() | semmle.label | After Attribute() | +| test.py:29:5:29:7 | src | semmle.label | src | +| test.py:29:11:29:18 | After source() | semmle.label | After source() | +| test.py:30:5:30:7 | foo | semmle.label | foo | +| test.py:31:5:31:16 | bound_method | semmle.label | bound_method | +| test.py:32:5:32:7 | val | semmle.label | val | +| test.py:33:10:33:12 | val | semmle.label | val | +| test.py:39:15:39:17 | arg | semmle.label | arg | +| test.py:40:5:40:7 | val | semmle.label | val | +| test.py:41:10:41:12 | val | semmle.label | val | +| test.py:45:5:45:7 | src | semmle.label | src | +| test.py:45:11:45:18 | After source() | semmle.label | After source() | +| test.py:46:15:46:17 | src | semmle.label | src | +| test.py:52:24:52:26 | arg | semmle.label | arg | +| test.py:53:5:53:7 | val | semmle.label | val | +| test.py:54:10:54:12 | val | semmle.label | val | +| test.py:57:33:57:35 | arg | semmle.label | arg | +| test.py:58:24:58:26 | arg | semmle.label | arg | +| test.py:61:33:61:35 | arg | semmle.label | arg | +| test.py:62:33:62:35 | arg | semmle.label | arg | +| test.py:65:33:65:35 | arg | semmle.label | arg | +| test.py:66:33:66:35 | arg | semmle.label | arg | +| test.py:70:5:70:7 | src | semmle.label | src | +| test.py:70:11:70:18 | After source() | semmle.label | After source() | +| test.py:71:33:71:35 | src | semmle.label | src | +| test.py:77:23:77:24 | bm | semmle.label | bm | +| test.py:78:5:78:7 | val | semmle.label | val | +| test.py:79:10:79:12 | val | semmle.label | val | +| test.py:83:5:83:7 | src | semmle.label | src | +| test.py:83:11:83:18 | After source() | semmle.label | After source() | +| test.py:84:23:84:35 | After Attribute | semmle.label | After Attribute | +| test.py:89:37:89:38 | bm | semmle.label | bm | +| test.py:90:5:90:7 | val | semmle.label | val | +| test.py:91:10:91:12 | val | semmle.label | val | +| test.py:94:46:94:47 | bm | semmle.label | bm | +| test.py:95:37:95:38 | bm | semmle.label | bm | +| test.py:98:46:98:47 | bm | semmle.label | bm | +| test.py:99:46:99:47 | bm | semmle.label | bm | +| test.py:102:46:102:47 | bm | semmle.label | bm | +| test.py:103:46:103:47 | bm | semmle.label | bm | +| test.py:107:5:107:7 | src | semmle.label | src | +| test.py:107:11:107:18 | After source() | semmle.label | After source() | +| test.py:108:46:108:58 | After Attribute | semmle.label | After Attribute | subpaths #select -| test.py:22:10:22:24 | ControlFlowNode for Attribute() | test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | test flow (proper): test_simple | -| test.py:33:10:33:12 | ControlFlowNode for val | test.py:29:11:29:18 | ControlFlowNode for source() | test.py:33:10:33:12 | ControlFlowNode for val | test flow (proper): test_alias | -| test.py:41:10:41:12 | ControlFlowNode for val | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:41:10:41:12 | ControlFlowNode for val | test flow (proper): test_across_functions | -| test.py:54:10:54:12 | ControlFlowNode for val | test.py:70:11:70:18 | ControlFlowNode for source() | test.py:54:10:54:12 | ControlFlowNode for val | test flow (proper): test_deeply_nested | -| test.py:79:10:79:12 | ControlFlowNode for val | test.py:83:11:83:18 | ControlFlowNode for source() | test.py:79:10:79:12 | ControlFlowNode for val | test flow (proper): test_pass_bound_method | -| test.py:91:10:91:12 | ControlFlowNode for val | test.py:107:11:107:18 | ControlFlowNode for source() | test.py:91:10:91:12 | ControlFlowNode for val | test flow (proper): test_deeply_nested_bound_method | +| test.py:22:10:22:24 | After Attribute() | test.py:21:11:21:18 | After source() | test.py:22:10:22:24 | After Attribute() | test flow (proper): test_simple | +| test.py:33:10:33:12 | val | test.py:29:11:29:18 | After source() | test.py:33:10:33:12 | val | test flow (proper): test_alias | +| test.py:41:10:41:12 | val | test.py:45:11:45:18 | After source() | test.py:41:10:41:12 | val | test flow (proper): test_across_functions | +| test.py:54:10:54:12 | val | test.py:70:11:70:18 | After source() | test.py:54:10:54:12 | val | test flow (proper): test_deeply_nested | +| test.py:79:10:79:12 | val | test.py:83:11:83:18 | After source() | test.py:79:10:79:12 | val | test flow (proper): test_pass_bound_method | +| test.py:91:10:91:12 | val | test.py:107:11:107:18 | After source() | test.py:91:10:91:12 | val | test flow (proper): test_deeply_nested_bound_method | diff --git a/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.ql b/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.ql index 98bb40501b8..b246847b3b4 100644 --- a/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.ql +++ b/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.ql @@ -3,6 +3,7 @@ */ private import python +private import semmle.python.controlflow.internal.Cfg as Cfg private import semmle.python.dataflow.new.DataFlow private import semmle.python.dataflow.new.TaintTracking import SharedFlow::PathGraph @@ -11,12 +12,12 @@ import SharedCode class MyClassGetValueAdditionalTaintStep extends TaintTracking::AdditionalTaintStep { override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { // obj -> obj.get_value - nodeTo.asCfgNode().(AttrNode).getObject("get_value") = nodeFrom.asCfgNode() and + nodeTo.asCfgNode().(Cfg::AttrNode).getObject("get_value") = nodeFrom.asCfgNode() and nodeTo = myClassGetValue(_) or // get_value -> get_value() nodeFrom = myClassGetValue(_) and - nodeTo.asCfgNode().(CallNode).getFunction() = nodeFrom.asCfgNode() + nodeTo.asCfgNode().(Cfg::CallNode).getFunction() = nodeFrom.asCfgNode() } } diff --git a/python/ql/test/library-tests/frameworks/modeling-example/SharedCode.qll b/python/ql/test/library-tests/frameworks/modeling-example/SharedCode.qll index a541a7e2c81..3a5938ea8f3 100644 --- a/python/ql/test/library-tests/frameworks/modeling-example/SharedCode.qll +++ b/python/ql/test/library-tests/frameworks/modeling-example/SharedCode.qll @@ -1,4 +1,5 @@ private import python +private import semmle.python.controlflow.internal.Cfg as Cfg private import semmle.python.dataflow.new.DataFlow private import semmle.python.dataflow.new.TaintTracking @@ -19,15 +20,15 @@ DataFlow::Node myClassGetValue(MyClass qualifier) { // Config class SourceCall extends DataFlow::Node, MyClass { - SourceCall() { this.asCfgNode().(CallNode).getFunction().(NameNode).getId() = "source" } + SourceCall() { this.asCfgNode().(Cfg::CallNode).getFunction().(Cfg::NameNode).getId() = "source" } } private module SharedConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof SourceCall } predicate isSink(DataFlow::Node sink) { - exists(CallNode call | - call.getFunction().(NameNode).getId() = "sink" and + exists(Cfg::CallNode call | + call.getFunction().(Cfg::NameNode).getId() = "sink" and call.getArg(0) = sink.asCfgNode() ) }