hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Update globalVariableAttrPathAtDepth base case

Browse Source
This commit is contained in:
Napalys Klicius
2025-08-07 14:55:50 +00:00
parent 6133f01c81
commit 8393ccf39d
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
View File

@@ -604,7 +604,7 @@ predicate globalVariableAttrPathAtDepth(
) { ) {
// Base case: Direct global variable access (depth 0) // Base case: Direct global variable access (depth 0)
depth = 0 and depth = 0 and
node in [globalVar.getARead(), globalVar.getAWrite()] and node in [globalVar.getARead(), globalVar.getAWrite(), globalVar] and
accessPath = "" accessPath = ""
or or
exists(Node obj, string attrName, string parentAccessPath, int parentDepth | exists(Node obj, string attrName, string parentAccessPath, int parentDepth |

4
python/ql/test/library-tests/dataflow/fieldflow/test.py
View File

@@ -301,12 +301,12 @@ def set_to_source():
@expects(4) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..) @expects(4) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..)
def test_global_flow_to_class_attribute(): def test_global_flow_to_class_attribute():
inst = WithTuple2() inst = WithTuple2()
SINK_F(WithTuple2.my_tuple[0]) SINK_F(WithTuple2.my_tuple[0]) # $ SPURIOUS: flow="SOURCE, l:-5 -> WithTuple2.my_tuple[0]"
SINK_F(inst.my_tuple[0]) SINK_F(inst.my_tuple[0])
set_to_source() set_to_source()
SINK(WithTuple2.my_tuple[0]) # $ MISSING: flow="SOURCE, l:-10 -> WithTuple2.my_tuple[0]" SINK(WithTuple2.my_tuple[0]) # $ flow="SOURCE, l:-10 -> WithTuple2.my_tuple[0]"
SINK(inst.my_tuple[0]) # $ MISSING: flow="SOURCE, l:-11 -> inst.my_tuple[0]" SINK(inst.my_tuple[0]) # $ MISSING: flow="SOURCE, l:-11 -> inst.my_tuple[0]"