mirror of
https://github.com/github/codeql.git
synced 2026-05-01 11:45:14 +02:00
Python: Add test for missing points-to information
To ease the rollout of this test, currently we only report missing points-to information for nodes that either - appear as an argument in a call to a function named `check`, or - appear inside a scope where the first line is annotated with a comment ending in "check". The idea behind the second version is that once we have points-to running at a level where no node inside a scope that _ought_ to have points-to is missing this information, we can simply remove all uses of `check(...)` from inside this scope, and annotate the entire scope with `# check`. Once this has been done for the entire file, we can then remove all the comments and just require _everything_ to be checked. Note that I don't expect all nodes to have the need for points-to information. For instance, there are nodes representing scope entry and exit, and for these it doesn't make sense to require that they "point-to" anything. Similarly, `NameNode` appearing in a "store" (i.e. as the left hand side of an assignment) do not strictly need to have points-to information, although it might be more intuitive if they did. Thus, the `relevant_node` predicate will almost certainly need to be extended to exclude these kinds of nodes.
This commit is contained in:
Taus Brock-Nannestad
26
python/ql/test/library-tests/PointsTo/new/PointsToMissing.ql
Normal file
26
python/ql/test/library-tests/PointsTo/new/PointsToMissing.ql
Normal file
@@ -0,0 +1,26 @@
|
||||
import python
|
||||
import Util
|
||||
import semmle.python.pointsto.PointsTo
|
||||
import semmle.python.objects.ObjectInternal
|
||||
|
||||
/* Ideally, this test should return _no_ results. */
|
||||
|
||||
predicate relevant_node(ControlFlowNode n) {
|
||||
exists(CallNode c |
|
||||
c.getFunction().(NameNode).getId() = "check" and
|
||||
n = c.getAnArg()
|
||||
)
|
||||
or
|
||||
exists(Comment c, string filepath, int bl |
|
||||
n.getNode().getScope().getLocation().hasLocationInfo(filepath, bl, _, _, _) and
|
||||
c.getLocation().hasLocationInfo(filepath, bl, _, _, _) and
|
||||
c.getText().matches("%check")
|
||||
and not n.(NameNode).isStore()
|
||||
)
|
||||
}
|
||||
|
||||
from ControlFlowNode f
|
||||
where
|
||||
relevant_node(f) and
|
||||
not PointsTo::pointsTo(f, _, _, _)
|
||||
select locate(f.getLocation(), "abchlr"), f.toString()
|
||||
Reference in New Issue
Block a user