hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into amammad-python-bombs

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2024-02-14 13:37:59 +01:00
parent 5795c72a99 048b3727f5
commit 9399258e3b
3614 changed files with 440177 additions and 142045 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/test/experimental/dataflow/TestUtil/DataFlowConsistency.qll
View File

@@ -1,6 +0,0 @@
// TODO: this should be promoted to be a REAL consistency query by being placed in
// `python/ql/consistency-queries`. For for now it resides here.
import python
import semmle.python.dataflow.new.DataFlow::DataFlow
import semmle.python.dataflow.new.internal.DataFlowPrivate
import semmle.python.dataflow.new.internal.DataFlowImplConsistency::Consistency

4
python/ql/test/experimental/dataflow/TestUtil/DataflowQueryTest.qll
View File

@@ -104,9 +104,9 @@ module FromTaintTrackingStateConfig<DataFlow::StateConfigSig C> {
import MakeQueryTest<Impl>
}
signature class LegacyConfiguration extends DataFlow::Configuration;
deprecated signature class LegacyConfiguration extends DataFlow::Configuration;
module FromLegacyConfiguration<LegacyConfiguration C> {
deprecated module FromLegacyConfiguration<LegacyConfiguration C> {
module Impl implements QueryTestSig {
predicate isSink(DataFlow::Node sink) { any(C c).isSink(sink) or any(C c).isSink(sink, _) }

3
python/ql/test/experimental/dataflow/TestUtil/NormalDataflowTest.qll
View File

@@ -32,6 +32,3 @@ query predicate missingAnnotationOnSink(Location location, string error, string
)
)
}
/** DEPRECATED: Alias for missingAnnotationOnSink */
deprecated predicate missingAnnotationOnSINK = missingAnnotationOnSink/3;

10
python/ql/test/experimental/dataflow/basic/allFlowsConfig.qll
View File

@@ -4,10 +4,10 @@ import semmle.python.dataflow.new.DataFlow
* A configuration to find all flows.
* To be used on tiny programs.
*/
class AllFlowsConfig extends DataFlow::Configuration {
AllFlowsConfig() { this = "AllFlowsConfig" }
module AllFlowsConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { any() }
override predicate isSource(DataFlow::Node node) { any() }
override predicate isSink(DataFlow::Node node) { any() }
predicate isSink(DataFlow::Node node) { any() }
}
module AllFlowsFlow = DataFlow::Global<AllFlowsConfig>;

2
python/ql/test/experimental/dataflow/basic/callGraph.ql
View File

@@ -2,7 +2,7 @@ import experimental.dataflow.callGraphConfig
from DataFlow::Node source, DataFlow::Node sink
where
exists(CallGraphConfig cfg | cfg.hasFlow(source, sink)) and
CallGraphFlow::flow(source, sink) and
exists(source.getLocation().getFile().getRelativePath()) and
exists(sink.getLocation().getFile().getRelativePath())
select source, sink

2
python/ql/test/experimental/dataflow/basic/callGraphSinks.ql
View File

@@ -2,6 +2,6 @@ import experimental.dataflow.callGraphConfig
from DataFlow::Node sink
where
exists(CallGraphConfig cfg | cfg.isSink(sink)) and
CallGraphConfig::isSink(sink) and
exists(sink.getLocation().getFile().getRelativePath())
select sink

2
python/ql/test/experimental/dataflow/basic/callGraphSources.ql
View File

@@ -2,6 +2,6 @@ import experimental.dataflow.callGraphConfig
from DataFlow::Node source
where
exists(CallGraphConfig cfg | cfg.isSource(source)) and
CallGraphConfig::isSource(source) and
exists(source.getLocation().getFile().getRelativePath())
select source

27
python/ql/test/experimental/dataflow/basic/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/basic/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

83
python/ql/test/experimental/dataflow/basic/global.expected
View File

@@ -1,69 +1,58 @@
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:3:3:3 | SSA variable z |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | GSSA Variable b |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:1:19:1:19 | SSA variable x | test.py:3:3:3:3 | SSA variable z |
| test.py:1:19:1:19 | SSA variable x | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:1:19:1:19 | SSA variable x | test.py:7:1:7:1 | GSSA Variable b |
| test.py:1:19:1:19 | SSA variable x | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z |
| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:3:2:3 | SSA variable y | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:2:3:2:3 | SSA variable y | test.py:7:1:7:1 | GSSA Variable b |
| test.py:2:3:2:3 | SSA variable y | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:3:3:3 | SSA variable z |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:7:1:7:1 | GSSA Variable b |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:3:3:3 | SSA variable z | test.py:7:1:7:1 | GSSA Variable b |
| test.py:3:3:3:3 | SSA variable z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:3:3:3 | ControlFlowNode for z | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:3:3:3:3 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:7:1:7:1 | GSSA Variable b |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:1:7:1 | GSSA Variable b |
| test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:6:1:6:1 | GSSA Variable a | test.py:1:19:1:19 | ControlFlowNode for x |
| test.py:6:1:6:1 | GSSA Variable a | test.py:1:19:1:19 | SSA variable x |
| test.py:6:1:6:1 | GSSA Variable a | test.py:2:3:2:3 | SSA variable y |
| test.py:6:1:6:1 | GSSA Variable a | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:6:1:6:1 | GSSA Variable a | test.py:3:3:3:3 | SSA variable z |
| test.py:6:1:6:1 | GSSA Variable a | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:6:1:6:1 | GSSA Variable a | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:1:7:1 | GSSA Variable b |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:1:19:1:19 | ControlFlowNode for x |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:1:19:1:19 | ControlFlowNode for x |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:1:19:1:19 | SSA variable x |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:2:3:2:3 | SSA variable y |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:3:3:3:3 | SSA variable z |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:1:7:1 | GSSA Variable b |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | ControlFlowNode for x |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | SSA variable x |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:2:3:2:3 | SSA variable y |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:3:3:3:3 | SSA variable z |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:1:7:1 | GSSA Variable b |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |

2
python/ql/test/experimental/dataflow/basic/global.ql
View File

@@ -3,7 +3,7 @@ import allFlowsConfig
from DataFlow::Node source, DataFlow::Node sink
where
source != sink and
exists(AllFlowsConfig cfg | cfg.hasFlow(source, sink)) and
AllFlowsFlow::flow(source, sink) and
exists(source.getLocation().getFile().getRelativePath()) and
exists(sink.getLocation().getFile().getRelativePath())
select source, sink

76
python/ql/test/experimental/dataflow/basic/globalStep.expected
View File

@@ -1,53 +1,41 @@
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z |
| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z |
| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z |
| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z |
| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | ControlFlowNode for x |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | ControlFlowNode for x |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |

2
python/ql/test/experimental/dataflow/basic/globalStep.ql
View File

@@ -1,6 +1,6 @@
import allFlowsConfig
from DataFlow::PathNode fromNode, DataFlow::PathNode toNode
from AllFlowsFlow::PathNode fromNode, AllFlowsFlow::PathNode toNode
where
toNode = fromNode.getASuccessor() and
exists(fromNode.getNode().getLocation().getFile().getRelativePath()) and

45
python/ql/test/experimental/dataflow/basic/local.expected
View File

@@ -1,57 +1,40 @@
| test.py:0:0:0:0 | GSSA Variable __name__ | test.py:0:0:0:0 | GSSA Variable __name__ |
| test.py:0:0:0:0 | GSSA Variable __package__ | test.py:0:0:0:0 | GSSA Variable __package__ |
| test.py:0:0:0:0 | GSSA Variable b | test.py:0:0:0:0 | GSSA Variable b |
| test.py:0:0:0:0 | SSA variable $ | test.py:0:0:0:0 | SSA variable $ |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:1:1:21 | SynthDictSplatParameterNode | test.py:1:1:1:21 | SynthDictSplatParameterNode |
| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | ControlFlowNode for x |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:3:3:3 | SSA variable z |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:1:19:1:19 | SSA variable x | test.py:1:19:1:19 | SSA variable x |
| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:1:19:1:19 | SSA variable x | test.py:3:3:3:3 | SSA variable z |
| test.py:1:19:1:19 | SSA variable x | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:2:3:2:3 | SSA variable y | test.py:2:3:2:3 | SSA variable y |
| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z |
| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:3:2:3 | SSA variable y | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:3:3:3 | SSA variable z |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:3:3:3 | ControlFlowNode for z | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:3:3:3:3 | SSA variable z | test.py:3:3:3:3 | SSA variable z |
| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:4:10:4:10 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:6:1:6:1 | ControlFlowNode for a |
| test.py:6:1:6:1 | GSSA Variable a | test.py:6:1:6:1 | GSSA Variable a |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:7:1:7:1 | ControlFlowNode for b | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:7:1:7:1 | GSSA Variable b | test.py:7:1:7:1 | GSSA Variable b |
| test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:7:5:7:17 | [post] ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | [post] ControlFlowNode for obfuscated_id |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:7:5:7:20 | GSSA Variable a | test.py:7:5:7:20 | GSSA Variable a |
| test.py:7:5:7:20 | [pre] ControlFlowNode for obfuscated_id() | test.py:7:5:7:20 | [pre] ControlFlowNode for obfuscated_id() |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:7:19:7:19 | [post] ControlFlowNode for a | test.py:7:19:7:19 | [post] ControlFlowNode for a |

21
python/ql/test/experimental/dataflow/basic/localStep.expected
View File

@@ -1,11 +1,10 @@
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b |

15
python/ql/test/experimental/dataflow/basic/maximalFlows.expected
View File

@@ -1,10 +1,7 @@
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | GSSA Variable b |
| test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:1:19:1:19 | SSA variable x | test.py:7:1:7:1 | GSSA Variable b |
| test.py:2:3:2:3 | SSA variable y | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:2:3:2:3 | SSA variable y | test.py:7:1:7:1 | GSSA Variable b |
| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:3:3:3 | SSA variable z | test.py:7:1:7:1 | GSSA Variable b |
| test.py:6:1:6:1 | GSSA Variable a | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:1:7:1 | GSSA Variable b |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b |

2
python/ql/test/experimental/dataflow/basic/maximalFlows.ql
View File

@@ -3,7 +3,7 @@ import maximalFlowsConfig
from DataFlow::Node source, DataFlow::Node sink
where
source != sink and
exists(MaximalFlowsConfig cfg | cfg.hasFlow(source, sink)) and
MaximalFlowsFlow::flow(source, sink) and
exists(source.getLocation().getFile().getRelativePath()) and
exists(sink.getLocation().getFile().getRelativePath())
select source, sink

17
python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll
View File

@@ -1,3 +1,4 @@
import python
import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate
@@ -5,20 +6,18 @@ private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPr
* A configuration to find all "maximal" flows.
* To be used on small programs.
*/
class MaximalFlowsConfig extends DataFlow::Configuration {
MaximalFlowsConfig() { this = "AllFlowsConfig" }
override predicate isSource(DataFlow::Node node) {
module MaximalFlowsConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) {
node instanceof DataFlow::ParameterNode
or
node instanceof DataFlow::EssaNode and
not exists(DataFlow::EssaNode pred | DataFlow::localFlowStep(pred, node))
node instanceof DataFlow::LocalSourceNode
}
override predicate isSink(DataFlow::Node node) {
predicate isSink(DataFlow::Node node) {
node instanceof DataFlowPrivate::ReturnNode
or
node instanceof DataFlow::EssaNode and
not exists(node.(DataFlow::EssaNode).getVar().getASourceUse())
not DataFlowPrivate::LocalFlow::localFlowStep(node, _)
}
}
module MaximalFlowsFlow = DataFlow::Global<MaximalFlowsConfig>;

11
python/ql/test/experimental/dataflow/basic/sinks.expected
View File

@@ -1,29 +1,18 @@
| test.py:0:0:0:0 | GSSA Variable __name__ |
| test.py:0:0:0:0 | GSSA Variable __package__ |
| test.py:0:0:0:0 | GSSA Variable b |
| test.py:0:0:0:0 | SSA variable $ |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr |
| test.py:1:1:1:21 | SynthDictSplatParameterNode |
| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:19:1:19 | ControlFlowNode for x |
| test.py:1:19:1:19 | SSA variable x |
| test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:2:3:2:3 | SSA variable y |
| test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:3:3:3:3 | SSA variable z |
| test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:6:1:6:1 | ControlFlowNode for a |
| test.py:6:1:6:1 | GSSA Variable a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral |
| test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:7:1:7:1 | GSSA Variable b |
| test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:7:5:7:17 | [post] ControlFlowNode for obfuscated_id |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:7:5:7:20 | GSSA Variable a |
| test.py:7:5:7:20 | [pre] ControlFlowNode for obfuscated_id() |
| test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:7:19:7:19 | [post] ControlFlowNode for a |

2
python/ql/test/experimental/dataflow/basic/sinks.ql
View File

@@ -2,6 +2,6 @@ import allFlowsConfig
from DataFlow::Node sink
where
exists(AllFlowsConfig cfg | cfg.isSink(sink)) and
AllFlowsConfig::isSink(sink) and
exists(sink.getLocation().getFile().getRelativePath())
select sink

11
python/ql/test/experimental/dataflow/basic/sources.expected
View File

@@ -1,29 +1,18 @@
| test.py:0:0:0:0 | GSSA Variable __name__ |
| test.py:0:0:0:0 | GSSA Variable __package__ |
| test.py:0:0:0:0 | GSSA Variable b |
| test.py:0:0:0:0 | SSA variable $ |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr |
| test.py:1:1:1:21 | SynthDictSplatParameterNode |
| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:19:1:19 | ControlFlowNode for x |
| test.py:1:19:1:19 | SSA variable x |
| test.py:2:3:2:3 | ControlFlowNode for y |
| test.py:2:3:2:3 | SSA variable y |
| test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:3:3:3:3 | ControlFlowNode for z |
| test.py:3:3:3:3 | SSA variable z |
| test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:6:1:6:1 | ControlFlowNode for a |
| test.py:6:1:6:1 | GSSA Variable a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral |
| test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:7:1:7:1 | GSSA Variable b |
| test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:7:5:7:17 | [post] ControlFlowNode for obfuscated_id |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:7:5:7:20 | GSSA Variable a |
| test.py:7:5:7:20 | [pre] ControlFlowNode for obfuscated_id() |
| test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:7:19:7:19 | [post] ControlFlowNode for a |

2
python/ql/test/experimental/dataflow/basic/sources.ql
View File

@@ -2,6 +2,6 @@ import allFlowsConfig
from DataFlow::Node source
where
exists(AllFlowsConfig cfg | cfg.isSource(source)) and
AllFlowsConfig::isSource(source) and
exists(source.getLocation().getFile().getRelativePath())
select source

12
python/ql/test/experimental/dataflow/basic/test.py
View File

@@ -1,7 +1,7 @@
def obfuscated_id(x): #$ step="FunctionExpr -> GSSA Variable obfuscated_id" step="x -> SSA variable x"
y = x #$ step="x -> SSA variable y" step="SSA variable x, l:-1 -> x"
z = y #$ step="y -> SSA variable z" step="SSA variable y, l:-1 -> y"
return z #$ flow="42, l:+2 -> z" step="SSA variable z, l:-1 -> z"
def obfuscated_id(x): #$ step="FunctionExpr -> obfuscated_id"
y = x #$ step="x -> y" step="x, l:-1 -> x"
z = y #$ step="y -> z" step="y, l:-1 -> y"
return z #$ flow="42, l:+2 -> z" step="z, l:-1 -> z"
a = 42 #$ step="42 -> GSSA Variable a"
b = obfuscated_id(a) #$ flow="42, l:-1 -> GSSA Variable b" flow="FunctionExpr, l:-6 -> obfuscated_id" step="obfuscated_id(..) -> GSSA Variable b" step="GSSA Variable obfuscated_id, l:-6 -> obfuscated_id" step="GSSA Variable a, l:-1 -> a"
a = 42 #$ step="42 -> a"
b = obfuscated_id(a) #$ flow="42, l:-1 -> b" flow="FunctionExpr, l:-6 -> obfuscated_id" step="obfuscated_id(..) -> b" step="obfuscated_id, l:-6 -> obfuscated_id" step="a, l:-1 -> a"

10
python/ql/test/experimental/dataflow/callGraphConfig.qll
View File

@@ -5,18 +5,18 @@ private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPr
/**
* A configuration to find the call graph edges.
*/
class CallGraphConfig extends DataFlow::Configuration {
CallGraphConfig() { this = "CallGraphConfig" }
override predicate isSource(DataFlow::Node node) {
module CallGraphConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) {
node instanceof DataFlowPrivate::ReturnNode
or
node instanceof DataFlow::ArgumentNode
}
override predicate isSink(DataFlow::Node node) {
predicate isSink(DataFlow::Node node) {
node instanceof DataFlowPrivate::OutNode
or
node instanceof DataFlow::ParameterNode
}
}
module CallGraphFlow = DataFlow::Global<CallGraphConfig>;

27
python/ql/test/experimental/dataflow/callgraph_crosstalk/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/callgraph_crosstalk/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

27
python/ql/test/experimental/dataflow/calls/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/calls/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

27
python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/consistency/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

4
python/ql/test/experimental/dataflow/coverage-py3/classes.py
View File

@@ -51,7 +51,7 @@ class With_length_hint:
def test_length_hint():
import operator
with_length_hint = With_length_hint() #$ arg1="SSA variable with_length_hint" func=With_length_hint.__length_hint__
with_length_hint = With_length_hint() #$ arg1="with_length_hint" func=With_length_hint.__length_hint__
operator.length_hint(with_length_hint)
@@ -68,5 +68,5 @@ class With_index:
def test_index():
import operator
with_index = With_index() #$ arg1="SSA variable with_index" func=With_index.__index__
with_index = With_index() #$ arg1="with_index" func=With_index.__index__
operator.index(with_index)

74
python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql
View File

@@ -10,13 +10,11 @@ module Argument1RoutingTest implements RoutingTestSig {
predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink, Argument arg) {
(
exists(Argument1ExtraRoutingConfig cfg | cfg.hasFlow(source, sink))
Argument1ExtraRoutingFlow::flow(source, sink)
or
exists(ArgumentRoutingConfig cfg |
cfg.hasFlow(source, sink) and
cfg.isArgSource(source, 1) and
cfg.isGoodSink(sink, 1)
)
ArgumentRoutingFlow::flow(source, sink) and
ArgumentRoutingConfig::isArgSource(source, 1) and
ArgumentRoutingConfig::isGoodSink(sink, 1)
) and
exists(arg)
}
@@ -26,32 +24,28 @@ class ArgNumber extends int {
ArgNumber() { this in [1 .. 7] }
}
class ArgumentRoutingConfig extends DataFlow::Configuration {
ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
predicate isArgSource(DataFlow::Node node, ArgNumber argNumber) {
module ArgumentRoutingConfig implements DataFlow::ConfigSig {
additional predicate isArgSource(DataFlow::Node node, ArgNumber argNumber) {
node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg" + argNumber
}
override predicate isSource(DataFlow::Node node) { this.isArgSource(node, _) }
predicate isSource(DataFlow::Node node) { isArgSource(node, _) }
predicate isGoodSink(DataFlow::Node node, ArgNumber argNumber) {
additional predicate isGoodSink(DataFlow::Node node, ArgNumber argNumber) {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "SINK" + argNumber and
node.(DataFlow::CfgNode).getNode() = call.getAnArg()
)
}
predicate isBadSink(DataFlow::Node node, ArgNumber argNumber) {
additional predicate isBadSink(DataFlow::Node node, ArgNumber argNumber) {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "SINK" + argNumber + "_F" and
node.(DataFlow::CfgNode).getNode() = call.getAnArg()
)
}
override predicate isSink(DataFlow::Node node) {
this.isGoodSink(node, _) or this.isBadSink(node, _)
}
predicate isSink(DataFlow::Node node) { isGoodSink(node, _) or isBadSink(node, _) }
/**
* We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
@@ -59,22 +53,22 @@ class ArgumentRoutingConfig extends DataFlow::Configuration {
* making it seem like we handle all cases even if we only handle the last one.
* We make the test honest by preventing flow into source nodes.
*/
override predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) }
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}
class Argument1ExtraRoutingConfig extends DataFlow::Configuration {
Argument1ExtraRoutingConfig() { this = "Argument1ExtraRoutingConfig" }
module ArgumentRoutingFlow = DataFlow::Global<ArgumentRoutingConfig>;
override predicate isSource(DataFlow::Node node) {
module Argument1ExtraRoutingConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) {
exists(AssignmentDefinition def, DataFlow::CallCfgNode call |
def.getVariable() = node.(DataFlow::EssaNode).getVar() and
def.getDefiningNode() = node.(DataFlow::CfgNode).getNode() and
def.getValue() = call.getNode() and
call.getFunction().asCfgNode().(NameNode).getId().matches("With\\_%")
) and
node.(DataFlow::EssaNode).getVar().getName().matches("with\\_%")
node.(DataFlow::CfgNode).getNode().(NameNode).getId().matches("with\\_%")
}
override predicate isSink(DataFlow::Node node) {
predicate isSink(DataFlow::Node node) {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "SINK1" and
node.(DataFlow::CfgNode).getNode() = call.getAnArg()
@@ -87,20 +81,20 @@ class Argument1ExtraRoutingConfig extends DataFlow::Configuration {
* making it seem like we handle all cases even if we only handle the last one.
* We make the test honest by preventing flow into source nodes.
*/
override predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) }
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}
module Argument1ExtraRoutingFlow = DataFlow::Global<Argument1ExtraRoutingConfig>;
module RestArgumentRoutingTest implements RoutingTestSig {
class Argument = ArgNumber;
string flowTag(Argument arg) { result = "arg" + arg }
predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink, Argument arg) {
exists(ArgumentRoutingConfig cfg |
cfg.hasFlow(source, sink) and
cfg.isArgSource(source, arg) and
cfg.isGoodSink(sink, arg)
) and
ArgumentRoutingFlow::flow(source, sink) and
ArgumentRoutingConfig::isArgSource(source, arg) and
ArgumentRoutingConfig::isGoodSink(sink, arg) and
arg > 1
}
}
@@ -112,11 +106,9 @@ module BadArgumentRoutingTestSinkF implements RoutingTestSig {
string flowTag(Argument arg) { result = "bad" + arg }
predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink, Argument arg) {
exists(ArgumentRoutingConfig cfg |
cfg.hasFlow(source, sink) and
cfg.isArgSource(source, arg) and
cfg.isBadSink(sink, arg)
)
ArgumentRoutingFlow::flow(source, sink) and
ArgumentRoutingConfig::isArgSource(source, arg) and
ArgumentRoutingConfig::isBadSink(sink, arg)
}
}
@@ -127,14 +119,12 @@ module BadArgumentRoutingTestWrongSink implements RoutingTestSig {
string flowTag(Argument arg) { result = "bad" + arg }
predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink, Argument arg) {
exists(ArgumentRoutingConfig cfg |
cfg.hasFlow(source, sink) and
cfg.isArgSource(source, any(ArgNumber i | not i = arg)) and
(
cfg.isGoodSink(sink, arg)
or
cfg.isBadSink(sink, arg)
)
ArgumentRoutingFlow::flow(source, sink) and
ArgumentRoutingConfig::isArgSource(source, any(ArgNumber i | not i = arg)) and
(
ArgumentRoutingConfig::isGoodSink(sink, arg)
or
ArgumentRoutingConfig::isBadSink(sink, arg)
)
}
}

216
python/ql/test/experimental/dataflow/coverage/classes.py
View File

@@ -57,7 +57,7 @@ class With_init:
def test_init():
with_init = With_init() #$ MISSING: arg1="SSA variable with_init" func=With_init.__init__
with_init = With_init() #$ MISSING: arg1="with_init" func=With_init.__init__
# object.__del__(self)
@@ -68,7 +68,7 @@ class With_del:
def test_del():
with_del = With_del() #$ MISSING: arg1="SSA variable with_del" func=With_del.__del__
with_del = With_del() #$ MISSING: arg1="with_del" func=With_del.__del__
del with_del
@@ -81,7 +81,7 @@ class With_repr:
def test_repr():
with_repr = With_repr() #$ MISSING: arg1="SSA variable with_repr" func=With_repr.__repr__
with_repr = With_repr() #$ MISSING: arg1="with_repr" func=With_repr.__repr__
repr(with_repr)
@@ -94,7 +94,7 @@ class With_str:
def test_str():
with_str = With_str() #$ MISSING: arg1="SSA variable with_str" func=With_str.__str__
with_str = With_str() #$ MISSING: arg1="with_str" func=With_str.__str__
str(with_str)
@@ -107,7 +107,7 @@ class With_bytes:
def test_bytes():
with_bytes = With_bytes() #$ MISSING: arg1="SSA variable with_bytes" func=With_bytes.__bytes__
with_bytes = With_bytes() #$ MISSING: arg1="with_bytes" func=With_bytes.__bytes__
bytes(with_bytes)
@@ -121,18 +121,18 @@ class With_format:
def test_format():
with_format = With_format() #$ MISSING: arg1="SSA variable with_format" func=With_format.__format__
with_format = With_format() #$ MISSING: arg1="with_format" func=With_format.__format__
arg2 = "" #$ MISSING: arg2 func=With_format.__format__
format(with_format, arg2)
def test_format_str():
with_format = With_format() #$ MISSING: arg1="SSA variable with_format" func=With_format.__format__
with_format = With_format() #$ MISSING: arg1="with_format" func=With_format.__format__
"{0}".format(with_format)
def test_format_fstr():
with_format = With_format() #$ MISSING: arg1="SSA variable with_format" func=With_format.__format__
with_format = With_format() #$ MISSING: arg1="with_format" func=With_format.__format__
f"{with_format}"
@@ -146,7 +146,7 @@ class With_lt:
def test_lt():
with_lt = With_lt() #$ MISSING: arg1="SSA variable with_lt" func=With_lt.__lt__
with_lt = With_lt() #$ MISSING: arg1="with_lt" func=With_lt.__lt__
arg2 = with_lt #$ MISSING: arg2 func=With_lt.__lt__
with_lt < arg2
@@ -161,7 +161,7 @@ class With_le:
def test_le():
with_le = With_le() #$ MISSING: arg1="SSA variable with_le" func=With_le.__le__
with_le = With_le() #$ MISSING: arg1="with_le" func=With_le.__le__
arg2 = with_le #$ MISSING: arg2 func=With_le.__le__
with_le <= arg2
@@ -176,7 +176,7 @@ class With_eq:
def test_eq():
with_eq = With_eq() #$ MISSING: arg1="SSA variable with_eq" func=With_eq.__eq__
with_eq = With_eq() #$ MISSING: arg1="with_eq" func=With_eq.__eq__
with_eq == with_eq #$ MISSING: arg2="with_eq" func=With_eq.__eq__
@@ -190,7 +190,7 @@ class With_ne:
def test_ne():
with_ne = With_ne() #$ MISSING: arg1="SSA variable with_ne" func=With_ne.__ne__
with_ne = With_ne() #$ MISSING: arg1="with_ne" func=With_ne.__ne__
with_ne != with_ne #$ MISSING: arg2="with_ne" func=With_ne.__ne__
@@ -204,7 +204,7 @@ class With_gt:
def test_gt():
with_gt = With_gt() #$ MISSING: arg1="SSA variable with_gt" func=With_gt.__gt__
with_gt = With_gt() #$ MISSING: arg1="with_gt" func=With_gt.__gt__
arg2 = with_gt #$ MISSING: arg2 func=With_gt.__gt__
with_gt > arg2
@@ -219,7 +219,7 @@ class With_ge:
def test_ge():
with_ge = With_ge() #$ MISSING: arg1="SSA variable with_ge" func=With_ge.__ge__
with_ge = With_ge() #$ MISSING: arg1="with_ge" func=With_ge.__ge__
arg2 = with_ge #$ MISSING: arg2 func=With_ge.__ge__
with_ge >= arg2
@@ -233,22 +233,22 @@ class With_hash:
def test_hash():
with_hash = With_hash() #$ MISSING: arg1="SSA variable with_hash" func=With_hash.__hash__
with_hash = With_hash() #$ MISSING: arg1="with_hash" func=With_hash.__hash__
hash(with_hash)
def test_hash_set():
with_hash = With_hash() #$ MISSING: arg1="SSA variable with_hash" func=With_hash.__hash__
with_hash = With_hash() #$ MISSING: arg1="with_hash" func=With_hash.__hash__
len(set([with_hash]))
def test_hash_frozenset():
with_hash = With_hash() #$ MISSING: arg1="SSA variable with_hash" func=With_hash.__hash__
with_hash = With_hash() #$ MISSING: arg1="with_hash" func=With_hash.__hash__
len(frozenset([with_hash]))
def test_hash_dict():
with_hash = With_hash() #$ MISSING: arg1="SSA variable with_hash" func=With_hash.__hash__
with_hash = With_hash() #$ MISSING: arg1="with_hash" func=With_hash.__hash__
len(dict({with_hash: 0}))
@@ -261,12 +261,12 @@ class With_bool:
def test_bool():
with_bool = With_bool() #$ MISSING: arg1="SSA variable with_bool" func=With_bool.__bool__
with_bool = With_bool() #$ MISSING: arg1="with_bool" func=With_bool.__bool__
bool(with_bool)
def test_bool_if():
with_bool = With_bool() #$ MISSING: arg1="SSA variable with_bool" func=With_bool.__bool__
with_bool = With_bool() #$ MISSING: arg1="with_bool" func=With_bool.__bool__
if with_bool:
pass
@@ -282,7 +282,7 @@ class With_getattr:
def test_getattr():
with_getattr = With_getattr() #$ MISSING: arg1="SSA variable with_getattr" func=With_getattr.__getattr__
with_getattr = With_getattr() #$ MISSING: arg1="with_getattr" func=With_getattr.__getattr__
with_getattr.arg2 #$ MISSING: arg2="with_getattr.arg2" func=With_getattr.__getattr__
@@ -296,7 +296,7 @@ class With_getattribute:
def test_getattribute():
with_getattribute = With_getattribute() #$ MISSING: arg1="SSA variable with_getattribute" func=With_getattribute.__getattribute__
with_getattribute = With_getattribute() #$ MISSING: arg1="with_getattribute" func=With_getattribute.__getattribute__
with_getattribute.arg2 #$ MISSING: arg2 func=With_getattribute.__getattribute__
@@ -310,7 +310,7 @@ class With_setattr:
def test_setattr():
with_setattr = With_setattr() #$ MISSING: arg1="SSA variable with_setattr" func=With_setattr.__setattr__
with_setattr = With_setattr() #$ MISSING: arg1="with_setattr" func=With_setattr.__setattr__
arg3 = "" #$ MISSING: arg3 func=With_setattr.__setattr__
with_setattr.arg2 = arg3 #$ MISSING: arg2 func=With_setattr.__setattr__
@@ -324,7 +324,7 @@ class With_delattr:
def test_delattr():
with_delattr = With_delattr() #$ MISSING: arg1="SSA variable with_delattr" func=With_delattr.__delattr__
with_delattr = With_delattr() #$ MISSING: arg1="with_delattr" func=With_delattr.__delattr__
del with_delattr.arg2 #$ MISSING: arg2 func=With_delattr.__delattr__
@@ -337,7 +337,7 @@ class With_dir:
def test_dir():
with_dir = With_dir() #$ MISSING: arg1="SSA variable with_dir" func=With_dir.__dir__
with_dir = With_dir() #$ MISSING: arg1="with_dir" func=With_dir.__dir__
dir(with_dir)
@@ -360,7 +360,7 @@ def test_get():
class arg3:
pass
with_get = With_get() #$ MISSING: arg1="SSA variable with_get" func=With_get.__get__
with_get = With_get() #$ MISSING: arg1="with_get" func=With_get.__get__
arg3.attr = with_get
arg2 = arg3() #$ MISSING: arg2 func=With_get.__get__
arg2.attr
@@ -376,7 +376,7 @@ class With_set:
def test_set():
with_set = With_set() #$ MISSING: arg1="SSA variable with_set" func=With_set.__set__
with_set = With_set() #$ MISSING: arg1="with_set" func=With_set.__set__
Owner.attr = with_set
arg2 = Owner() #$ MISSING: arg2 func=With_set.__set__
arg3 = "" #$ MISSING: arg3 func=With_set.__set__
@@ -392,7 +392,7 @@ class With_delete:
def test_delete():
with_delete = With_delete() #$ MISSING: arg1="SSA variable with_delete" func=With_delete.__delete__
with_delete = With_delete() #$ MISSING: arg1="with_delete" func=With_delete.__delete__
Owner.attr = with_delete
arg2 = Owner() #$ MISSING: arg2 func=With_delete.__delete__
del arg2.attr
@@ -408,7 +408,7 @@ class With_set_name:
def test_set_name():
with_set_name = With_set_name() #$ MISSING: arg1="SSA variable with_set_name" func=With_set_name.__set_name__
with_set_name = With_set_name() #$ MISSING: arg1="with_set_name" func=With_set_name.__set_name__
type("arg2", (object,), dict(arg3=with_set_name)) #$ MISSING: arg2 arg3 func=With_set_name.__set_name__
@@ -462,7 +462,7 @@ class With_instancecheck:
def test_instancecheck():
with_instancecheck = With_instancecheck() #$ MISSING: arg1="SSA variable with_instancecheck" func=With_instancecheck.__instancecheck__
with_instancecheck = With_instancecheck() #$ MISSING: arg1="with_instancecheck" func=With_instancecheck.__instancecheck__
arg2 = "" #$ MISSING: arg2 func=With_instancecheck.__instancecheck__
isinstance(arg2, with_instancecheck)
@@ -477,7 +477,7 @@ class With_subclasscheck:
def test_subclasscheck():
with_subclasscheck = With_subclasscheck() #$ MISSING: arg1="SSA variable with_subclasscheck" func=With_subclasscheck.__subclasscheck__
with_subclasscheck = With_subclasscheck() #$ MISSING: arg1="with_subclasscheck" func=With_subclasscheck.__subclasscheck__
arg2 = object #$ MISSING: arg2 func=With_subclasscheck.__subclasscheck__
issubclass(arg2, with_subclasscheck)
@@ -506,7 +506,7 @@ class With_call:
def test_call():
with_call = With_call() #$ arg1="SSA variable with_call" func=With_call.__call__
with_call = With_call() #$ arg1="with_call" func=With_call.__call__
with_call()
@@ -520,17 +520,17 @@ class With_len:
def test_len():
with_len = With_len() #$ MISSING: arg1="SSA variable with_len" func=With_len.__len__
with_len = With_len() #$ MISSING: arg1="with_len" func=With_len.__len__
len(with_len)
def test_len_bool():
with_len = With_len() #$ MISSING: arg1="SSA variable with_len" func=With_len.__len__
with_len = With_len() #$ MISSING: arg1="with_len" func=With_len.__len__
bool(with_len)
def test_len_if():
with_len = With_len() #$ MISSING: arg1="SSA variable with_len" func=With_len.__len__
with_len = With_len() #$ MISSING: arg1="with_len" func=With_len.__len__
if with_len:
pass
@@ -545,7 +545,7 @@ class With_getitem:
def test_getitem():
with_getitem = With_getitem() #$ MISSING: arg1="SSA variable with_getitem" func=With_getitem.__getitem__
with_getitem = With_getitem() #$ MISSING: arg1="with_getitem" func=With_getitem.__getitem__
arg2 = 0
with_getitem[arg2] #$ MISSING: arg2 func=With_getitem.__getitem__
@@ -560,7 +560,7 @@ class With_setitem:
def test_setitem():
with_setitem = With_setitem() #$ MISSING: arg1="SSA variable with_setitem" func=With_setitem.__setitem__
with_setitem = With_setitem() #$ MISSING: arg1="with_setitem" func=With_setitem.__setitem__
arg2 = 0
arg3 = ""
with_setitem[arg2] = arg3 #$ MISSING: arg2 arg3 func=With_setitem.__setitem__
@@ -575,7 +575,7 @@ class With_delitem:
def test_delitem():
with_delitem = With_delitem() #$ MISSING: arg1="SSA variable with_delitem" func=With_delitem.__delitem__
with_delitem = With_delitem() #$ MISSING: arg1="with_delitem" func=With_delitem.__delitem__
arg2 = 0
del with_delitem[arg2] #$ MISSING: arg2 func=With_delitem.__delitem__
@@ -590,7 +590,7 @@ class With_missing(dict):
def test_missing():
with_missing = With_missing() #$ MISSING: arg1="SSA variable with_missing" func=With_missing.__missing__
with_missing = With_missing() #$ MISSING: arg1="with_missing" func=With_missing.__missing__
arg2 = 0 #$ MISSING: arg2 func=With_missing.__missing__
with_missing[arg2]
@@ -604,7 +604,7 @@ class With_iter:
def test_iter():
with_iter = With_iter() #$ MISSING: arg1="SSA variable with_iter" func=With_iter.__iter__
with_iter = With_iter() #$ MISSING: arg1="with_iter" func=With_iter.__iter__
[x for x in with_iter]
@@ -617,7 +617,7 @@ class With_reversed:
def test_reversed():
with_reversed = With_reversed() #$ MISSING: arg1="SSA variable with_reversed" func=With_reversed.__reversed__
with_reversed = With_reversed() #$ MISSING: arg1="with_reversed" func=With_reversed.__reversed__
reversed(with_reversed)
@@ -631,7 +631,7 @@ class With_contains:
def test_contains():
with_contains = With_contains() #$ MISSING: arg1="SSA variable with_contains" func=With_contains.__contains__
with_contains = With_contains() #$ MISSING: arg1="with_contains" func=With_contains.__contains__
arg2 = 0 #$ MISSING: arg2 func=With_contains.__contains__
arg2 in with_contains
@@ -647,7 +647,7 @@ class With_add:
def test_add():
with_add = With_add() #$ MISSING: arg1="SSA variable with_add" func=With_add.__add__
with_add = With_add() #$ MISSING: arg1="with_add" func=With_add.__add__
arg2 = with_add
with_add + arg2 #$ MISSING: arg2 func=With_add.__add__
@@ -662,7 +662,7 @@ class With_sub:
def test_sub():
with_sub = With_sub() #$ MISSING: arg1="SSA variable with_sub" func=With_sub.__sub__
with_sub = With_sub() #$ MISSING: arg1="with_sub" func=With_sub.__sub__
arg2 = with_sub
with_sub - arg2 #$ MISSING: arg2 func=With_sub.__sub__
@@ -677,7 +677,7 @@ class With_mul:
def test_mul():
with_mul = With_mul() #$ MISSING: arg1="SSA variable with_mul" func=With_mul.__mul__
with_mul = With_mul() #$ MISSING: arg1="with_mul" func=With_mul.__mul__
arg2 = with_mul
with_mul * arg2 #$ MISSING: arg2 func=With_mul.__mul__
@@ -692,7 +692,7 @@ class With_matmul:
def test_matmul():
with_matmul = With_matmul() #$ MISSING: arg1="SSA variable with_matmul" func=With_matmul.__matmul__
with_matmul = With_matmul() #$ MISSING: arg1="with_matmul" func=With_matmul.__matmul__
arg2 = with_matmul
with_matmul @ arg2 #$ MISSING: arg2 func=With_matmul.__matmul__
@@ -707,7 +707,7 @@ class With_truediv:
def test_truediv():
with_truediv = With_truediv() #$ MISSING: arg1="SSA variable with_truediv" func=With_truediv.__truediv__
with_truediv = With_truediv() #$ MISSING: arg1="with_truediv" func=With_truediv.__truediv__
arg2 = with_truediv
with_truediv / arg2 #$ MISSING: arg2 func=With_truediv.__truediv__
@@ -722,7 +722,7 @@ class With_floordiv:
def test_floordiv():
with_floordiv = With_floordiv() #$ MISSING: arg1="SSA variable with_floordiv" func=With_floordiv.__floordiv__
with_floordiv = With_floordiv() #$ MISSING: arg1="with_floordiv" func=With_floordiv.__floordiv__
arg2 = with_floordiv
with_floordiv // arg2 #$ MISSING: arg2 func=With_floordiv.__floordiv__
@@ -737,7 +737,7 @@ class With_mod:
def test_mod():
with_mod = With_mod() #$ MISSING: arg1="SSA variable with_mod" func=With_mod.__mod__
with_mod = With_mod() #$ MISSING: arg1="with_mod" func=With_mod.__mod__
arg2 = with_mod
with_mod % arg2 #$ MISSING: arg2 func=With_mod.__mod__
@@ -752,7 +752,7 @@ class With_divmod:
def test_divmod():
with_divmod = With_divmod() #$ MISSING: arg1="SSA variable with_divmod" func=With_divmod.__divmod__
with_divmod = With_divmod() #$ MISSING: arg1="with_divmod" func=With_divmod.__divmod__
arg2 = With_divmod #$ MISSING: arg2 func=With_divmod.__divmod__
divmod(with_divmod, arg2)
@@ -767,13 +767,13 @@ class With_pow:
def test_pow():
with_pow = With_pow() #$ MISSING: arg1="SSA variable with_pow" func=With_pow.__pow__
with_pow = With_pow() #$ MISSING: arg1="with_pow" func=With_pow.__pow__
arg2 = with_pow
pow(with_pow, arg2) #$ MISSING: arg2 func=With_pow.__pow__
def test_pow_op():
with_pow = With_pow() #$ MISSING: arg1="SSA variable with_pow" func=With_pow.__pow__
with_pow = With_pow() #$ MISSING: arg1="with_pow" func=With_pow.__pow__
arg2 = with_pow
with_pow ** arg2 #$ MISSING: arg2 func=With_pow.__pow__
@@ -788,7 +788,7 @@ class With_lshift:
def test_lshift():
with_lshift = With_lshift() #$ MISSING: arg1="SSA variable with_lshift" func=With_lshift.__lshift__
with_lshift = With_lshift() #$ MISSING: arg1="with_lshift" func=With_lshift.__lshift__
arg2 = with_lshift
with_lshift << arg2 #$ MISSING: arg2 func=With_lshift.__lshift__
@@ -803,7 +803,7 @@ class With_rshift:
def test_rshift():
with_rshift = With_rshift() #$ MISSING: arg1="SSA variable with_rshift" func=With_rshift.__rshift__
with_rshift = With_rshift() #$ MISSING: arg1="with_rshift" func=With_rshift.__rshift__
arg2 = with_rshift
with_rshift >> arg2 #$ MISSING: arg2 func=With_rshift.__rshift__
@@ -818,7 +818,7 @@ class With_and:
def test_and():
with_and = With_and() #$ MISSING: arg1="SSA variable with_and" func=With_and.__and__
with_and = With_and() #$ MISSING: arg1="with_and" func=With_and.__and__
arg2 = with_and
with_and & arg2 #$ MISSING: arg2 func=With_and.__and__
@@ -833,7 +833,7 @@ class With_xor:
def test_xor():
with_xor = With_xor() #$ MISSING: arg1="SSA variable with_xor" func=With_xor.__xor__
with_xor = With_xor() #$ MISSING: arg1="with_xor" func=With_xor.__xor__
arg2 = with_xor
with_xor ^ arg2 #$ MISSING: arg2 func=With_xor.__xor__
@@ -848,7 +848,7 @@ class With_or:
def test_or():
with_or = With_or() #$ MISSING: arg1="SSA variable with_or" func=With_or.__or__
with_or = With_or() #$ MISSING: arg1="with_or" func=With_or.__or__
arg2 = with_or
with_or | arg2 #$ MISSING: arg2 func=With_or.__or__
@@ -863,7 +863,7 @@ class With_radd:
def test_radd():
with_radd = With_radd() #$ MISSING: arg1="SSA variable with_radd" func=With_radd.__radd__
with_radd = With_radd() #$ MISSING: arg1="with_radd" func=With_radd.__radd__
arg2 = "" #$ MISSING: arg2 func=With_radd.__radd__
arg2 + with_radd
@@ -878,7 +878,7 @@ class With_rsub:
def test_rsub():
with_rsub = With_rsub() #$ MISSING: arg1="SSA variable with_rsub" func=With_rsub.__rsub__
with_rsub = With_rsub() #$ MISSING: arg1="with_rsub" func=With_rsub.__rsub__
arg2 = "" #$ MISSING: arg2 func=With_rsub.__rsub__
arg2 - with_rsub
@@ -893,7 +893,7 @@ class With_rmul:
def test_rmul():
with_rmul = With_rmul() #$ MISSING: arg1="SSA variable with_rmul" func=With_rmul.__rmul__
with_rmul = With_rmul() #$ MISSING: arg1="with_rmul" func=With_rmul.__rmul__
arg2 = "" #$ MISSING: arg2 func=With_rmul.__rmul__
arg2 * with_rmul
@@ -908,7 +908,7 @@ class With_rmatmul:
def test_rmatmul():
with_rmatmul = With_rmatmul() #$ MISSING: arg1="SSA variable with_rmatmul" func=With_rmatmul.__rmatmul__
with_rmatmul = With_rmatmul() #$ MISSING: arg1="with_rmatmul" func=With_rmatmul.__rmatmul__
arg2 = "" #$ MISSING: arg2 func=With_rmatmul.__rmatmul__
arg2 @ with_rmatmul
@@ -923,7 +923,7 @@ class With_rtruediv:
def test_rtruediv():
with_rtruediv = With_rtruediv() #$ MISSING: arg1="SSA variable with_rtruediv" func=With_rtruediv.__rtruediv__
with_rtruediv = With_rtruediv() #$ MISSING: arg1="with_rtruediv" func=With_rtruediv.__rtruediv__
arg2 = "" #$ MISSING: arg2 func=With_rtruediv.__rtruediv__
arg2 / with_rtruediv
@@ -938,7 +938,7 @@ class With_rfloordiv:
def test_rfloordiv():
with_rfloordiv = With_rfloordiv() #$ MISSING: arg1="SSA variable with_rfloordiv" func=With_rfloordiv.__rfloordiv__
with_rfloordiv = With_rfloordiv() #$ MISSING: arg1="with_rfloordiv" func=With_rfloordiv.__rfloordiv__
arg2 = "" #$ MISSING: arg2 func=With_rfloordiv.__rfloordiv__
arg2 // with_rfloordiv
@@ -953,7 +953,7 @@ class With_rmod:
def test_rmod():
with_rmod = With_rmod() #$ MISSING: arg1="SSA variable with_rmod" func=With_rmod.__rmod__
with_rmod = With_rmod() #$ MISSING: arg1="with_rmod" func=With_rmod.__rmod__
arg2 = {} #$ MISSING: arg2 func=With_rmod.__rmod__
arg2 % with_rmod
@@ -968,7 +968,7 @@ class With_rdivmod:
def test_rdivmod():
with_rdivmod = With_rdivmod() #$ MISSING: arg1="SSA variable with_rdivmod" func=With_rdivmod.__rdivmod__
with_rdivmod = With_rdivmod() #$ MISSING: arg1="with_rdivmod" func=With_rdivmod.__rdivmod__
arg2 = "" #$ MISSING: arg2 func=With_rdivmod.__rdivmod__
divmod(arg2, with_rdivmod)
@@ -983,13 +983,13 @@ class With_rpow:
def test_rpow():
with_rpow = With_rpow() #$ MISSING: arg1="SSA variable with_rpow" func=With_rpow.__rpow__
with_rpow = With_rpow() #$ MISSING: arg1="with_rpow" func=With_rpow.__rpow__
arg2 = "" #$ MISSING: arg2 func=With_rpow.__rpow__
pow(arg2, with_rpow)
def test_rpow_op():
with_rpow = With_rpow() #$ MISSING: arg1="SSA variable with_rpow" func=With_rpow.__rpow__
with_rpow = With_rpow() #$ MISSING: arg1="with_rpow" func=With_rpow.__rpow__
arg2 = "" #$ MISSING: arg2 func=With_rpow.__rpow__
arg2 ** with_rpow
@@ -1004,7 +1004,7 @@ class With_rlshift:
def test_rlshift():
with_rlshift = With_rlshift() #$ MISSING: arg1="SSA variable with_rlshift" func=With_rlshift.__rlshift__
with_rlshift = With_rlshift() #$ MISSING: arg1="with_rlshift" func=With_rlshift.__rlshift__
arg2 = "" #$ MISSING: arg2 func=With_rlshift.__rlshift__
arg2 << with_rlshift
@@ -1019,7 +1019,7 @@ class With_rrshift:
def test_rrshift():
with_rrshift = With_rrshift() #$ MISSING: arg1="SSA variable with_rrshift" func=With_rrshift.__rrshift__
with_rrshift = With_rrshift() #$ MISSING: arg1="with_rrshift" func=With_rrshift.__rrshift__
arg2 = "" #$ MISSING: arg2 func=With_rrshift.__rrshift__
arg2 >> with_rrshift
@@ -1034,7 +1034,7 @@ class With_rand:
def test_rand():
with_rand = With_rand() #$ MISSING: arg1="SSA variable with_rand" func=With_rand.__rand__
with_rand = With_rand() #$ MISSING: arg1="with_rand" func=With_rand.__rand__
arg2 = "" #$ MISSING: arg2 func=With_rand.__rand__
arg2 & with_rand
@@ -1049,7 +1049,7 @@ class With_rxor:
def test_rxor():
with_rxor = With_rxor() #$ MISSING: arg1="SSA variable with_rxor" func=With_rxor.__rxor__
with_rxor = With_rxor() #$ MISSING: arg1="with_rxor" func=With_rxor.__rxor__
arg2 = "" #$ MISSING: arg2 func=With_rxor.__rxor__
arg2 ^ with_rxor
@@ -1064,7 +1064,7 @@ class With_ror:
def test_ror():
with_ror = With_ror() #$ MISSING: arg1="SSA variable with_ror" func=With_ror.__ror__
with_ror = With_ror() #$ MISSING: arg1="with_ror" func=With_ror.__ror__
arg2 = "" #$ MISSING: arg2 func=With_ror.__ror__
arg2 | with_ror
@@ -1079,7 +1079,7 @@ class With_iadd:
def test_iadd():
with_iadd = With_iadd() #$ MISSING: arg1="SSA variable with_iadd" func=With_iadd.__iadd__
with_iadd = With_iadd() #$ MISSING: arg1="with_iadd" func=With_iadd.__iadd__
arg2 = with_iadd #$ MISSING: arg2 func=With_iadd.__iadd__
with_iadd += arg2
@@ -1094,7 +1094,7 @@ class With_isub:
def test_isub():
with_isub = With_isub() #$ MISSING: arg1="SSA variable with_isub" func=With_isub.__isub__
with_isub = With_isub() #$ MISSING: arg1="with_isub" func=With_isub.__isub__
arg2 = with_isub #$ MISSING: arg2 func=With_isub.__isub__
with_isub -= arg2
@@ -1109,7 +1109,7 @@ class With_imul:
def test_imul():
with_imul = With_imul() #$ MISSING: arg1="SSA variable with_imul" func=With_imul.__imul__
with_imul = With_imul() #$ MISSING: arg1="with_imul" func=With_imul.__imul__
arg2 = with_imul #$ MISSING: arg2 func=With_imul.__imul__
with_imul *= arg2
@@ -1124,7 +1124,7 @@ class With_imatmul:
def test_imatmul():
with_imatmul = With_imatmul() #$ MISSING: arg1="SSA variable with_imatmul" func=With_imatmul.__imatmul__
with_imatmul = With_imatmul() #$ MISSING: arg1="with_imatmul" func=With_imatmul.__imatmul__
arg2 = with_imatmul #$ MISSING: arg2 func=With_imatmul.__imatmul__
with_imatmul @= arg2
@@ -1139,7 +1139,7 @@ class With_itruediv:
def test_itruediv():
with_itruediv = With_itruediv() #$ MISSING: arg1="SSA variable with_itruediv" func=With_itruediv.__itruediv__
with_itruediv = With_itruediv() #$ MISSING: arg1="with_itruediv" func=With_itruediv.__itruediv__
arg2 = with_itruediv #$ MISSING: arg2 func=With_itruediv.__itruediv__
with_itruediv /= arg2
@@ -1154,7 +1154,7 @@ class With_ifloordiv:
def test_ifloordiv():
with_ifloordiv = With_ifloordiv() #$ MISSING: arg1="SSA variable with_ifloordiv" func=With_ifloordiv.__ifloordiv__
with_ifloordiv = With_ifloordiv() #$ MISSING: arg1="with_ifloordiv" func=With_ifloordiv.__ifloordiv__
arg2 = with_ifloordiv #$ MISSING: arg2 func=With_ifloordiv.__ifloordiv__
with_ifloordiv //= arg2
@@ -1169,7 +1169,7 @@ class With_imod:
def test_imod():
with_imod = With_imod() #$ MISSING: arg1="SSA variable with_imod" func=With_imod.__imod__
with_imod = With_imod() #$ MISSING: arg1="with_imod" func=With_imod.__imod__
arg2 = with_imod #$ MISSING: arg2 func=With_imod.__imod__
with_imod %= arg2
@@ -1184,7 +1184,7 @@ class With_ipow:
def test_ipow():
with_ipow = With_ipow() #$ MISSING: arg1="SSA variable with_ipow" func=With_ipow.__ipow__
with_ipow = With_ipow() #$ MISSING: arg1="with_ipow" func=With_ipow.__ipow__
arg2 = with_ipow #$ MISSING: arg2 func=With_ipow.__ipow__
with_ipow **= arg2
@@ -1199,7 +1199,7 @@ class With_ilshift:
def test_ilshift():
with_ilshift = With_ilshift() #$ MISSING: arg1="SSA variable with_ilshift" func=With_ilshift.__ilshift__
with_ilshift = With_ilshift() #$ MISSING: arg1="with_ilshift" func=With_ilshift.__ilshift__
arg2 = with_ilshift #$ MISSING: arg2 func=With_ilshift.__ilshift__
with_ilshift <<= arg2
@@ -1214,7 +1214,7 @@ class With_irshift:
def test_irshift():
with_irshift = With_irshift() #$ MISSING: arg1="SSA variable with_irshift" func=With_irshift.__irshift__
with_irshift = With_irshift() #$ MISSING: arg1="with_irshift" func=With_irshift.__irshift__
arg2 = with_irshift #$ MISSING: arg2 func=With_irshift.__irshift__
with_irshift >>= arg2
@@ -1229,7 +1229,7 @@ class With_iand:
def test_iand():
with_iand = With_iand() #$ MISSING: arg1="SSA variable with_iand" func=With_iand.__iand__
with_iand = With_iand() #$ MISSING: arg1="with_iand" func=With_iand.__iand__
arg2 = with_iand #$ MISSING: arg2 func=With_iand.__iand__
with_iand &= arg2
@@ -1244,7 +1244,7 @@ class With_ixor:
def test_ixor():
with_ixor = With_ixor() #$ MISSING: arg1="SSA variable with_ixor" func=With_ixor.__ixor__
with_ixor = With_ixor() #$ MISSING: arg1="with_ixor" func=With_ixor.__ixor__
arg2 = with_ixor #$ MISSING: arg2 func=With_ixor.__ixor__
with_ixor ^= arg2
@@ -1259,7 +1259,7 @@ class With_ior:
def test_ior():
with_ior = With_ior() #$ MISSING: arg1="SSA variable with_ior" func=With_ior.__ior__
with_ior = With_ior() #$ MISSING: arg1="with_ior" func=With_ior.__ior__
arg2 = with_ior #$ MISSING: arg2 func=With_ior.__ior__
with_ior |= arg2
@@ -1273,7 +1273,7 @@ class With_neg:
def test_neg():
with_neg = With_neg() #$ MISSING: arg1="SSA variable with_neg" func=With_neg.__neg__
with_neg = With_neg() #$ MISSING: arg1="with_neg" func=With_neg.__neg__
-with_neg
@@ -1286,7 +1286,7 @@ class With_pos:
def test_pos():
with_pos = With_pos() #$ MISSING: arg1="SSA variable with_pos" func=With_pos.__pos__
with_pos = With_pos() #$ MISSING: arg1="with_pos" func=With_pos.__pos__
+with_pos
@@ -1299,7 +1299,7 @@ class With_abs:
def test_abs():
with_abs = With_abs() #$ MISSING: arg1="SSA variable with_abs" func=With_abs.__abs__
with_abs = With_abs() #$ MISSING: arg1="with_abs" func=With_abs.__abs__
abs(with_abs)
@@ -1312,7 +1312,7 @@ class With_invert:
def test_invert():
with_invert = With_invert() #$ MISSING: arg1="SSA variable with_invert" func=With_invert.__invert__
with_invert = With_invert() #$ MISSING: arg1="with_invert" func=With_invert.__invert__
~with_invert
@@ -1325,7 +1325,7 @@ class With_complex:
def test_complex():
with_complex = With_complex() #$ MISSING: arg1="SSA variable with_complex" func=With_complex.__complex__
with_complex = With_complex() #$ MISSING: arg1="with_complex" func=With_complex.__complex__
complex(with_complex)
@@ -1338,7 +1338,7 @@ class With_int:
def test_int():
with_int = With_int() #$ MISSING: arg1="SSA variable with_int" func=With_int.__int__
with_int = With_int() #$ MISSING: arg1="with_int" func=With_int.__int__
int(with_int)
@@ -1351,7 +1351,7 @@ class With_float:
def test_float():
with_float = With_float() #$ MISSING: arg1="SSA variable with_float" func=With_float.__float__
with_float = With_float() #$ MISSING: arg1="with_float" func=With_float.__float__
float(with_float)
@@ -1364,37 +1364,37 @@ class With_index:
def test_index_slicing():
with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__
[0][with_index:1]
def test_index_bin():
with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__
bin(with_index)
def test_index_hex():
with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__
hex(with_index)
def test_index_oct():
with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__
oct(with_index)
def test_index_int():
with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__
int(with_index)
def test_index_float():
with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__
float(with_index)
def test_index_complex():
with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__
complex(with_index)
@@ -1407,7 +1407,7 @@ class With_round:
def test_round():
with_round = With_round() #$ MISSING: arg1="SSA variable with_round" func=With_round.__round__
with_round = With_round() #$ MISSING: arg1="with_round" func=With_round.__round__
round(with_round)
@@ -1420,7 +1420,7 @@ class With_trunc:
def test_trunc():
with_trunc = With_trunc() #$ MISSING: arg1="SSA variable with_trunc" func=With_trunc.__trunc__
with_trunc = With_trunc() #$ MISSING: arg1="with_trunc" func=With_trunc.__trunc__
import math
math.trunc(with_trunc)
@@ -1435,7 +1435,7 @@ class With_floor:
def test_floor():
with_floor = With_floor() #$ MISSING: arg1="SSA variable with_floor" func=With_floor.__floor__
with_floor = With_floor() #$ MISSING: arg1="with_floor" func=With_floor.__floor__
import math
math.floor(with_floor)
@@ -1450,7 +1450,7 @@ class With_ceil:
def test_ceil():
with_ceil = With_ceil() #$ MISSING: arg1="SSA variable with_ceil" func=With_ceil.__ceil__
with_ceil = With_ceil() #$ MISSING: arg1="with_ceil" func=With_ceil.__ceil__
import math
math.ceil(with_ceil)
@@ -1503,7 +1503,7 @@ class With_await:
async def atest_await():
with_await = With_await() #$ MISSING: arg1="SSA variable with_await" func=With_await.__await__
with_await = With_await() #$ MISSING: arg1="with_await" func=With_await.__await__
await (with_await)
@@ -1525,7 +1525,7 @@ class With_aiter:
async def atest_aiter():
with_aiter = With_aiter() #$ MISSING: arg1="SSA variable with_aiter" func=With_aiter.__aiter__
with_aiter = With_aiter() #$ MISSING: arg1="with_aiter" func=With_aiter.__aiter__
async for x in with_aiter:
pass
@@ -1542,7 +1542,7 @@ class With_anext:
async def atest_anext():
with_anext = With_anext() #$ MISSING: arg1="SSA variable with_anext" func=With_anext.__anext__
with_anext = With_anext() #$ MISSING: arg1="with_anext" func=With_anext.__anext__
async for x in with_anext:
pass
@@ -1559,7 +1559,7 @@ class With_aenter:
async def atest_aenter():
with_aenter = With_aenter() #$ MISSING: arg1="SSA variable with_aenter" func=With_aenter.__aenter__
with_aenter = With_aenter() #$ MISSING: arg1="with_aenter" func=With_aenter.__aenter__
async with with_aenter:
pass
@@ -1578,6 +1578,6 @@ class With_aexit:
async def atest_aexit():
with_aexit = With_aexit() #$ MISSING: arg1="SSA variable with_aexit" func=With_aexit.__aexit__
with_aexit = With_aexit() #$ MISSING: arg1="with_aexit" func=With_aexit.__aexit__
async with with_aexit:
pass

27
python/ql/test/experimental/dataflow/coverage/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/coverage/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

33
python/ql/test/experimental/dataflow/coverage/localFlow.expected
View File

@@ -1,17 +1,16 @@
| test.py:41:1:41:33 | GSSA Variable NONSOURCE | test.py:42:10:42:18 | ControlFlowNode for NONSOURCE |
| test.py:41:1:41:33 | GSSA Variable SINK | test.py:44:5:44:8 | ControlFlowNode for SINK |
| test.py:41:1:41:33 | GSSA Variable SOURCE | test.py:42:21:42:26 | ControlFlowNode for SOURCE |
| test.py:42:5:42:5 | SSA variable x | test.py:43:9:43:9 | ControlFlowNode for x |
| test.py:42:10:42:26 | ControlFlowNode for Tuple | test.py:42:5:42:5 | SSA variable x |
| test.py:43:5:43:5 | SSA variable y | test.py:44:10:44:10 | ControlFlowNode for y |
| test.py:43:9:43:12 | ControlFlowNode for Subscript | test.py:43:5:43:5 | SSA variable y |
| test.py:208:1:208:53 | GSSA Variable SINK | test.py:210:5:210:8 | ControlFlowNode for SINK |
| test.py:208:1:208:53 | GSSA Variable SOURCE | test.py:209:25:209:30 | ControlFlowNode for SOURCE |
| test.py:209:5:209:5 | SSA variable x | test.py:210:10:210:10 | ControlFlowNode for x |
| test.py:209:9:209:68 | ControlFlowNode for .0 | test.py:209:9:209:68 | SSA variable .0 |
| test.py:209:9:209:68 | ControlFlowNode for ListComp | test.py:209:5:209:5 | SSA variable x |
| test.py:209:9:209:68 | SSA variable .0 | test.py:209:9:209:68 | ControlFlowNode for .0 |
| test.py:209:16:209:16 | SSA variable v | test.py:209:45:209:45 | ControlFlowNode for v |
| test.py:209:40:209:40 | SSA variable u | test.py:209:56:209:56 | ControlFlowNode for u |
| test.py:209:51:209:51 | SSA variable z | test.py:209:67:209:67 | ControlFlowNode for z |
| test.py:209:62:209:62 | SSA variable y | test.py:209:10:209:10 | ControlFlowNode for y |
| test.py:41:1:41:33 | Entry definition for SsaSourceVariable NONSOURCE | test.py:42:10:42:18 | ControlFlowNode for NONSOURCE |
| test.py:41:1:41:33 | Entry definition for SsaSourceVariable SINK | test.py:44:5:44:8 | ControlFlowNode for SINK |
| test.py:41:1:41:33 | Entry definition for SsaSourceVariable SOURCE | test.py:42:21:42:26 | ControlFlowNode for SOURCE |
| test.py:42:5:42:5 | ControlFlowNode for x | test.py:43:9:43:9 | ControlFlowNode for x |
| test.py:42:10:42:26 | ControlFlowNode for Tuple | test.py:42:5:42:5 | ControlFlowNode for x |
| test.py:43:5:43:5 | ControlFlowNode for y | test.py:44:10:44:10 | ControlFlowNode for y |
| test.py:43:9:43:12 | ControlFlowNode for Subscript | test.py:43:5:43:5 | ControlFlowNode for y |
| test.py:208:1:208:53 | Entry definition for SsaSourceVariable SINK | test.py:210:5:210:8 | ControlFlowNode for SINK |
| test.py:208:1:208:53 | Entry definition for SsaSourceVariable SOURCE | test.py:209:25:209:30 | ControlFlowNode for SOURCE |
| test.py:209:5:209:5 | ControlFlowNode for x | test.py:210:10:210:10 | ControlFlowNode for x |
| test.py:209:9:209:68 | ControlFlowNode for .0 | test.py:209:9:209:68 | ControlFlowNode for .0 |
| test.py:209:9:209:68 | ControlFlowNode for ListComp | test.py:209:5:209:5 | ControlFlowNode for x |
| test.py:209:16:209:16 | ControlFlowNode for v | test.py:209:45:209:45 | ControlFlowNode for v |
| test.py:209:40:209:40 | ControlFlowNode for u | test.py:209:56:209:56 | ControlFlowNode for u |
| test.py:209:51:209:51 | ControlFlowNode for z | test.py:209:67:209:67 | ControlFlowNode for z |
| test.py:209:62:209:62 | ControlFlowNode for y | test.py:209:10:209:10 | ControlFlowNode for y |

27
python/ql/test/experimental/dataflow/exceptions/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/exceptions/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

27
python/ql/test/experimental/dataflow/fieldflow/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/fieldflow/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

27
python/ql/test/experimental/dataflow/global-flow/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/global-flow/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

7
python/ql/test/experimental/dataflow/import-star/global.expected
View File

@@ -1,15 +1,22 @@
| test3.py:1:17:1:19 | ControlFlowNode for ImportMember | test3.py:1:17:1:19 | ControlFlowNode for foo |
| test3.py:1:17:1:19 | ControlFlowNode for ImportMember | test3.py:2:7:2:9 | ControlFlowNode for foo |
| test3.py:1:17:1:19 | ControlFlowNode for foo | test3.py:2:7:2:9 | ControlFlowNode for foo |
| three.py:1:1:1:3 | ControlFlowNode for foo | test1.py:2:7:2:9 | ControlFlowNode for foo |
| three.py:1:1:1:3 | ControlFlowNode for foo | test3.py:1:17:1:19 | ControlFlowNode for ImportMember |
| three.py:1:1:1:3 | ControlFlowNode for foo | test3.py:1:17:1:19 | ControlFlowNode for foo |
| three.py:1:1:1:3 | ControlFlowNode for foo | test3.py:2:7:2:9 | ControlFlowNode for foo |
| three.py:1:1:1:3 | ControlFlowNode for foo | two.py:2:7:2:9 | ControlFlowNode for foo |
| three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test1.py:2:7:2:9 | ControlFlowNode for foo |
| three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test3.py:1:17:1:19 | ControlFlowNode for ImportMember |
| three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test3.py:1:17:1:19 | ControlFlowNode for foo |
| three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test3.py:2:7:2:9 | ControlFlowNode for foo |
| three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | three.py:1:1:1:3 | ControlFlowNode for foo |
| three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | two.py:2:7:2:9 | ControlFlowNode for foo |
| trois.py:1:1:1:3 | ControlFlowNode for foo | deux.py:2:7:2:9 | ControlFlowNode for foo |
| trois.py:1:1:1:3 | ControlFlowNode for foo | test2.py:2:7:2:9 | ControlFlowNode for foo |
| trois.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | deux.py:2:7:2:9 | ControlFlowNode for foo |
| trois.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test2.py:2:7:2:9 | ControlFlowNode for foo |
| trois.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | trois.py:1:1:1:3 | ControlFlowNode for foo |
| two.py:2:7:2:9 | ControlFlowNode for foo | test3.py:1:17:1:19 | ControlFlowNode for ImportMember |
| two.py:2:7:2:9 | ControlFlowNode for foo | test3.py:1:17:1:19 | ControlFlowNode for foo |
| two.py:2:7:2:9 | ControlFlowNode for foo | test3.py:2:7:2:9 | ControlFlowNode for foo |

12
python/ql/test/experimental/dataflow/import-star/global.ql
View File

@@ -4,16 +4,16 @@ import semmle.python.dataflow.new.DataFlow
* A configuration to find all flows.
* To be used on tiny programs.
*/
class AllFlowsConfig extends DataFlow::Configuration {
AllFlowsConfig() { this = "AllFlowsConfig" }
module AllFlowsConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { any() }
override predicate isSource(DataFlow::Node node) { any() }
override predicate isSink(DataFlow::Node node) { any() }
predicate isSink(DataFlow::Node node) { any() }
}
module AllFlowsFlow = DataFlow::Global<AllFlowsConfig>;
from DataFlow::CfgNode source, DataFlow::CfgNode sink
where
source != sink and
exists(AllFlowsConfig cfg | cfg.hasFlow(source, sink))
AllFlowsFlow::flow(source, sink)
select source, sink

27
python/ql/test/experimental/dataflow/match/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/match/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

5
python/ql/test/experimental/dataflow/module-initialization/localFlow.ql
View File

@@ -11,7 +11,10 @@ module ImportTimeLocalFlowTest implements FlowTestSig {
nodeFrom.getLocation().getFile().getBaseName() = "multiphase.py" and
// results are displayed next to `nodeTo`, so we need a line to write on
nodeTo.getLocation().getStartLine() > 0 and
nodeTo.asVar() instanceof GlobalSsaVariable and
exists(GlobalSsaVariable g |
nodeTo.asCfgNode() = g.getDefinition().(EssaNodeDefinition).getDefiningNode()
) and
// nodeTo.asVar() instanceof GlobalSsaVariable and
DP::PhaseDependentFlow<DP::LocalFlow::localFlowStep/2>::importTimeStep(nodeFrom, nodeTo)
}
}

22
python/ql/test/experimental/dataflow/module-initialization/multiphase.py
View File

@@ -1,40 +1,40 @@
import sys #$ importTimeFlow="ImportExpr -> GSSA Variable sys"
import os #$ importTimeFlow="ImportExpr -> GSSA Variable os"
import sys #$ importTimeFlow="ImportExpr -> sys"
import os #$ importTimeFlow="ImportExpr -> os"
sys.path.append(os.path.dirname(os.path.dirname((__file__))))
from testlib import expects #$ importTimeFlow="ImportMember -> GSSA Variable expects"
from testlib import expects #$ importTimeFlow="ImportMember -> expects"
# These are defined so that we can evaluate the test code.
NONSOURCE = "not a source" #$ importTimeFlow="'not a source' -> GSSA Variable NONSOURCE"
SOURCE = "source" #$ importTimeFlow="'source' -> GSSA Variable SOURCE"
NONSOURCE = "not a source" #$ importTimeFlow="'not a source' -> NONSOURCE"
SOURCE = "source" #$ importTimeFlow="'source' -> SOURCE"
def is_source(x): #$ importTimeFlow="FunctionExpr -> GSSA Variable is_source"
def is_source(x): #$ importTimeFlow="FunctionExpr -> is_source"
return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
def SINK(x): #$ importTimeFlow="FunctionExpr -> GSSA Variable SINK"
def SINK(x): #$ importTimeFlow="FunctionExpr -> SINK"
if is_source(x): #$ runtimeFlow="ModuleVariableNode in Module multiphase for is_source, l:-17 -> is_source"
print("OK") #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-18 -> print"
else:
print("Unexpected flow", x) #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-20 -> print"
def SINK_F(x): #$ importTimeFlow="FunctionExpr -> GSSA Variable SINK_F"
def SINK_F(x): #$ importTimeFlow="FunctionExpr -> SINK_F"
if is_source(x): #$ runtimeFlow="ModuleVariableNode in Module multiphase for is_source, l:-24 -> is_source"
print("Unexpected flow", x) #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-25 -> print"
else:
print("OK") #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-27 -> print"
def set_foo(): #$ importTimeFlow="FunctionExpr -> GSSA Variable set_foo"
def set_foo(): #$ importTimeFlow="FunctionExpr -> set_foo"
global foo
foo = SOURCE #$ runtimeFlow="ModuleVariableNode in Module multiphase for SOURCE, l:-31 -> SOURCE" # missing final definition of foo
foo = NONSOURCE #$ importTimeFlow="NONSOURCE -> GSSA Variable foo"
foo = NONSOURCE #$ importTimeFlow="NONSOURCE -> foo"
set_foo()
@expects(2)
def test_phases(): #$ importTimeFlow="expects(..)(..), l:-1 -> GSSA Variable test_phases"
def test_phases(): #$ importTimeFlow="expects(..)(..), l:-1 -> test_phases"
global foo
SINK(foo) #$ runtimeFlow="ModuleVariableNode in Module multiphase for SINK, l:-39 -> SINK" runtimeFlow="ModuleVariableNode in Module multiphase for foo, l:-39 -> foo"
foo = NONSOURCE #$ runtimeFlow="ModuleVariableNode in Module multiphase for NONSOURCE, l:-40 -> NONSOURCE"

27
python/ql/test/experimental/dataflow/pep_328/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/pep_328/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

14
python/ql/test/experimental/dataflow/regression/custom_dataflow.ql
View File

@@ -10,14 +10,10 @@
import python
import semmle.python.dataflow.new.DataFlow
class CustomTestConfiguration extends DataFlow::Configuration {
CustomTestConfiguration() { this = "CustomTestConfiguration" }
module CustomTestConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node.asCfgNode().(NameNode).getId() = "CUSTOM_SOURCE" }
override predicate isSource(DataFlow::Node node) {
node.asCfgNode().(NameNode).getId() = "CUSTOM_SOURCE"
}
override predicate isSink(DataFlow::Node node) {
predicate isSink(DataFlow::Node node) {
exists(CallNode call |
call.getFunction().(NameNode).getId() in ["CUSTOM_SINK", "CUSTOM_SINK_F"] and
node.asCfgNode() = call.getAnArg()
@@ -25,6 +21,8 @@ class CustomTestConfiguration extends DataFlow::Configuration {
}
}
module CustomTestFlow = DataFlow::Global<CustomTestConfig>;
from DataFlow::Node source, DataFlow::Node sink
where exists(CustomTestConfiguration cfg | cfg.hasFlow(source, sink))
where CustomTestFlow::flow(source, sink)
select source, sink

27
python/ql/test/experimental/dataflow/regression/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/regression/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

16
python/ql/test/experimental/dataflow/sensitive-data/TestSensitiveDataSources.ql
View File

@@ -20,7 +20,7 @@ module SensitiveDataSourcesTest implements TestSig {
tag = "SensitiveDataSource"
or
exists(DataFlow::Node use |
any(SensitiveUseConfiguration config).hasFlow(source, use) and
SensitiveUseFlow::flow(source, use) and
location = use.getLocation() and
element = use.toString() and
value = source.getClassification() and
@@ -32,19 +32,17 @@ module SensitiveDataSourcesTest implements TestSig {
import MakeTest<SensitiveDataSourcesTest>
class SensitiveUseConfiguration extends TaintTracking::Configuration {
SensitiveUseConfiguration() { this = "SensitiveUseConfiguration" }
module SensitiveUseConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node instanceof SensitiveDataSource }
override predicate isSource(DataFlow::Node node) { node instanceof SensitiveDataSource }
predicate isSink(DataFlow::Node node) { node = API::builtin("print").getACall().getArg(_) }
override predicate isSink(DataFlow::Node node) {
node = API::builtin("print").getACall().getArg(_)
}
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
sensitiveDataExtraStepForCalls(node1, node2)
}
}
module SensitiveUseFlow = TaintTracking::Global<SensitiveUseConfig>;
// import DataFlow::PathGraph
// from SensitiveUseConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
// where cfg.hasFlowPath(source, sink)

27
python/ql/test/experimental/dataflow/strange-essaflow/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/strange-essaflow/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

4
python/ql/test/experimental/dataflow/strange-essaflow/testFlow.expected
View File

@@ -1,6 +1,6 @@
os_import
| test.py:2:8:2:9 | GSSA Variable os |
| test.py:2:8:2:9 | ControlFlowNode for os |
flowstep
jumpStep
| test.py:2:8:2:9 | GSSA Variable os | test.py:0:0:0:0 | ModuleVariableNode in Module test for os |
| test.py:2:8:2:9 | ControlFlowNode for os | test.py:0:0:0:0 | ModuleVariableNode in Module test for os |
essaFlowStep

20
python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql
View File

@@ -2,17 +2,17 @@ import python
import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate
/** Gets the EssaNode that holds the module imported by the fully qualified module name `name` */
DataFlow::EssaNode module_import(string name) {
exists(Variable var, Import imp, Alias alias |
/** Gets the `CfgNode` that holds the module imported by the fully qualified module name `name`. */
DataFlow::CfgNode module_import(string name) {
exists(Variable var, AssignmentDefinition def, Import imp, Alias alias |
var = def.getSourceVariable() and
result.getNode() = def.getDefiningNode() and
alias = imp.getAName() and
alias.getAsname() = var.getAStore() and
(
name = alias.getValue().(ImportMember).getImportedModuleName()
or
name = alias.getValue().(ImportExpr).getImportedModuleName()
) and
result.getVar().(AssignmentDefinition).getSourceVariable() = var
alias.getAsname() = var.getAStore()
|
name = alias.getValue().(ImportMember).getImportedModuleName()
or
name = alias.getValue().(ImportExpr).getImportedModuleName()
)
}

2
python/ql/test/experimental/dataflow/summaries-checks/invalid-spec.ql
View File

@@ -3,6 +3,6 @@ import semmle.python.dataflow.new.FlowSummary
import semmle.python.dataflow.new.internal.FlowSummaryImpl
query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c) {
(sc.propagatesFlowExt(s, _, _) or sc.propagatesFlowExt(_, s, _)) and
(sc.propagatesFlow(s, _, _) or sc.propagatesFlow(_, s, _)) and
Private::External::invalidSpecComponent(s, c)
}

2
python/ql/test/experimental/dataflow/summaries-checks/missing-attribute-content.ql
View File

@@ -4,7 +4,7 @@ import semmle.python.dataflow.new.internal.FlowSummaryImpl
from SummarizedCallable sc, string s, string c, string attr
where
(sc.propagatesFlowExt(s, _, _) or sc.propagatesFlowExt(_, s, _)) and
(sc.propagatesFlow(s, _, _) or sc.propagatesFlow(_, s, _)) and
Private::External::invalidSpecComponent(s, c) and
c = "Attribute[" + attr + "]"
select "The attribute \"" + attr +

18
python/ql/test/experimental/dataflow/summaries/TestSummaries.qll
View File

@@ -8,7 +8,7 @@ private import semmle.python.ApiGraphs
* `getACall` predicate on `SummarizedCallable`.
*/
module RecursionGuard {
private import semmle.python.dataflow.new.internal.TypeTrackerSpecific as TT
private import semmle.python.dataflow.new.internal.TypeTrackingImpl::TypeTrackingInput as TT
private class RecursionGuard extends SummarizedCallable {
RecursionGuard() { this = "RecursionGuard" }
@@ -18,6 +18,10 @@ module RecursionGuard {
(TT::callStep(_, _) implies any())
}
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
none()
}
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
}
}
@@ -31,7 +35,7 @@ private class SummarizedCallableIdentity extends SummarizedCallable {
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[0]" and
output = "ReturnValue" and
preservesValue = true
@@ -48,7 +52,7 @@ private class SummarizedCallableApplyLambda extends SummarizedCallable {
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[1]" and
output = "Argument[0].Parameter[0]" and
preservesValue = true
@@ -68,7 +72,7 @@ private class SummarizedCallableReversed extends SummarizedCallable {
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[0].ListElement" and
output = "ReturnValue.ListElement" and
preservesValue = true
@@ -84,7 +88,7 @@ private class SummarizedCallableMap extends SummarizedCallable {
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[1].ListElement" and
output = "Argument[0].Parameter[0]" and
preservesValue = true
@@ -104,7 +108,7 @@ private class SummarizedCallableAppend extends SummarizedCallable {
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[0]" and
output = "ReturnValue" and
preservesValue = false
@@ -126,7 +130,7 @@ private class SummarizedCallableJsonLoads extends SummarizedCallable {
result = API::moduleImport("json").getMember("loads").getAValueReachableFromSource()
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[0]" and
output = "ReturnValue.ListElement" and
preservesValue = true

100
python/ql/test/experimental/dataflow/summaries/summaries.expected
View File

@@ -1,55 +1,55 @@
edges
| summaries.py:32:1:32:7 | GSSA Variable tainted | summaries.py:33:6:33:12 | ControlFlowNode for tainted |
| summaries.py:32:11:32:26 | ControlFlowNode for identity() | summaries.py:32:1:32:7 | GSSA Variable tainted |
| summaries.py:32:20:32:25 | ControlFlowNode for SOURCE | summaries.py:32:11:32:26 | ControlFlowNode for identity() |
| summaries.py:36:1:36:14 | GSSA Variable tainted_lambda | summaries.py:37:6:37:19 | ControlFlowNode for tainted_lambda |
| summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | summaries.py:36:1:36:14 | GSSA Variable tainted_lambda |
| summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() |
| summaries.py:44:1:44:12 | GSSA Variable tainted_list | summaries.py:45:6:45:20 | ControlFlowNode for Subscript |
| summaries.py:44:1:44:12 | GSSA Variable tainted_list [List element] | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] |
| summaries.py:44:16:44:33 | ControlFlowNode for reversed() | summaries.py:44:1:44:12 | GSSA Variable tainted_list |
| summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | summaries.py:44:1:44:12 | GSSA Variable tainted_list [List element] |
| summaries.py:44:25:44:32 | ControlFlowNode for List | summaries.py:44:16:44:33 | ControlFlowNode for reversed() |
| summaries.py:44:25:44:32 | ControlFlowNode for List [List element] | summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] |
| summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | summaries.py:44:25:44:32 | ControlFlowNode for List |
| summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | summaries.py:44:25:44:32 | ControlFlowNode for List [List element] |
| summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | summaries.py:45:6:45:20 | ControlFlowNode for Subscript |
| summaries.py:51:1:51:14 | GSSA Variable tainted_mapped [List element] | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] |
| summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | summaries.py:51:1:51:14 | GSSA Variable tainted_mapped [List element] |
| summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] |
| summaries.py:51:39:51:44 | ControlFlowNode for SOURCE | summaries.py:51:38:51:45 | ControlFlowNode for List [List element] |
| summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] | summaries.py:52:6:52:22 | ControlFlowNode for Subscript |
| summaries.py:57:1:57:23 | GSSA Variable tainted_mapped_explicit [List element] | summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] |
| summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | summaries.py:57:1:57:23 | GSSA Variable tainted_mapped_explicit [List element] |
| summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] |
| summaries.py:57:56:57:61 | ControlFlowNode for SOURCE | summaries.py:57:55:57:62 | ControlFlowNode for List [List element] |
| summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] | summaries.py:58:6:58:31 | ControlFlowNode for Subscript |
| summaries.py:60:1:60:22 | GSSA Variable tainted_mapped_summary [List element] | summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] |
| summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | summaries.py:60:1:60:22 | GSSA Variable tainted_mapped_summary [List element] |
| summaries.py:60:45:60:52 | ControlFlowNode for List [List element] | summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] |
| summaries.py:60:46:60:51 | ControlFlowNode for SOURCE | summaries.py:60:45:60:52 | ControlFlowNode for List [List element] |
| summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] | summaries.py:61:6:61:30 | ControlFlowNode for Subscript |
| summaries.py:63:1:63:12 | GSSA Variable tainted_list [List element] | summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] |
| summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | summaries.py:63:1:63:12 | GSSA Variable tainted_list [List element] |
| summaries.py:63:35:63:40 | ControlFlowNode for SOURCE | summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] |
| summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] | summaries.py:64:6:64:20 | ControlFlowNode for Subscript |
| summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist | summaries.py:68:6:68:26 | ControlFlowNode for Subscript |
| summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist [List element] | summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] |
| summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist [List element] |
| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist |
| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] |
| summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] | summaries.py:68:6:68:26 | ControlFlowNode for Subscript |
| summaries.py:32:1:32:7 | ControlFlowNode for tainted | summaries.py:33:6:33:12 | ControlFlowNode for tainted | provenance | |
| summaries.py:32:11:32:26 | ControlFlowNode for identity() | summaries.py:32:1:32:7 | ControlFlowNode for tainted | provenance | |
| summaries.py:32:20:32:25 | ControlFlowNode for SOURCE | summaries.py:32:11:32:26 | ControlFlowNode for identity() | provenance | |
| summaries.py:36:1:36:14 | ControlFlowNode for tainted_lambda | summaries.py:37:6:37:19 | ControlFlowNode for tainted_lambda | provenance | |
| summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | summaries.py:36:1:36:14 | ControlFlowNode for tainted_lambda | provenance | |
| summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | provenance | |
| summaries.py:44:1:44:12 | ControlFlowNode for tainted_list | summaries.py:45:6:45:20 | ControlFlowNode for Subscript | provenance | |
| summaries.py:44:1:44:12 | ControlFlowNode for tainted_list [List element] | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | provenance | |
| summaries.py:44:16:44:33 | ControlFlowNode for reversed() | summaries.py:44:1:44:12 | ControlFlowNode for tainted_list | provenance | |
| summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | summaries.py:44:1:44:12 | ControlFlowNode for tainted_list [List element] | provenance | |
| summaries.py:44:25:44:32 | ControlFlowNode for List | summaries.py:44:16:44:33 | ControlFlowNode for reversed() | provenance | |
| summaries.py:44:25:44:32 | ControlFlowNode for List [List element] | summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | provenance | |
| summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | summaries.py:44:25:44:32 | ControlFlowNode for List | provenance | |
| summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | summaries.py:44:25:44:32 | ControlFlowNode for List [List element] | provenance | |
| summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | summaries.py:45:6:45:20 | ControlFlowNode for Subscript | provenance | |
| summaries.py:51:1:51:14 | ControlFlowNode for tainted_mapped [List element] | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] | provenance | |
| summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | summaries.py:51:1:51:14 | ControlFlowNode for tainted_mapped [List element] | provenance | |
| summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | provenance | |
| summaries.py:51:39:51:44 | ControlFlowNode for SOURCE | summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | provenance | |
| summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] | summaries.py:52:6:52:22 | ControlFlowNode for Subscript | provenance | |
| summaries.py:57:1:57:23 | ControlFlowNode for tainted_mapped_explicit [List element] | summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] | provenance | |
| summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | summaries.py:57:1:57:23 | ControlFlowNode for tainted_mapped_explicit [List element] | provenance | |
| summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | provenance | |
| summaries.py:57:56:57:61 | ControlFlowNode for SOURCE | summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | provenance | |
| summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] | summaries.py:58:6:58:31 | ControlFlowNode for Subscript | provenance | |
| summaries.py:60:1:60:22 | ControlFlowNode for tainted_mapped_summary [List element] | summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] | provenance | |
| summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | summaries.py:60:1:60:22 | ControlFlowNode for tainted_mapped_summary [List element] | provenance | |
| summaries.py:60:45:60:52 | ControlFlowNode for List [List element] | summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | provenance | |
| summaries.py:60:46:60:51 | ControlFlowNode for SOURCE | summaries.py:60:45:60:52 | ControlFlowNode for List [List element] | provenance | |
| summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] | summaries.py:61:6:61:30 | ControlFlowNode for Subscript | provenance | |
| summaries.py:63:1:63:12 | ControlFlowNode for tainted_list [List element] | summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] | provenance | |
| summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | summaries.py:63:1:63:12 | ControlFlowNode for tainted_list [List element] | provenance | |
| summaries.py:63:35:63:40 | ControlFlowNode for SOURCE | summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | provenance | |
| summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] | summaries.py:64:6:64:20 | ControlFlowNode for Subscript | provenance | |
| summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist | summaries.py:68:6:68:26 | ControlFlowNode for Subscript | provenance | |
| summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist [List element] | summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] | provenance | |
| summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist [List element] | provenance | |
| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist | provenance | |
| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | provenance | |
| summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] | summaries.py:68:6:68:26 | ControlFlowNode for Subscript | provenance | |
nodes
| summaries.py:32:1:32:7 | GSSA Variable tainted | semmle.label | GSSA Variable tainted |
| summaries.py:32:1:32:7 | ControlFlowNode for tainted | semmle.label | ControlFlowNode for tainted |
| summaries.py:32:11:32:26 | ControlFlowNode for identity() | semmle.label | ControlFlowNode for identity() |
| summaries.py:32:20:32:25 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| summaries.py:33:6:33:12 | ControlFlowNode for tainted | semmle.label | ControlFlowNode for tainted |
| summaries.py:36:1:36:14 | GSSA Variable tainted_lambda | semmle.label | GSSA Variable tainted_lambda |
| summaries.py:36:1:36:14 | ControlFlowNode for tainted_lambda | semmle.label | ControlFlowNode for tainted_lambda |
| summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | semmle.label | ControlFlowNode for apply_lambda() |
| summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| summaries.py:37:6:37:19 | ControlFlowNode for tainted_lambda | semmle.label | ControlFlowNode for tainted_lambda |
| summaries.py:44:1:44:12 | GSSA Variable tainted_list | semmle.label | GSSA Variable tainted_list |
| summaries.py:44:1:44:12 | GSSA Variable tainted_list [List element] | semmle.label | GSSA Variable tainted_list [List element] |
| summaries.py:44:1:44:12 | ControlFlowNode for tainted_list | semmle.label | ControlFlowNode for tainted_list |
| summaries.py:44:1:44:12 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] |
| summaries.py:44:16:44:33 | ControlFlowNode for reversed() | semmle.label | ControlFlowNode for reversed() |
| summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | semmle.label | ControlFlowNode for reversed() [List element] |
| summaries.py:44:25:44:32 | ControlFlowNode for List | semmle.label | ControlFlowNode for List |
@@ -57,31 +57,31 @@ nodes
| summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] |
| summaries.py:45:6:45:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| summaries.py:51:1:51:14 | GSSA Variable tainted_mapped [List element] | semmle.label | GSSA Variable tainted_mapped [List element] |
| summaries.py:51:1:51:14 | ControlFlowNode for tainted_mapped [List element] | semmle.label | ControlFlowNode for tainted_mapped [List element] |
| summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | semmle.label | ControlFlowNode for list_map() [List element] |
| summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| summaries.py:51:39:51:44 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] | semmle.label | ControlFlowNode for tainted_mapped [List element] |
| summaries.py:52:6:52:22 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| summaries.py:57:1:57:23 | GSSA Variable tainted_mapped_explicit [List element] | semmle.label | GSSA Variable tainted_mapped_explicit [List element] |
| summaries.py:57:1:57:23 | ControlFlowNode for tainted_mapped_explicit [List element] | semmle.label | ControlFlowNode for tainted_mapped_explicit [List element] |
| summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | semmle.label | ControlFlowNode for list_map() [List element] |
| summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| summaries.py:57:56:57:61 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] | semmle.label | ControlFlowNode for tainted_mapped_explicit [List element] |
| summaries.py:58:6:58:31 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| summaries.py:60:1:60:22 | GSSA Variable tainted_mapped_summary [List element] | semmle.label | GSSA Variable tainted_mapped_summary [List element] |
| summaries.py:60:1:60:22 | ControlFlowNode for tainted_mapped_summary [List element] | semmle.label | ControlFlowNode for tainted_mapped_summary [List element] |
| summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | semmle.label | ControlFlowNode for list_map() [List element] |
| summaries.py:60:45:60:52 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| summaries.py:60:46:60:51 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] | semmle.label | ControlFlowNode for tainted_mapped_summary [List element] |
| summaries.py:61:6:61:30 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| summaries.py:63:1:63:12 | GSSA Variable tainted_list [List element] | semmle.label | GSSA Variable tainted_list [List element] |
| summaries.py:63:1:63:12 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] |
| summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | semmle.label | ControlFlowNode for append_to_list() [List element] |
| summaries.py:63:35:63:40 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] |
| summaries.py:64:6:64:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist | semmle.label | GSSA Variable tainted_resultlist |
| summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist [List element] | semmle.label | GSSA Variable tainted_resultlist [List element] |
| summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist | semmle.label | ControlFlowNode for tainted_resultlist |
| summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist [List element] | semmle.label | ControlFlowNode for tainted_resultlist [List element] |
| summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | semmle.label | ControlFlowNode for json_loads() [List element] |
| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] | semmle.label | ControlFlowNode for tainted_resultlist [List element] |

2
python/ql/test/experimental/dataflow/summaries/summaries.ql
View File

@@ -12,7 +12,7 @@ import experimental.dataflow.testTaintConfig
private import TestSummaries
query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c) {
(sc.propagatesFlowExt(s, _, _) or sc.propagatesFlowExt(_, s, _)) and
(sc.propagatesFlow(s, _, _) or sc.propagatesFlow(_, s, _)) and
Private::External::invalidSpecComponent(s, c)
}

16
python/ql/test/experimental/dataflow/tainttracking/TestTaintLib.qll
View File

@@ -3,10 +3,8 @@ import semmle.python.dataflow.new.TaintTracking
import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.internal.PrintNode
class TestTaintTrackingConfiguration extends TaintTracking::Configuration {
TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" }
override predicate isSource(DataFlow::Node source) {
module TestTaintTrackingConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
// Standard sources
source.(DataFlow::CfgNode).getNode().(NameNode).getId() in [
"TAINTED_STRING", "TAINTED_BYTES", "TAINTED_LIST", "TAINTED_DICT"
@@ -19,7 +17,7 @@ class TestTaintTrackingConfiguration extends TaintTracking::Configuration {
)
}
override predicate isSink(DataFlow::Node sink) {
predicate isSink(DataFlow::Node sink) {
exists(CallNode call |
call.getFunction().(NameNode).getId() in ["ensure_tainted", "ensure_not_tainted"] and
sink.(DataFlow::CfgNode).getNode() = call.getAnArg()
@@ -27,6 +25,8 @@ class TestTaintTrackingConfiguration extends TaintTracking::Configuration {
}
}
module TestTaintTrackingFlow = DataFlow::Global<TestTaintTrackingConfig>;
query predicate test_taint(string arg_location, string test_res, string scope_name, string repr) {
exists(Call call, Expr arg, boolean expected_taint, boolean has_taint |
// only consider files that are extracted as part of the test
@@ -42,9 +42,9 @@ query predicate test_taint(string arg_location, string test_res, string scope_na
(
// TODO: Replace with `hasFlowToExpr` once that is working
if
exists(TaintTracking::Configuration c |
c.hasFlowTo(any(DataFlow::Node n | n.(DataFlow::CfgNode).getNode() = arg.getAFlowNode()))
)
TestTaintTrackingFlow::flowTo(any(DataFlow::Node n |
n.(DataFlow::CfgNode).getNode() = arg.getAFlowNode()
))
then has_taint = true
else has_taint = false
) and

14
python/ql/test/experimental/dataflow/tainttracking/basic/GlobalTaintTracking.ql
View File

@@ -2,14 +2,12 @@ import python
import semmle.python.dataflow.new.TaintTracking
import semmle.python.dataflow.new.DataFlow
class TestTaintTrackingConfiguration extends TaintTracking::Configuration {
TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" }
override predicate isSource(DataFlow::Node source) {
module TestTaintTrackingConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source.(DataFlow::CfgNode).getNode().(NameNode).getId() = "SOURCE"
}
override predicate isSink(DataFlow::Node sink) {
predicate isSink(DataFlow::Node sink) {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "SINK" and
sink.(DataFlow::CfgNode).getNode() = call.getAnArg()
@@ -17,6 +15,8 @@ class TestTaintTrackingConfiguration extends TaintTracking::Configuration {
}
}
from TestTaintTrackingConfiguration config, DataFlow::Node source, DataFlow::Node sink
where config.hasFlow(source, sink)
module TestTaintTrackingFlow = DataFlow::Global<TestTaintTrackingConfig>;
from DataFlow::Node source, DataFlow::Node sink
where TestTaintTrackingFlow::flow(source, sink)
select source, sink

10
python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected
View File

@@ -1,5 +1,5 @@
| test.py:3:1:3:7 | GSSA Variable tainted | test.py:4:6:4:12 | ControlFlowNode for tainted |
| test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:3:1:3:7 | GSSA Variable tainted |
| test.py:6:1:6:11 | ControlFlowNode for FunctionExpr | test.py:6:5:6:8 | GSSA Variable func |
| test.py:7:5:7:16 | SSA variable also_tainted | test.py:8:10:8:21 | ControlFlowNode for also_tainted |
| test.py:7:20:7:25 | ControlFlowNode for SOURCE | test.py:7:5:7:16 | SSA variable also_tainted |
| test.py:3:1:3:7 | ControlFlowNode for tainted | test.py:4:6:4:12 | ControlFlowNode for tainted |
| test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:3:1:3:7 | ControlFlowNode for tainted |
| test.py:6:1:6:11 | ControlFlowNode for FunctionExpr | test.py:6:5:6:8 | ControlFlowNode for func |
| test.py:7:5:7:16 | ControlFlowNode for also_tainted | test.py:8:10:8:21 | ControlFlowNode for also_tainted |
| test.py:7:20:7:25 | ControlFlowNode for SOURCE | test.py:7:5:7:16 | ControlFlowNode for also_tainted |

27
python/ql/test/experimental/dataflow/tainttracking/basic/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/tainttracking/basic/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

27
python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

27
python/ql/test/experimental/dataflow/tainttracking/customSanitizer/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/tainttracking/customSanitizer/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

27
python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

27
python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

27
python/ql/test/experimental/dataflow/tainttracking/generator-flow/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/tainttracking/generator-flow/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

27
python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

22
python/ql/test/experimental/dataflow/typetracking-summaries/TestSummaries.qll
View File

@@ -8,7 +8,7 @@ private import semmle.python.ApiGraphs
* `getACall` predicate on `SummarizedCallable`.
*/
module RecursionGuard {
private import semmle.python.dataflow.new.internal.TypeTrackerSpecific as TT
private import semmle.python.dataflow.new.internal.TypeTrackingImpl::TypeTrackingInput as TT
private class RecursionGuard extends SummarizedCallable {
RecursionGuard() { this = "TypeTrackingSummariesRecursionGuard" }
@@ -18,6 +18,10 @@ module RecursionGuard {
(TT::callStep(_, _) implies any())
}
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
none()
}
override DataFlow::CallCfgNode getACallSimple() { none() }
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
@@ -39,7 +43,7 @@ private class SummarizedCallableIdentity extends SummarizedCallable {
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[0]" and
output = "ReturnValue" and
preservesValue = true
@@ -58,7 +62,7 @@ private class SummarizedCallableApplyLambda extends SummarizedCallable {
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[1]" and
output = "Argument[0].Parameter[0]" and
preservesValue = true
@@ -80,7 +84,7 @@ private class SummarizedCallableReversed extends SummarizedCallable {
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[0].ListElement" and
output = "ReturnValue.ListElement" and
preservesValue = true
@@ -98,7 +102,7 @@ private class SummarizedCallableMap extends SummarizedCallable {
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[1].ListElement" and
output = "Argument[0].Parameter[0]" and
preservesValue = true
@@ -120,7 +124,7 @@ private class SummarizedCallableAppend extends SummarizedCallable {
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[0]" and
output = "ReturnValue" and
preservesValue = false
@@ -144,7 +148,7 @@ private class SummarizedCallableJsonLoads extends SummarizedCallable {
result = API::moduleImport("json").getMember("loads").getAValueReachableFromSource()
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[0]" and
output = "ReturnValue.ListElement" and
preservesValue = true
@@ -163,7 +167,7 @@ private class SummarizedCallableReadSecret extends SummarizedCallable {
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[0].Attribute[secret]" and
output = "ReturnValue" and
preservesValue = true
@@ -181,7 +185,7 @@ private class SummarizedCallableSetSecret extends SummarizedCallable {
override DataFlow::ArgumentNode getACallback() { result.asExpr().(Name).getId() = this }
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[1]" and
output = "Argument[0].Attribute[secret]" and
preservesValue = true

4
python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py
View File

@@ -6,10 +6,8 @@ tainted = TTS_identity(tracked) # $ tracked
tainted # $ tracked
# Lambda summary
# I think the missing result is expected because type tracking
# is not allowed to flow back out of a call.
tainted_lambda = TTS_apply_lambda(lambda x: x, tracked) # $ tracked
tainted_lambda # $ MISSING: tracked
tainted_lambda # $ tracked
# A lambda that directly introduces taint
bad_lambda = TTS_apply_lambda(lambda x: tracked, 1) # $ tracked

2
python/ql/test/experimental/dataflow/typetracking-summaries/tracked.ql
View File

@@ -1,6 +1,6 @@
import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TypeTracker
import semmle.python.dataflow.new.TypeTracking
import TestUtilities.InlineExpectationsTest
import semmle.python.ApiGraphs
import TestSummaries

27
python/ql/test/experimental/dataflow/typetracking/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/typetracking/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

8
python/ql/test/experimental/dataflow/typetracking/moduleattr.expected
View File

@@ -3,9 +3,9 @@ module_tracker
module_attr_tracker
| import_as_attr.py:0:0:0:0 | ModuleVariableNode in Module import_as_attr for attr_ref |
| import_as_attr.py:1:20:1:35 | ControlFlowNode for ImportMember |
| import_as_attr.py:1:28:1:35 | GSSA Variable attr_ref |
| import_as_attr.py:3:1:3:1 | GSSA Variable x |
| import_as_attr.py:1:28:1:35 | ControlFlowNode for attr_ref |
| import_as_attr.py:3:1:3:1 | ControlFlowNode for x |
| import_as_attr.py:3:5:3:12 | ControlFlowNode for attr_ref |
| import_as_attr.py:5:1:5:10 | GSSA Variable attr_ref |
| import_as_attr.py:6:5:6:5 | SSA variable y |
| import_as_attr.py:5:1:5:10 | Entry definition for SsaSourceVariable attr_ref |
| import_as_attr.py:6:5:6:5 | ControlFlowNode for y |
| import_as_attr.py:6:9:6:16 | ControlFlowNode for attr_ref |

2
python/ql/test/experimental/dataflow/typetracking/moduleattr.ql
View File

@@ -1,6 +1,6 @@
import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TypeTracker
import semmle.python.dataflow.new.TypeTracking
import semmle.python.ApiGraphs
private DataFlow::TypeTrackingNode module_tracker(TypeTracker t) {

7
python/ql/test/experimental/dataflow/typetracking/tracked.ql
View File

@@ -1,8 +1,9 @@
import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TypeTracker
import semmle.python.dataflow.new.TypeTracking
import TestUtilities.InlineExpectationsTest
import semmle.python.ApiGraphs
private import semmle.python.dataflow.new.internal.DataFlowPrivate as DP
// -----------------------------------------------------------------------------
// tracked
@@ -26,7 +27,9 @@ module TrackedTest implements TestSig {
not e.getLocation().getStartLine() = 0 and
// We do not wish to annotate scope entry definitions,
// as they do not appear in the source code.
not e.asVar() instanceof ScopeEntryDefinition and
not e instanceof DataFlow::ScopeEntryDefinitionNode and
// ...same for `SynthCaptureNode`s
not e instanceof DP::SynthCaptureNode and
tag = "tracked" and
location = e.getLocation() and
value = t.getAttr() and

2
python/ql/test/experimental/dataflow/validTest.py
View File

@@ -74,6 +74,8 @@ if __name__ == "__main__":
check_tests_valid("variable-capture.dict")
check_tests_valid("variable-capture.test_collections")
check_tests_valid("variable-capture.by_value")
check_tests_valid("variable-capture.test_library_calls")
check_tests_valid("variable-capture.test_fields")
check_tests_valid("module-initialization.multiphase")
check_tests_valid("fieldflow.test")
check_tests_valid("fieldflow.test_dict")

4
python/ql/test/experimental/dataflow/variable-capture/by_value.py
View File

@@ -34,14 +34,14 @@ def by_value1():
a = SOURCE
def inner(a_val=a):
SINK(a_val) #$ captured
SINK_F(a)
SINK_F(a) #$ SPURIOUS: captured
a = NONSOURCE
inner()
def by_value2():
a = NONSOURCE
def inner(a_val=a):
SINK(a) #$ MISSING:captured
SINK(a) #$ captured
SINK_F(a_val)
a = SOURCE
inner()

17
python/ql/test/experimental/dataflow/variable-capture/dataflow-capture-consistency.expected Normal file
View File

@@ -0,0 +1,17 @@
uniqueToString
uniqueEnclosingCallable
uniqueDominator
localDominator
localSuccessor
uniqueDefiningScope
variableIsCaptured
uniqueLocation
uniqueCfgNode
uniqueWriteTarget
uniqueWriteCfgNode
uniqueReadVariable
closureMustHaveBody
closureAliasMustBeInSameScope
variableAccessAstNesting
uniqueCallableLocation
consistencyOverview

2
python/ql/test/experimental/dataflow/variable-capture/dataflow-capture-consistency.ql Normal file
View File

@@ -0,0 +1,2 @@
import python
import semmle.python.dataflow.new.internal.DataFlowPrivate::VariableCapture::Flow::ConsistencyChecks

27
python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected
View File

@@ -1,27 +0,0 @@
uniqueEnclosingCallable
uniqueCallEnclosingCallable
uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
parameterCallable
localFlowIsLocal
readStepIsLocal
storeStepIsLocal
compatibleTypesReflexive
unreachableNodeCCtx
localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall

2
python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.ql
View File

@@ -1,2 +0,0 @@
import python
import experimental.dataflow.TestUtil.DataFlowConsistency

8
python/ql/test/experimental/dataflow/variable-capture/dict.py
View File

@@ -37,7 +37,7 @@ def out():
def captureOut1():
sinkO1["x"] = SOURCE
captureOut1()
SINK(sinkO1["x"]) #$ MISSING:captured
SINK(sinkO1["x"]) #$ captured
sinkO2 = { "x": "" }
def captureOut2():
@@ -45,7 +45,7 @@ def out():
sinkO2["x"] = SOURCE
m()
captureOut2()
SINK(sinkO2["x"]) #$ MISSING:captured
SINK(sinkO2["x"]) #$ captured
nonSink0 = { "x": "" }
def captureOut1NotCalled():
@@ -67,7 +67,7 @@ def through(tainted):
def captureOut1():
sinkO1["x"] = tainted
captureOut1()
SINK(sinkO1["x"]) #$ MISSING:captured
SINK(sinkO1["x"]) #$ captured
sinkO2 = { "x": "" }
def captureOut2():
@@ -75,7 +75,7 @@ def through(tainted):
sinkO2["x"] = tainted
m()
captureOut2()
SINK(sinkO2["x"]) #$ MISSING:captured
SINK(sinkO2["x"]) #$ captured
nonSink1 = { "x": "" }
def captureOut1NotCalled():

4
python/ql/test/experimental/dataflow/variable-capture/global.py
View File

@@ -78,7 +78,7 @@ def through(tainted):
global sinkT1
sinkT1 = tainted
captureOut1()
SINK(sinkT1) #$ MISSING:captured
SINK(sinkT1) #$ captured
def captureOut2():
def m():
@@ -86,7 +86,7 @@ def through(tainted):
sinkT2 = tainted
m()
captureOut2()
SINK(sinkT2) #$ MISSING:captured
SINK(sinkT2) #$ captured
def captureOut1NotCalled():
global nonSinkT1

12
python/ql/test/experimental/dataflow/variable-capture/in.py
View File

@@ -34,17 +34,17 @@ def SINK_F(x):
def inParam(tainted):
def captureIn1():
sinkI1 = tainted
SINK(sinkI1) #$ MISSING:captured
SINK(sinkI1) #$ captured
captureIn1()
def captureIn2():
def m():
sinkI2 = tainted
SINK(sinkI2) #$ MISSING:captured
SINK(sinkI2) #$ captured
m()
captureIn2()
captureIn3 = lambda arg: SINK(tainted)
captureIn3 = lambda arg: SINK(tainted) #$ captured
captureIn3("")
def captureIn1NotCalled():
@@ -68,17 +68,17 @@ def inLocal():
def captureIn1():
sinkI1 = tainted
SINK(sinkI1) #$ MISSING:captured
SINK(sinkI1) #$ captured
captureIn1()
def captureIn2():
def m():
sinkI2 = tainted
SINK(sinkI2) #$ MISSING:captured
SINK(sinkI2) #$ captured
m()
captureIn2()
captureIn3 = lambda arg: SINK(tainted)
captureIn3 = lambda arg: SINK(tainted) #$ captured
captureIn3("")
def captureIn1NotCalled():

8
python/ql/test/experimental/dataflow/variable-capture/nonlocal.py
View File

@@ -38,7 +38,7 @@ def out():
nonlocal sinkO1
sinkO1 = SOURCE
captureOut1()
SINK(sinkO1) #$ MISSING:captured
SINK(sinkO1) #$ captured
sinkO2 = ""
def captureOut2():
@@ -47,7 +47,7 @@ def out():
sinkO2 = SOURCE
m()
captureOut2()
SINK(sinkO2) #$ MISSING:captured
SINK(sinkO2) #$ captured
nonSink1 = ""
def captureOut1NotCalled():
@@ -74,7 +74,7 @@ def through(tainted):
nonlocal sinkO1
sinkO1 = tainted
captureOut1()
SINK(sinkO1) #$ MISSING:captured
SINK(sinkO1) #$ captured
sinkO2 = ""
def captureOut2():
@@ -83,7 +83,7 @@ def through(tainted):
sinkO2 = tainted
m()
captureOut2()
SINK(sinkO2) #$ MISSING:captured
SINK(sinkO2) #$ captured
nonSink1 = ""
def captureOut1NotCalled():

51
python/ql/test/experimental/dataflow/variable-capture/test_fields.py Normal file
View File

@@ -0,0 +1,51 @@
import sys
import os
sys.path.append(os.path.dirname(os.path.dirname((__file__))))
from testlib import expects
# These are defined so that we can evaluate the test code.
NONSOURCE = "not a source"
SOURCE = "source"
def is_source(x):
return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
def SINK(x):
if is_source(x):
print("OK")
else:
print("Unexpected flow", x)
def SINK_F(x):
if is_source(x):
print("Unexpected flow", x)
else:
print("OK")
class MyObj(object):
def setFoo(self, foo):
self.foo = foo
def getFoo(self):
return self.foo
@expects(3)
def test_captured_field():
foo = MyObj()
foo.setFoo(NONSOURCE)
def test():
SINK(foo.getFoo()) #$ captured
def read():
return foo.getFoo()
SINK_F(read())
foo.setFoo(SOURCE)
test()
SINK(read()) #$ captured

48
python/ql/test/experimental/dataflow/variable-capture/test_library_calls.py Normal file
View File

@@ -0,0 +1,48 @@
# Here we test the case where a captured variable is being written inside a library call.
# All functions starting with "test_" should run and execute `print("OK")` exactly once.
# This can be checked by running validTest.py.
import sys
import os
sys.path.append(os.path.dirname(os.path.dirname((__file__))))
from testlib import expects
# These are defined so that we can evaluate the test code.
NONSOURCE = "not a source"
SOURCE = "source"
def is_source(x):
return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
def SINK(x):
if is_source(x):
print("OK")
else:
print("Unexpected flow", x)
def SINK_F(x):
if is_source(x):
print("Unexpected flow", x)
else:
print("OK")
# Actual tests start here
@expects(2)
def test_library_call():
captured = {"x": NONSOURCE}
def set(x):
captured["x"] = SOURCE
return x
SINK_F(captured["x"])
for x in map(set, [1]):
pass
SINK(captured["x"]) #$ MISSING: captured

Some files were not shown because too many files have changed in this diff Show More