hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:github/codeql into SharedDataflow_PointsToImpliesDataflow

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2020-11-04 15:05:59 +01:00
parent 8b13a429b7 62cb4ec974
commit 9baa7b73da
3194 changed files with 199636 additions and 56275 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
python/ql/test/experimental/CWE-074/TemplateInjection.qlref
View File

@@ -1 +0,0 @@
experimental/CWE-074/TemplateInjection.ql

1
python/ql/test/experimental/CWE-074/options
View File

@@ -1 +0,0 @@
semmle-extractor-options: --max-import-depth=3 -p ../../query-tests/Security/lib/

1
python/ql/test/experimental/CWE-091/Xslt.qlref
View File

@@ -1 +0,0 @@
experimental/CWE-091/Xslt.ql

1
python/ql/test/experimental/CWE-091/options
View File

@@ -1 +0,0 @@
semmle-extractor-options: -p ../../query-tests/Security/lib/ --max-import-depth=3

1
python/ql/test/experimental/CWE-643/options
View File

@@ -1 +0,0 @@
semmle-extractor-options: --max-import-depth=3 -p ../../query-tests/Security/lib/

1
python/ql/test/experimental/CWE-643/xpath.qlref
View File

@@ -1 +0,0 @@
experimental/CWE-643/xpath.ql

2
python/ql/test/experimental/dataflow/basic/allFlowsConfig.qll
View File

@@ -1,4 +1,4 @@
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.DataFlow
/**
* A configuration to find all flows.

12
python/ql/test/experimental/dataflow/basic/global.expected
View File

@@ -1,16 +1,6 @@
| test.py:0:0:0:0 | GSSA Variable __name__ | test.py:7:1:7:1 | GSSA Variable b |
| test.py:0:0:0:0 | GSSA Variable __name__ | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:0:0:0:0 | GSSA Variable __package__ | test.py:7:1:7:1 | GSSA Variable b |
| test.py:0:0:0:0 | GSSA Variable __package__ | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:0:0:0:0 | GSSA Variable b | test.py:7:1:7:1 | GSSA Variable b |
| test.py:0:0:0:0 | GSSA Variable b | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:1:7:1 | GSSA Variable b |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:1:7:1 | GSSA Variable b |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:1:19:1:19 | SSA variable x | test.py:3:3:3:3 | SSA variable z |
@@ -46,7 +36,6 @@
| test.py:6:1:6:1 | GSSA Variable a | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:1:7:1 | GSSA Variable b |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:5:7:20 | GSSA Variable a |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:1:19:1:19 | SSA variable x |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:2:3:2:3 | SSA variable y |
@@ -57,7 +46,6 @@
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:1:7:1 | GSSA Variable b |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:5:7:20 | GSSA Variable a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | SSA variable x |

16
python/ql/test/experimental/dataflow/basic/globalStep.expected
View File

@@ -1,15 +1,9 @@
| test.py:0:0:0:0 | GSSA Variable __name__ | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:0:0:0:0 | GSSA Variable __name__ | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:0:0:0:0 | GSSA Variable __package__ | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:0:0:0:0 | GSSA Variable __package__ | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:0:0:0:0 | GSSA Variable b | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:0:0:0:0 | GSSA Variable b | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
@@ -72,14 +66,12 @@
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:5:7:20 | GSSA Variable a |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:5:7:20 | GSSA Variable a |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | SSA variable x |

9
python/ql/test/experimental/dataflow/basic/local.expected
View File

@@ -3,8 +3,11 @@
| test.py:0:0:0:0 | GSSA Variable b | test.py:0:0:0:0 | GSSA Variable b |
| test.py:0:0:0:0 | SSA variable $ | test.py:0:0:0:0 | SSA variable $ |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | ControlFlowNode for x |
| test.py:1:19:1:19 | SSA variable x | test.py:1:19:1:19 | SSA variable x |
| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
@@ -31,11 +34,15 @@
| test.py:4:10:4:10 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:6:1:6:1 | ControlFlowNode for a | test.py:6:1:6:1 | ControlFlowNode for a |
| test.py:6:1:6:1 | GSSA Variable a | test.py:6:1:6:1 | GSSA Variable a |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:7:1:7:1 | ControlFlowNode for b | test.py:7:1:7:1 | ControlFlowNode for b |
| test.py:7:1:7:1 | GSSA Variable b | test.py:7:1:7:1 | GSSA Variable b |
| test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:7:5:7:20 | GSSA Variable a | test.py:7:5:7:20 | GSSA Variable a |
| test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:7:19:7:19 | [post] ControlFlowNode for a | test.py:7:19:7:19 | [post] ControlFlowNode for a |
| test.py:7:19:7:19 | [post arg] ControlFlowNode for a | test.py:7:19:7:19 | [post arg] ControlFlowNode for a |

2
python/ql/test/experimental/dataflow/basic/local.ql
View File

@@ -1,4 +1,4 @@
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.DataFlow
from DataFlow::Node fromNode, DataFlow::Node toNode
where DataFlow::localFlow(fromNode, toNode)

5
python/ql/test/experimental/dataflow/basic/localStep.expected
View File

@@ -1,5 +1,10 @@
| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |

2
python/ql/test/experimental/dataflow/basic/localStep.ql
View File

@@ -1,4 +1,4 @@
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.DataFlow
from DataFlow::Node fromNode, DataFlow::Node toNode
where DataFlow::localFlowStep(fromNode, toNode)

5
python/ql/test/experimental/dataflow/basic/maximalFlows.expected
View File

@@ -1,7 +1,3 @@
| test.py:0:0:0:0 | GSSA Variable __name__ | test.py:7:1:7:1 | GSSA Variable b |
| test.py:0:0:0:0 | GSSA Variable __package__ | test.py:7:1:7:1 | GSSA Variable b |
| test.py:0:0:0:0 | GSSA Variable b | test.py:7:1:7:1 | GSSA Variable b |
| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:1:7:1 | GSSA Variable b |
| test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:1:19:1:19 | SSA variable x | test.py:7:1:7:1 | GSSA Variable b |
| test.py:2:3:2:3 | SSA variable y | test.py:4:10:4:10 | ControlFlowNode for z |
@@ -10,4 +6,3 @@
| test.py:3:3:3:3 | SSA variable z | test.py:7:1:7:1 | GSSA Variable b |
| test.py:6:1:6:1 | GSSA Variable a | test.py:4:10:4:10 | ControlFlowNode for z |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:1:7:1 | GSSA Variable b |
| test.py:6:1:6:1 | GSSA Variable a | test.py:7:5:7:20 | GSSA Variable a |

5
python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll
View File

@@ -1,4 +1,5 @@
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate
/**
* A configuration to find all "maximal" flows.
@@ -15,7 +16,7 @@ class MaximalFlowsConfig extends DataFlow::Configuration {
}
override predicate isSink(DataFlow::Node node) {
node instanceof DataFlow::ReturnNode
node instanceof DataFlowPrivate::ReturnNode
or
node instanceof DataFlow::EssaNode and
not exists(node.(DataFlow::EssaNode).getVar().getASourceUse())

2
python/ql/test/experimental/dataflow/basic/sinks.expected
View File

@@ -23,4 +23,4 @@
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:7:5:7:20 | GSSA Variable a |
| test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:7:19:7:19 | [post] ControlFlowNode for a |
| test.py:7:19:7:19 | [post arg] ControlFlowNode for a |

2
python/ql/test/experimental/dataflow/basic/sources.expected
View File

@@ -23,4 +23,4 @@
| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
| test.py:7:5:7:20 | GSSA Variable a |
| test.py:7:19:7:19 | ControlFlowNode for a |
| test.py:7:19:7:19 | [post] ControlFlowNode for a |
| test.py:7:19:7:19 | [post arg] ControlFlowNode for a |

9
python/ql/test/experimental/dataflow/callGraphConfig.qll
View File

@@ -1,5 +1,6 @@
private import python
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate
/**
* A configuration to find the call graph edges.
@@ -8,13 +9,13 @@ class CallGraphConfig extends DataFlow::Configuration {
CallGraphConfig() { this = "CallGraphConfig" }
override predicate isSource(DataFlow::Node node) {
node instanceof DataFlow::ReturnNode
node instanceof DataFlowPrivate::ReturnNode
or
node instanceof DataFlow::ArgumentNode
node instanceof DataFlowPrivate::ArgumentNode
}
override predicate isSink(DataFlow::Node node) {
node instanceof DataFlow::OutNode
node instanceof DataFlowPrivate::OutNode
or
node instanceof DataFlow::ParameterNode
}

72
python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected
View File

@@ -1,75 +1,4 @@
uniqueEnclosingCallable
| test.py:0:0:0:0 | GSSA Variable __name__ | Node should have one enclosing callable but has 0. |
| test.py:0:0:0:0 | GSSA Variable __package__ | Node should have one enclosing callable but has 0. |
| test.py:0:0:0:0 | GSSA Variable test23 | Node should have one enclosing callable but has 0. |
| test.py:0:0:0:0 | GSSA Variable test24 | Node should have one enclosing callable but has 0. |
| test.py:0:0:0:0 | GSSA Variable test_truth | Node should have one enclosing callable but has 0. |
| test.py:0:0:0:0 | GSSA Variable test_update_extend | Node should have one enclosing callable but has 0. |
| test.py:6:1:6:12 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:6:5:6:9 | GSSA Variable test1 | Node should have one enclosing callable but has 0. |
| test.py:9:1:9:12 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:9:5:9:9 | GSSA Variable test2 | Node should have one enclosing callable but has 0. |
| test.py:13:1:13:13 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:13:5:13:10 | GSSA Variable source | Node should have one enclosing callable but has 0. |
| test.py:16:1:16:14 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:16:5:16:8 | GSSA Variable sink | Node should have one enclosing callable but has 0. |
| test.py:19:1:19:12 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:19:5:19:9 | GSSA Variable test3 | Node should have one enclosing callable but has 0. |
| test.py:23:1:23:12 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:23:5:23:9 | GSSA Variable test4 | Node should have one enclosing callable but has 0. |
| test.py:27:1:27:12 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:27:5:27:9 | GSSA Variable test5 | Node should have one enclosing callable but has 0. |
| test.py:31:1:31:16 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:31:5:31:9 | GSSA Variable test6 | Node should have one enclosing callable but has 0. |
| test.py:39:1:39:16 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:39:5:39:9 | GSSA Variable test7 | Node should have one enclosing callable but has 0. |
| test.py:47:1:47:17 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:47:5:47:11 | GSSA Variable source2 | Node should have one enclosing callable but has 0. |
| test.py:50:1:50:15 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:50:5:50:9 | GSSA Variable sink2 | Node should have one enclosing callable but has 0. |
| test.py:53:1:53:21 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:53:5:53:9 | GSSA Variable sink3 | Node should have one enclosing callable but has 0. |
| test.py:57:1:57:16 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:57:5:57:9 | GSSA Variable test8 | Node should have one enclosing callable but has 0. |
| test.py:62:1:62:16 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:62:5:62:9 | GSSA Variable test9 | Node should have one enclosing callable but has 0. |
| test.py:69:1:69:17 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:69:5:69:10 | GSSA Variable test10 | Node should have one enclosing callable but has 0. |
| test.py:76:1:76:13 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:76:5:76:7 | GSSA Variable hub | Node should have one enclosing callable but has 0. |
| test.py:79:1:79:13 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:79:5:79:10 | GSSA Variable test11 | Node should have one enclosing callable but has 0. |
| test.py:84:1:84:13 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:84:5:84:10 | GSSA Variable test12 | Node should have one enclosing callable but has 0. |
| test.py:89:8:89:13 | ControlFlowNode for ImportExpr | Node should have one enclosing callable but has 0. |
| test.py:89:8:89:13 | GSSA Variable module | Node should have one enclosing callable but has 0. |
| test.py:91:1:91:13 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:91:5:91:10 | GSSA Variable test13 | Node should have one enclosing callable but has 0. |
| test.py:95:1:95:13 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:95:5:95:10 | GSSA Variable test14 | Node should have one enclosing callable but has 0. |
| test.py:99:1:99:13 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:99:5:99:10 | GSSA Variable test15 | Node should have one enclosing callable but has 0. |
| test.py:103:1:103:13 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:103:5:103:10 | GSSA Variable test16 | Node should have one enclosing callable but has 0. |
| test.py:108:1:108:17 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:108:5:108:10 | GSSA Variable test20 | Node should have one enclosing callable but has 0. |
| test.py:118:1:118:17 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:118:5:118:10 | GSSA Variable test21 | Node should have one enclosing callable but has 0. |
| test.py:128:1:128:17 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:128:5:128:10 | GSSA Variable test22 | Node should have one enclosing callable but has 0. |
| test.py:139:20:139:38 | ControlFlowNode for ImportMember | Node should have one enclosing callable but has 0. |
| test.py:139:33:139:38 | GSSA Variable unsafe | Node should have one enclosing callable but has 0. |
| test.py:140:1:140:12 | ControlFlowNode for SINK() | Node should have one enclosing callable but has 0. |
| test.py:140:1:140:12 | GSSA Variable unsafe | Node should have one enclosing callable but has 0. |
| test.py:140:6:140:11 | ControlFlowNode for unsafe | Node should have one enclosing callable but has 0. |
| test.py:142:1:142:13 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:142:5:142:10 | GSSA Variable test23 | Node should have one enclosing callable but has 0. |
| test.py:146:1:146:13 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:146:5:146:10 | GSSA Variable test24 | Node should have one enclosing callable but has 0. |
| test.py:151:1:151:29 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:151:5:151:22 | GSSA Variable test_update_extend | Node should have one enclosing callable but has 0. |
| test.py:161:1:161:17 | ControlFlowNode for FunctionExpr | Node should have one enclosing callable but has 0. |
| test.py:161:5:161:14 | GSSA Variable test_truth | Node should have one enclosing callable but has 0. |
uniqueType
uniqueNodeLocation
missingLocation
@@ -86,3 +15,4 @@ uniquePostUpdate
postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow

2
python/ql/test/experimental/dataflow/consistency/dataflow-consistency.ql
View File

@@ -1 +1 @@
import experimental.dataflow.internal.DataFlowImplConsistency::Consistency
import semmle.python.dataflow.new.internal.DataFlowImplConsistency::Consistency

10
python/ql/test/experimental/dataflow/consistency/module.py Normal file
View File

@@ -0,0 +1,10 @@
dangerous = SOURCE
safe = "safe"
def dangerous_func():
return SOURCE
safe2 = SOURCE
safe2 = "safe"

70
python/ql/test/experimental/dataflow/consistency/test.py
View File

@@ -104,6 +104,26 @@ def test16():
t = module.dangerous_func()
SINK(t)
class C(object): pass
def x_sink(arg):
SINK(arg.x)
def test17():
t = C()
t.x = module.dangerous
SINK(t.x)
def test18():
t = C()
t.x = module.dangerous
t = hub(t)
x_sink(t)
def test19():
t = CUSTOM_SOURCE
t = hub(TAINT_FROM_ARG(t))
CUSTOM_SINK(t)
def test20(cond):
if cond:
@@ -163,9 +183,55 @@ def test_truth():
if t:
SINK(t)
else:
SINK(t) # Regression: FP here
SINK(t)
if not t:
SINK(t) # Regression: FP here
SINK(t)
else:
SINK(t)
def test_early_exit():
t = FALSEY
if not t:
return
t
def flow_through_type_test_if_no_class():
t = SOURCE
if isinstance(t, str):
SINK(t)
else:
SINK(t)
def flow_in_iteration():
t = ITERABLE_SOURCE
for i in t:
i
return i
def flow_in_generator():
seq = [SOURCE]
for i in seq:
yield i
def flow_from_generator():
for x in flow_in_generator():
SINK(x)
def const_eq_clears_taint():
tainted = SOURCE
if tainted == "safe":
SINK(tainted) # safe
SINK(tainted) # unsafe
def const_eq_clears_taint2():
tainted = SOURCE
if tainted != "safe":
return
SINK(tainted) # safe
def non_const_eq_preserves_taint(x):
tainted = SOURCE
if tainted == tainted:
SINK(tainted) # unsafe
if tainted == x:
SINK(tainted) # unsafe

211
python/ql/test/experimental/dataflow/coverage/argumentPassing.py Normal file
View File

@@ -0,0 +1,211 @@
import sys
import os
sys.path.append(os.path.dirname(os.path.dirname((__file__))))
from testlib import *
arg = "source"
arg1 = "source1"
arg2 = "source2"
arg3 = "source3"
arg4 = "source4"
arg5 = "source5"
arg6 = "source6"
arg7 = "source7"
def SINK_TEST(x, test):
if test(x):
print("OK")
else:
print("Unexpected flow", x)
def SINK(x, expected=arg):
SINK_TEST(x, test=lambda x: x == expected)
def SINK_F(x, unexpected=arg):
SINK_TEST(x, test=lambda x: x != unexpected)
def SINK1(x):
SINK(x, expected=arg1)
def SINK2(x):
SINK(x, expected=arg2)
def SINK2_F(x):
SINK_F(x, unexpected=arg2)
def SINK3(x):
SINK(x, expected=arg3)
def SINK4(x):
SINK(x, expected=arg4)
def SINK5(x):
SINK(x, expected=arg5)
def SINK6(x):
SINK(x, expected=arg6)
def SINK7(x):
SINK(x, expected=arg7)
def argument_passing(
a,
b,
/,
c,
d=arg4,
*,
e=arg5,
f,
**g,
):
SINK1(a)
SINK2(b)
SINK3(c)
SINK4(d)
SINK5(e)
SINK6(f)
try:
SINK7(g["g"])
except:
print("OK")
@expects(7)
def test_argument_passing1():
argument_passing(arg1, *(arg2, arg3, arg4), e=arg5, **{"f": arg6, "g": arg7})
@expects(7)
def test_argument_passing2():
argument_passing(arg1, arg2, arg3, f=arg6)
def with_pos_only(a, /, b):
SINK1(a)
SINK2(b)
@expects(6)
def test_pos_only():
with_pos_only(arg1, arg2)
with_pos_only(arg1, b=arg2)
with_pos_only(arg1, *(arg2,))
def with_multiple_kw_args(a, b, c):
SINK1(a)
SINK2(b)
SINK3(c)
@expects(9)
def test_multiple_kw_args():
with_multiple_kw_args(b=arg2, c=arg3, a=arg1)
with_multiple_kw_args(arg1, *(arg2,), arg3)
with_multiple_kw_args(arg1, **{"c": arg3}, b=arg2)
with_multiple_kw_args(**{"b": arg2}, **{"c": arg3}, **{"a": arg1})
def with_default_arguments(a=arg1, b=arg2, c=arg3):
SINK1(a)
SINK2(b)
SINK3(c)
@expects(12)
def test_default_arguments():
with_default_arguments()
with_default_arguments(arg1)
with_default_arguments(b=arg2)
with_default_arguments(**{"c": arg3})
# Nested constructor pattern
def grab_foo_bar_baz(foo, **kwargs):
SINK1(foo)
grab_bar_baz(**kwargs)
# It is not possible to pass `bar` into `kwargs`,
# since `bar` is a valid keyword argument.
def grab_bar_baz(bar, **kwargs):
SINK2(bar)
try:
SINK2_F(kwargs["bar"])
except:
print("OK")
grab_baz(**kwargs)
def grab_baz(baz):
SINK3(baz)
@expects(4)
def test_grab():
grab_foo_bar_baz(baz=arg3, bar=arg2, foo=arg1)
# All combinations
def test_pos_pos():
def with_pos(a):
SINK1(a)
with_pos(arg1)
def test_pos_pos_only():
def with_pos_only(a, /):
SINK1(a)
with_pos_only(arg1)
def test_pos_star():
def with_star(*a):
if len(a) > 0:
SINK1(a[0])
with_star(arg1)
def test_pos_kw():
def with_kw(a=""):
SINK1(a)
with_kw(arg1)
def test_kw_pos():
def with_pos(a):
SINK1(a)
with_pos(a=arg1)
def test_kw_kw():
def with_kw(a=""):
SINK1(a)
with_kw(a=arg1)
def test_kw_doublestar():
def with_doublestar(**a):
SINK1(a["a"])
with_doublestar(a=arg1)

249
python/ql/test/experimental/dataflow/coverage/argumentRouting1.expected
View File

@@ -1,16 +1,233 @@
| classes.py:620:5:620:16 | SSA variable with_getitem | classes.py:614:15:614:18 | ControlFlowNode for self |
| classes.py:637:5:637:16 | SSA variable with_setitem | classes.py:632:15:632:18 | ControlFlowNode for self |
| classes.py:654:5:654:16 | SSA variable with_delitem | classes.py:649:15:649:18 | ControlFlowNode for self |
| classes.py:735:5:735:12 | SSA variable with_add | classes.py:729:15:729:18 | ControlFlowNode for self |
| classes.py:752:5:752:12 | SSA variable with_sub | classes.py:746:15:746:18 | ControlFlowNode for self |
| classes.py:769:5:769:12 | SSA variable with_mul | classes.py:763:15:763:18 | ControlFlowNode for self |
| classes.py:786:5:786:15 | SSA variable with_matmul | classes.py:780:15:780:18 | ControlFlowNode for self |
| classes.py:803:5:803:16 | SSA variable with_truediv | classes.py:797:15:797:18 | ControlFlowNode for self |
| classes.py:820:5:820:17 | SSA variable with_floordiv | classes.py:814:15:814:18 | ControlFlowNode for self |
| classes.py:837:5:837:12 | SSA variable with_mod | classes.py:831:15:831:18 | ControlFlowNode for self |
| classes.py:877:5:877:12 | SSA variable with_pow | classes.py:865:15:865:18 | ControlFlowNode for self |
| classes.py:894:5:894:15 | SSA variable with_lshift | classes.py:888:15:888:18 | ControlFlowNode for self |
| classes.py:911:5:911:15 | SSA variable with_rshift | classes.py:905:15:905:18 | ControlFlowNode for self |
| classes.py:928:5:928:12 | SSA variable with_and | classes.py:922:15:922:18 | ControlFlowNode for self |
| classes.py:945:5:945:12 | SSA variable with_xor | classes.py:939:15:939:18 | ControlFlowNode for self |
| classes.py:962:5:962:11 | SSA variable with_or | classes.py:956:15:956:18 | ControlFlowNode for self |
edges
| argumentPassing.py:65:5:65:5 | SSA variable a | argumentPassing.py:75:11:75:11 | ControlFlowNode for a |
| argumentPassing.py:89:22:89:25 | ControlFlowNode for arg1 | argumentPassing.py:65:5:65:5 | SSA variable a |
| argumentPassing.py:94:22:94:25 | ControlFlowNode for arg1 | argumentPassing.py:65:5:65:5 | SSA variable a |
| argumentPassing.py:97:19:97:19 | SSA variable a | argumentPassing.py:98:11:98:11 | ControlFlowNode for a |
| argumentPassing.py:104:19:104:22 | ControlFlowNode for arg1 | argumentPassing.py:97:19:97:19 | SSA variable a |
| argumentPassing.py:105:19:105:22 | ControlFlowNode for arg1 | argumentPassing.py:97:19:97:19 | SSA variable a |
| argumentPassing.py:106:19:106:22 | ControlFlowNode for arg1 | argumentPassing.py:97:19:97:19 | SSA variable a |
| argumentPassing.py:109:27:109:27 | SSA variable a | argumentPassing.py:110:11:110:11 | ControlFlowNode for a |
| argumentPassing.py:117:45:117:48 | ControlFlowNode for arg1 | argumentPassing.py:109:27:109:27 | SSA variable a |
| argumentPassing.py:118:27:118:30 | ControlFlowNode for arg1 | argumentPassing.py:109:27:109:27 | SSA variable a |
| argumentPassing.py:119:27:119:30 | ControlFlowNode for arg1 | argumentPassing.py:109:27:109:27 | SSA variable a |
| argumentPassing.py:120:5:120:70 | KwUnpacked a | argumentPassing.py:109:27:109:27 | SSA variable a |
| argumentPassing.py:120:59:120:69 | ControlFlowNode for Dict [Dictionary element at key a] | argumentPassing.py:120:5:120:70 | KwUnpacked a |
| argumentPassing.py:120:65:120:68 | ControlFlowNode for arg1 | argumentPassing.py:120:59:120:69 | ControlFlowNode for Dict [Dictionary element at key a] |
| argumentPassing.py:123:28:123:28 | SSA variable a | argumentPassing.py:124:11:124:11 | ControlFlowNode for a |
| argumentPassing.py:132:28:132:31 | ControlFlowNode for arg1 | argumentPassing.py:123:28:123:28 | SSA variable a |
| argumentPassing.py:138:22:138:24 | SSA variable foo | argumentPassing.py:139:11:139:13 | ControlFlowNode for foo |
| argumentPassing.py:160:46:160:49 | ControlFlowNode for arg1 | argumentPassing.py:138:22:138:24 | SSA variable foo |
| argumentPassing.py:165:18:165:18 | SSA variable a | argumentPassing.py:166:15:166:15 | ControlFlowNode for a |
| argumentPassing.py:168:14:168:17 | ControlFlowNode for arg1 | argumentPassing.py:165:18:165:18 | SSA variable a |
| argumentPassing.py:172:23:172:23 | SSA variable a | argumentPassing.py:173:15:173:15 | ControlFlowNode for a |
| argumentPassing.py:175:19:175:22 | ControlFlowNode for arg1 | argumentPassing.py:172:23:172:23 | SSA variable a |
| argumentPassing.py:179:20:179:20 | SSA variable a [Tuple element at index 0] | argumentPassing.py:181:19:181:19 | ControlFlowNode for a [Tuple element at index 0] |
| argumentPassing.py:181:19:181:19 | ControlFlowNode for a [Tuple element at index 0] | argumentPassing.py:181:19:181:22 | ControlFlowNode for Subscript |
| argumentPassing.py:183:5:183:19 | PosOverflowNode for with_star() [Tuple element at index 0] | argumentPassing.py:179:20:179:20 | SSA variable a [Tuple element at index 0] |
| argumentPassing.py:183:15:183:18 | ControlFlowNode for arg1 | argumentPassing.py:183:5:183:19 | PosOverflowNode for with_star() [Tuple element at index 0] |
| argumentPassing.py:187:17:187:17 | SSA variable a | argumentPassing.py:188:15:188:15 | ControlFlowNode for a |
| argumentPassing.py:190:13:190:16 | ControlFlowNode for arg1 | argumentPassing.py:187:17:187:17 | SSA variable a |
| argumentPassing.py:194:18:194:18 | SSA variable a | argumentPassing.py:195:15:195:15 | ControlFlowNode for a |
| argumentPassing.py:197:16:197:19 | ControlFlowNode for arg1 | argumentPassing.py:194:18:194:18 | SSA variable a |
| argumentPassing.py:201:17:201:17 | SSA variable a | argumentPassing.py:202:15:202:15 | ControlFlowNode for a |
| argumentPassing.py:204:15:204:18 | ControlFlowNode for arg1 | argumentPassing.py:201:17:201:17 | SSA variable a |
| argumentPassing.py:208:27:208:27 | SSA variable a [Dictionary element at key a] | argumentPassing.py:209:15:209:15 | ControlFlowNode for a [Dictionary element at key a] |
| argumentPassing.py:209:15:209:15 | ControlFlowNode for a [Dictionary element at key a] | argumentPassing.py:209:15:209:20 | ControlFlowNode for Subscript |
| argumentPassing.py:211:5:211:27 | KwOverflowNode for with_doublestar() [Dictionary element at key a] | argumentPassing.py:208:27:208:27 | SSA variable a [Dictionary element at key a] |
| argumentPassing.py:211:23:211:26 | ControlFlowNode for arg1 | argumentPassing.py:211:5:211:27 | KwOverflowNode for with_doublestar() [Dictionary element at key a] |
| classes.py:555:21:555:24 | SSA variable self | classes.py:557:15:557:18 | ControlFlowNode for self |
| classes.py:563:5:563:16 | SSA variable with_getitem | classes.py:565:5:565:16 | ControlFlowNode for with_getitem |
| classes.py:565:5:565:16 | ControlFlowNode for with_getitem | classes.py:555:21:555:24 | SSA variable self |
| classes.py:570:21:570:24 | SSA variable self | classes.py:573:15:573:18 | ControlFlowNode for self |
| classes.py:578:5:578:16 | SSA variable with_setitem | classes.py:581:5:581:16 | ControlFlowNode for with_setitem |
| classes.py:581:5:581:16 | ControlFlowNode for with_setitem | classes.py:570:21:570:24 | SSA variable self |
| classes.py:586:21:586:24 | SSA variable self | classes.py:588:15:588:18 | ControlFlowNode for self |
| classes.py:593:5:593:16 | SSA variable with_delitem | classes.py:595:9:595:20 | ControlFlowNode for with_delitem |
| classes.py:595:9:595:20 | ControlFlowNode for with_delitem | classes.py:586:21:586:24 | SSA variable self |
| classes.py:657:17:657:20 | SSA variable self | classes.py:659:15:659:18 | ControlFlowNode for self |
| classes.py:665:5:665:12 | SSA variable with_add | classes.py:667:5:667:12 | ControlFlowNode for with_add |
| classes.py:667:5:667:12 | ControlFlowNode for with_add | classes.py:657:17:657:20 | SSA variable self |
| classes.py:672:17:672:20 | SSA variable self | classes.py:674:15:674:18 | ControlFlowNode for self |
| classes.py:680:5:680:12 | SSA variable with_sub | classes.py:682:5:682:12 | ControlFlowNode for with_sub |
| classes.py:682:5:682:12 | ControlFlowNode for with_sub | classes.py:672:17:672:20 | SSA variable self |
| classes.py:687:17:687:20 | SSA variable self | classes.py:689:15:689:18 | ControlFlowNode for self |
| classes.py:695:5:695:12 | SSA variable with_mul | classes.py:697:5:697:12 | ControlFlowNode for with_mul |
| classes.py:697:5:697:12 | ControlFlowNode for with_mul | classes.py:687:17:687:20 | SSA variable self |
| classes.py:702:20:702:23 | SSA variable self | classes.py:704:15:704:18 | ControlFlowNode for self |
| classes.py:710:5:710:15 | SSA variable with_matmul | classes.py:712:5:712:15 | ControlFlowNode for with_matmul |
| classes.py:712:5:712:15 | ControlFlowNode for with_matmul | classes.py:702:20:702:23 | SSA variable self |
| classes.py:717:21:717:24 | SSA variable self | classes.py:719:15:719:18 | ControlFlowNode for self |
| classes.py:725:5:725:16 | SSA variable with_truediv | classes.py:727:5:727:16 | ControlFlowNode for with_truediv |
| classes.py:727:5:727:16 | ControlFlowNode for with_truediv | classes.py:717:21:717:24 | SSA variable self |
| classes.py:732:22:732:25 | SSA variable self | classes.py:734:15:734:18 | ControlFlowNode for self |
| classes.py:740:5:740:17 | SSA variable with_floordiv | classes.py:742:5:742:17 | ControlFlowNode for with_floordiv |
| classes.py:742:5:742:17 | ControlFlowNode for with_floordiv | classes.py:732:22:732:25 | SSA variable self |
| classes.py:747:17:747:20 | SSA variable self | classes.py:749:15:749:18 | ControlFlowNode for self |
| classes.py:755:5:755:12 | SSA variable with_mod | classes.py:757:5:757:12 | ControlFlowNode for with_mod |
| classes.py:757:5:757:12 | ControlFlowNode for with_mod | classes.py:747:17:747:20 | SSA variable self |
| classes.py:777:17:777:20 | SSA variable self | classes.py:779:15:779:18 | ControlFlowNode for self |
| classes.py:791:5:791:12 | SSA variable with_pow | classes.py:793:5:793:12 | ControlFlowNode for with_pow |
| classes.py:793:5:793:12 | ControlFlowNode for with_pow | classes.py:777:17:777:20 | SSA variable self |
| classes.py:798:20:798:23 | SSA variable self | classes.py:800:15:800:18 | ControlFlowNode for self |
| classes.py:806:5:806:15 | SSA variable with_lshift | classes.py:808:5:808:15 | ControlFlowNode for with_lshift |
| classes.py:808:5:808:15 | ControlFlowNode for with_lshift | classes.py:798:20:798:23 | SSA variable self |
| classes.py:813:20:813:23 | SSA variable self | classes.py:815:15:815:18 | ControlFlowNode for self |
| classes.py:821:5:821:15 | SSA variable with_rshift | classes.py:823:5:823:15 | ControlFlowNode for with_rshift |
| classes.py:823:5:823:15 | ControlFlowNode for with_rshift | classes.py:813:20:813:23 | SSA variable self |
| classes.py:828:17:828:20 | SSA variable self | classes.py:830:15:830:18 | ControlFlowNode for self |
| classes.py:836:5:836:12 | SSA variable with_and | classes.py:838:5:838:12 | ControlFlowNode for with_and |
| classes.py:838:5:838:12 | ControlFlowNode for with_and | classes.py:828:17:828:20 | SSA variable self |
| classes.py:843:17:843:20 | SSA variable self | classes.py:845:15:845:18 | ControlFlowNode for self |
| classes.py:851:5:851:12 | SSA variable with_xor | classes.py:853:5:853:12 | ControlFlowNode for with_xor |
| classes.py:853:5:853:12 | ControlFlowNode for with_xor | classes.py:843:17:843:20 | SSA variable self |
| classes.py:858:16:858:19 | SSA variable self | classes.py:860:15:860:18 | ControlFlowNode for self |
| classes.py:866:5:866:11 | SSA variable with_or | classes.py:868:5:868:11 | ControlFlowNode for with_or |
| classes.py:868:5:868:11 | ControlFlowNode for with_or | classes.py:858:16:858:19 | SSA variable self |
nodes
| argumentPassing.py:65:5:65:5 | SSA variable a | semmle.label | SSA variable a |
| argumentPassing.py:75:11:75:11 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
| argumentPassing.py:89:22:89:25 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:94:22:94:25 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:97:19:97:19 | SSA variable a | semmle.label | SSA variable a |
| argumentPassing.py:98:11:98:11 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
| argumentPassing.py:104:19:104:22 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:105:19:105:22 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:106:19:106:22 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:109:27:109:27 | SSA variable a | semmle.label | SSA variable a |
| argumentPassing.py:110:11:110:11 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
| argumentPassing.py:117:45:117:48 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:118:27:118:30 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:119:27:119:30 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:120:5:120:70 | KwUnpacked a | semmle.label | KwUnpacked a |
| argumentPassing.py:120:59:120:69 | ControlFlowNode for Dict [Dictionary element at key a] | semmle.label | ControlFlowNode for Dict [Dictionary element at key a] |
| argumentPassing.py:120:65:120:68 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:123:28:123:28 | SSA variable a | semmle.label | SSA variable a |
| argumentPassing.py:124:11:124:11 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
| argumentPassing.py:132:28:132:31 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:138:22:138:24 | SSA variable foo | semmle.label | SSA variable foo |
| argumentPassing.py:139:11:139:13 | ControlFlowNode for foo | semmle.label | ControlFlowNode for foo |
| argumentPassing.py:160:46:160:49 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:165:18:165:18 | SSA variable a | semmle.label | SSA variable a |
| argumentPassing.py:166:15:166:15 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
| argumentPassing.py:168:14:168:17 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:172:23:172:23 | SSA variable a | semmle.label | SSA variable a |
| argumentPassing.py:173:15:173:15 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
| argumentPassing.py:175:19:175:22 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:179:20:179:20 | SSA variable a [Tuple element at index 0] | semmle.label | SSA variable a [Tuple element at index 0] |
| argumentPassing.py:181:19:181:19 | ControlFlowNode for a [Tuple element at index 0] | semmle.label | ControlFlowNode for a [Tuple element at index 0] |
| argumentPassing.py:181:19:181:22 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| argumentPassing.py:183:5:183:19 | PosOverflowNode for with_star() [Tuple element at index 0] | semmle.label | PosOverflowNode for with_star() [Tuple element at index 0] |
| argumentPassing.py:183:15:183:18 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:187:17:187:17 | SSA variable a | semmle.label | SSA variable a |
| argumentPassing.py:188:15:188:15 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
| argumentPassing.py:190:13:190:16 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:194:18:194:18 | SSA variable a | semmle.label | SSA variable a |
| argumentPassing.py:195:15:195:15 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
| argumentPassing.py:197:16:197:19 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:201:17:201:17 | SSA variable a | semmle.label | SSA variable a |
| argumentPassing.py:202:15:202:15 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
| argumentPassing.py:204:15:204:18 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| argumentPassing.py:208:27:208:27 | SSA variable a [Dictionary element at key a] | semmle.label | SSA variable a [Dictionary element at key a] |
| argumentPassing.py:209:15:209:15 | ControlFlowNode for a [Dictionary element at key a] | semmle.label | ControlFlowNode for a [Dictionary element at key a] |
| argumentPassing.py:209:15:209:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| argumentPassing.py:211:5:211:27 | KwOverflowNode for with_doublestar() [Dictionary element at key a] | semmle.label | KwOverflowNode for with_doublestar() [Dictionary element at key a] |
| argumentPassing.py:211:23:211:26 | ControlFlowNode for arg1 | semmle.label | ControlFlowNode for arg1 |
| classes.py:555:21:555:24 | SSA variable self | semmle.label | SSA variable self |
| classes.py:557:15:557:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:563:5:563:16 | SSA variable with_getitem | semmle.label | SSA variable with_getitem |
| classes.py:565:5:565:16 | ControlFlowNode for with_getitem | semmle.label | ControlFlowNode for with_getitem |
| classes.py:570:21:570:24 | SSA variable self | semmle.label | SSA variable self |
| classes.py:573:15:573:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:578:5:578:16 | SSA variable with_setitem | semmle.label | SSA variable with_setitem |
| classes.py:581:5:581:16 | ControlFlowNode for with_setitem | semmle.label | ControlFlowNode for with_setitem |
| classes.py:586:21:586:24 | SSA variable self | semmle.label | SSA variable self |
| classes.py:588:15:588:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:593:5:593:16 | SSA variable with_delitem | semmle.label | SSA variable with_delitem |
| classes.py:595:9:595:20 | ControlFlowNode for with_delitem | semmle.label | ControlFlowNode for with_delitem |
| classes.py:657:17:657:20 | SSA variable self | semmle.label | SSA variable self |
| classes.py:659:15:659:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:665:5:665:12 | SSA variable with_add | semmle.label | SSA variable with_add |
| classes.py:667:5:667:12 | ControlFlowNode for with_add | semmle.label | ControlFlowNode for with_add |
| classes.py:672:17:672:20 | SSA variable self | semmle.label | SSA variable self |
| classes.py:674:15:674:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:680:5:680:12 | SSA variable with_sub | semmle.label | SSA variable with_sub |
| classes.py:682:5:682:12 | ControlFlowNode for with_sub | semmle.label | ControlFlowNode for with_sub |
| classes.py:687:17:687:20 | SSA variable self | semmle.label | SSA variable self |
| classes.py:689:15:689:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:695:5:695:12 | SSA variable with_mul | semmle.label | SSA variable with_mul |
| classes.py:697:5:697:12 | ControlFlowNode for with_mul | semmle.label | ControlFlowNode for with_mul |
| classes.py:702:20:702:23 | SSA variable self | semmle.label | SSA variable self |
| classes.py:704:15:704:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:710:5:710:15 | SSA variable with_matmul | semmle.label | SSA variable with_matmul |
| classes.py:712:5:712:15 | ControlFlowNode for with_matmul | semmle.label | ControlFlowNode for with_matmul |
| classes.py:717:21:717:24 | SSA variable self | semmle.label | SSA variable self |
| classes.py:719:15:719:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:725:5:725:16 | SSA variable with_truediv | semmle.label | SSA variable with_truediv |
| classes.py:727:5:727:16 | ControlFlowNode for with_truediv | semmle.label | ControlFlowNode for with_truediv |
| classes.py:732:22:732:25 | SSA variable self | semmle.label | SSA variable self |
| classes.py:734:15:734:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:740:5:740:17 | SSA variable with_floordiv | semmle.label | SSA variable with_floordiv |
| classes.py:742:5:742:17 | ControlFlowNode for with_floordiv | semmle.label | ControlFlowNode for with_floordiv |
| classes.py:747:17:747:20 | SSA variable self | semmle.label | SSA variable self |
| classes.py:749:15:749:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:755:5:755:12 | SSA variable with_mod | semmle.label | SSA variable with_mod |
| classes.py:757:5:757:12 | ControlFlowNode for with_mod | semmle.label | ControlFlowNode for with_mod |
| classes.py:777:17:777:20 | SSA variable self | semmle.label | SSA variable self |
| classes.py:779:15:779:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:791:5:791:12 | SSA variable with_pow | semmle.label | SSA variable with_pow |
| classes.py:793:5:793:12 | ControlFlowNode for with_pow | semmle.label | ControlFlowNode for with_pow |
| classes.py:798:20:798:23 | SSA variable self | semmle.label | SSA variable self |
| classes.py:800:15:800:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:806:5:806:15 | SSA variable with_lshift | semmle.label | SSA variable with_lshift |
| classes.py:808:5:808:15 | ControlFlowNode for with_lshift | semmle.label | ControlFlowNode for with_lshift |
| classes.py:813:20:813:23 | SSA variable self | semmle.label | SSA variable self |
| classes.py:815:15:815:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:821:5:821:15 | SSA variable with_rshift | semmle.label | SSA variable with_rshift |
| classes.py:823:5:823:15 | ControlFlowNode for with_rshift | semmle.label | ControlFlowNode for with_rshift |
| classes.py:828:17:828:20 | SSA variable self | semmle.label | SSA variable self |
| classes.py:830:15:830:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:836:5:836:12 | SSA variable with_and | semmle.label | SSA variable with_and |
| classes.py:838:5:838:12 | ControlFlowNode for with_and | semmle.label | ControlFlowNode for with_and |
| classes.py:843:17:843:20 | SSA variable self | semmle.label | SSA variable self |
| classes.py:845:15:845:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:851:5:851:12 | SSA variable with_xor | semmle.label | SSA variable with_xor |
| classes.py:853:5:853:12 | ControlFlowNode for with_xor | semmle.label | ControlFlowNode for with_xor |
| classes.py:858:16:858:19 | SSA variable self | semmle.label | SSA variable self |
| classes.py:860:15:860:18 | ControlFlowNode for self | semmle.label | ControlFlowNode for self |
| classes.py:866:5:866:11 | SSA variable with_or | semmle.label | SSA variable with_or |
| classes.py:868:5:868:11 | ControlFlowNode for with_or | semmle.label | ControlFlowNode for with_or |
#select
| argumentPassing.py:89:22:89:25 | ControlFlowNode for arg1 | argumentPassing.py:89:22:89:25 | ControlFlowNode for arg1 | argumentPassing.py:75:11:75:11 | ControlFlowNode for a | Flow found |
| argumentPassing.py:94:22:94:25 | ControlFlowNode for arg1 | argumentPassing.py:94:22:94:25 | ControlFlowNode for arg1 | argumentPassing.py:75:11:75:11 | ControlFlowNode for a | Flow found |
| argumentPassing.py:104:19:104:22 | ControlFlowNode for arg1 | argumentPassing.py:104:19:104:22 | ControlFlowNode for arg1 | argumentPassing.py:98:11:98:11 | ControlFlowNode for a | Flow found |
| argumentPassing.py:105:19:105:22 | ControlFlowNode for arg1 | argumentPassing.py:105:19:105:22 | ControlFlowNode for arg1 | argumentPassing.py:98:11:98:11 | ControlFlowNode for a | Flow found |
| argumentPassing.py:106:19:106:22 | ControlFlowNode for arg1 | argumentPassing.py:106:19:106:22 | ControlFlowNode for arg1 | argumentPassing.py:98:11:98:11 | ControlFlowNode for a | Flow found |
| argumentPassing.py:117:45:117:48 | ControlFlowNode for arg1 | argumentPassing.py:117:45:117:48 | ControlFlowNode for arg1 | argumentPassing.py:110:11:110:11 | ControlFlowNode for a | Flow found |
| argumentPassing.py:118:27:118:30 | ControlFlowNode for arg1 | argumentPassing.py:118:27:118:30 | ControlFlowNode for arg1 | argumentPassing.py:110:11:110:11 | ControlFlowNode for a | Flow found |
| argumentPassing.py:119:27:119:30 | ControlFlowNode for arg1 | argumentPassing.py:119:27:119:30 | ControlFlowNode for arg1 | argumentPassing.py:110:11:110:11 | ControlFlowNode for a | Flow found |
| argumentPassing.py:120:65:120:68 | ControlFlowNode for arg1 | argumentPassing.py:120:65:120:68 | ControlFlowNode for arg1 | argumentPassing.py:110:11:110:11 | ControlFlowNode for a | Flow found |
| argumentPassing.py:132:28:132:31 | ControlFlowNode for arg1 | argumentPassing.py:132:28:132:31 | ControlFlowNode for arg1 | argumentPassing.py:124:11:124:11 | ControlFlowNode for a | Flow found |
| argumentPassing.py:160:46:160:49 | ControlFlowNode for arg1 | argumentPassing.py:160:46:160:49 | ControlFlowNode for arg1 | argumentPassing.py:139:11:139:13 | ControlFlowNode for foo | Flow found |
| argumentPassing.py:168:14:168:17 | ControlFlowNode for arg1 | argumentPassing.py:168:14:168:17 | ControlFlowNode for arg1 | argumentPassing.py:166:15:166:15 | ControlFlowNode for a | Flow found |
| argumentPassing.py:175:19:175:22 | ControlFlowNode for arg1 | argumentPassing.py:175:19:175:22 | ControlFlowNode for arg1 | argumentPassing.py:173:15:173:15 | ControlFlowNode for a | Flow found |
| argumentPassing.py:183:15:183:18 | ControlFlowNode for arg1 | argumentPassing.py:183:15:183:18 | ControlFlowNode for arg1 | argumentPassing.py:181:19:181:22 | ControlFlowNode for Subscript | Flow found |
| argumentPassing.py:190:13:190:16 | ControlFlowNode for arg1 | argumentPassing.py:190:13:190:16 | ControlFlowNode for arg1 | argumentPassing.py:188:15:188:15 | ControlFlowNode for a | Flow found |
| argumentPassing.py:197:16:197:19 | ControlFlowNode for arg1 | argumentPassing.py:197:16:197:19 | ControlFlowNode for arg1 | argumentPassing.py:195:15:195:15 | ControlFlowNode for a | Flow found |
| argumentPassing.py:204:15:204:18 | ControlFlowNode for arg1 | argumentPassing.py:204:15:204:18 | ControlFlowNode for arg1 | argumentPassing.py:202:15:202:15 | ControlFlowNode for a | Flow found |
| argumentPassing.py:211:23:211:26 | ControlFlowNode for arg1 | argumentPassing.py:211:23:211:26 | ControlFlowNode for arg1 | argumentPassing.py:209:15:209:20 | ControlFlowNode for Subscript | Flow found |
| classes.py:563:5:563:16 | SSA variable with_getitem | classes.py:563:5:563:16 | SSA variable with_getitem | classes.py:557:15:557:18 | ControlFlowNode for self | Flow found |
| classes.py:578:5:578:16 | SSA variable with_setitem | classes.py:578:5:578:16 | SSA variable with_setitem | classes.py:573:15:573:18 | ControlFlowNode for self | Flow found |
| classes.py:593:5:593:16 | SSA variable with_delitem | classes.py:593:5:593:16 | SSA variable with_delitem | classes.py:588:15:588:18 | ControlFlowNode for self | Flow found |
| classes.py:665:5:665:12 | SSA variable with_add | classes.py:665:5:665:12 | SSA variable with_add | classes.py:659:15:659:18 | ControlFlowNode for self | Flow found |
| classes.py:680:5:680:12 | SSA variable with_sub | classes.py:680:5:680:12 | SSA variable with_sub | classes.py:674:15:674:18 | ControlFlowNode for self | Flow found |
| classes.py:695:5:695:12 | SSA variable with_mul | classes.py:695:5:695:12 | SSA variable with_mul | classes.py:689:15:689:18 | ControlFlowNode for self | Flow found |
| classes.py:710:5:710:15 | SSA variable with_matmul | classes.py:710:5:710:15 | SSA variable with_matmul | classes.py:704:15:704:18 | ControlFlowNode for self | Flow found |
| classes.py:725:5:725:16 | SSA variable with_truediv | classes.py:725:5:725:16 | SSA variable with_truediv | classes.py:719:15:719:18 | ControlFlowNode for self | Flow found |
| classes.py:740:5:740:17 | SSA variable with_floordiv | classes.py:740:5:740:17 | SSA variable with_floordiv | classes.py:734:15:734:18 | ControlFlowNode for self | Flow found |
| classes.py:755:5:755:12 | SSA variable with_mod | classes.py:755:5:755:12 | SSA variable with_mod | classes.py:749:15:749:18 | ControlFlowNode for self | Flow found |
| classes.py:791:5:791:12 | SSA variable with_pow | classes.py:791:5:791:12 | SSA variable with_pow | classes.py:779:15:779:18 | ControlFlowNode for self | Flow found |
| classes.py:806:5:806:15 | SSA variable with_lshift | classes.py:806:5:806:15 | SSA variable with_lshift | classes.py:800:15:800:18 | ControlFlowNode for self | Flow found |
| classes.py:821:5:821:15 | SSA variable with_rshift | classes.py:821:5:821:15 | SSA variable with_rshift | classes.py:815:15:815:18 | ControlFlowNode for self | Flow found |
| classes.py:836:5:836:12 | SSA variable with_and | classes.py:836:5:836:12 | SSA variable with_and | classes.py:830:15:830:18 | ControlFlowNode for self | Flow found |
| classes.py:851:5:851:12 | SSA variable with_xor | classes.py:851:5:851:12 | SSA variable with_xor | classes.py:845:15:845:18 | ControlFlowNode for self | Flow found |
| classes.py:866:5:866:11 | SSA variable with_or | classes.py:866:5:866:11 | SSA variable with_or | classes.py:860:15:860:18 | ControlFlowNode for self | Flow found |

32
python/ql/test/experimental/dataflow/coverage/argumentRouting1.ql
View File

@@ -1,5 +1,11 @@
/**
* @kind path-problem
*/
import python
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.DataFlow
import DataFlow::PathGraph
private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate
/**
* A configuration to check routing of arguments through magic methods.
@@ -8,10 +14,12 @@ class ArgumentRoutingConfig extends DataFlow::Configuration {
ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
override predicate isSource(DataFlow::Node node) {
exists(AssignmentDefinition def, DataFlow::DataFlowCall call |
node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg1"
or
exists(AssignmentDefinition def, DataFlowPrivate::DataFlowCall call |
def.getVariable() = node.(DataFlow::EssaNode).getVar() and
def.getValue() = call.getNode() and
call.getCallable().getName().matches("With\\_%")
call.getNode().(CallNode).getFunction().(NameNode).getId().matches("With\\_%")
) and
node.(DataFlow::EssaNode).getVar().getName().matches("with\\_%")
}
@@ -22,11 +30,19 @@ class ArgumentRoutingConfig extends DataFlow::Configuration {
node.(DataFlow::CfgNode).getNode() = call.getAnArg()
)
}
/**
* We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
* Use-use flow lets the argument to the first call reach the sink inside the second call,
* making it seem like we handle all cases even if we only handle the last one.
* We make the test honest by preventing flow into source nodes.
*/
override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}
from DataFlow::Node source, DataFlow::Node sink
from DataFlow::PathNode source, DataFlow::PathNode sink
where
source.getLocation().getFile().getBaseName() = "classes.py" and
sink.getLocation().getFile().getBaseName() = "classes.py" and
exists(ArgumentRoutingConfig cfg | cfg.hasFlow(source, sink))
select source, sink
source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
select source.getNode(), source, sink, "Flow found"

163
python/ql/test/experimental/dataflow/coverage/argumentRouting2.expected
View File

@@ -1,16 +1,147 @@
| classes.py:622:18:622:21 | ControlFlowNode for arg2 | classes.py:613:15:613:17 | ControlFlowNode for key |
| classes.py:640:18:640:21 | ControlFlowNode for arg2 | classes.py:631:15:631:17 | ControlFlowNode for key |
| classes.py:656:22:656:25 | ControlFlowNode for arg2 | classes.py:648:15:648:17 | ControlFlowNode for key |
| classes.py:737:16:737:19 | ControlFlowNode for arg2 | classes.py:728:15:728:19 | ControlFlowNode for other |
| classes.py:754:16:754:19 | ControlFlowNode for arg2 | classes.py:745:15:745:19 | ControlFlowNode for other |
| classes.py:771:16:771:19 | ControlFlowNode for arg2 | classes.py:762:15:762:19 | ControlFlowNode for other |
| classes.py:788:19:788:22 | ControlFlowNode for arg2 | classes.py:779:15:779:19 | ControlFlowNode for other |
| classes.py:805:20:805:23 | ControlFlowNode for arg2 | classes.py:796:15:796:19 | ControlFlowNode for other |
| classes.py:822:22:822:25 | ControlFlowNode for arg2 | classes.py:813:15:813:19 | ControlFlowNode for other |
| classes.py:839:16:839:19 | ControlFlowNode for arg2 | classes.py:830:15:830:19 | ControlFlowNode for other |
| classes.py:879:17:879:20 | ControlFlowNode for arg2 | classes.py:864:15:864:19 | ControlFlowNode for other |
| classes.py:896:20:896:23 | ControlFlowNode for arg2 | classes.py:887:15:887:19 | ControlFlowNode for other |
| classes.py:913:20:913:23 | ControlFlowNode for arg2 | classes.py:904:15:904:19 | ControlFlowNode for other |
| classes.py:930:16:930:19 | ControlFlowNode for arg2 | classes.py:921:15:921:19 | ControlFlowNode for other |
| classes.py:947:16:947:19 | ControlFlowNode for arg2 | classes.py:938:15:938:19 | ControlFlowNode for other |
| classes.py:964:15:964:18 | ControlFlowNode for arg2 | classes.py:955:15:955:19 | ControlFlowNode for other |
edges
| argumentPassing.py:66:5:66:5 | SSA variable b | argumentPassing.py:76:11:76:11 | ControlFlowNode for b |
| argumentPassing.py:94:28:94:31 | ControlFlowNode for arg2 | argumentPassing.py:66:5:66:5 | SSA variable b |
| argumentPassing.py:97:25:97:25 | SSA variable b | argumentPassing.py:99:11:99:11 | ControlFlowNode for b |
| argumentPassing.py:104:25:104:28 | ControlFlowNode for arg2 | argumentPassing.py:97:25:97:25 | SSA variable b |
| argumentPassing.py:105:27:105:30 | ControlFlowNode for arg2 | argumentPassing.py:97:25:97:25 | SSA variable b |
| argumentPassing.py:109:30:109:30 | SSA variable b | argumentPassing.py:111:11:111:11 | ControlFlowNode for b |
| argumentPassing.py:117:29:117:32 | ControlFlowNode for arg2 | argumentPassing.py:109:30:109:30 | SSA variable b |
| argumentPassing.py:120:5:120:70 | KwUnpacked b | argumentPassing.py:109:30:109:30 | SSA variable b |
| argumentPassing.py:120:29:120:39 | ControlFlowNode for Dict [Dictionary element at key b] | argumentPassing.py:120:5:120:70 | KwUnpacked b |
| argumentPassing.py:120:35:120:38 | ControlFlowNode for arg2 | argumentPassing.py:120:29:120:39 | ControlFlowNode for Dict [Dictionary element at key b] |
| argumentPassing.py:123:36:123:36 | SSA variable b | argumentPassing.py:125:11:125:11 | ControlFlowNode for b |
| argumentPassing.py:133:30:133:33 | ControlFlowNode for arg2 | argumentPassing.py:123:36:123:36 | SSA variable b |
| argumentPassing.py:138:29:138:34 | SSA variable kwargs [Dictionary element at key bar] | argumentPassing.py:140:20:140:25 | ControlFlowNode for kwargs [Dictionary element at key bar] |
| argumentPassing.py:140:5:140:26 | KwUnpacked bar | argumentPassing.py:145:18:145:20 | SSA variable bar |
| argumentPassing.py:140:20:140:25 | ControlFlowNode for kwargs [Dictionary element at key bar] | argumentPassing.py:140:5:140:26 | KwUnpacked bar |
| argumentPassing.py:145:18:145:20 | SSA variable bar | argumentPassing.py:146:11:146:13 | ControlFlowNode for bar |
| argumentPassing.py:160:5:160:50 | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key bar] | argumentPassing.py:138:29:138:34 | SSA variable kwargs [Dictionary element at key bar] |
| argumentPassing.py:160:36:160:39 | ControlFlowNode for arg2 | argumentPassing.py:160:5:160:50 | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key bar] |
| classes.py:555:27:555:29 | SSA variable key | classes.py:556:15:556:17 | ControlFlowNode for key |
| classes.py:565:18:565:21 | ControlFlowNode for arg2 | classes.py:555:27:555:29 | SSA variable key |
| classes.py:570:27:570:29 | SSA variable key | classes.py:572:15:572:17 | ControlFlowNode for key |
| classes.py:581:18:581:21 | ControlFlowNode for arg2 | classes.py:570:27:570:29 | SSA variable key |
| classes.py:586:27:586:29 | SSA variable key | classes.py:587:15:587:17 | ControlFlowNode for key |
| classes.py:595:22:595:25 | ControlFlowNode for arg2 | classes.py:586:27:586:29 | SSA variable key |
| classes.py:657:23:657:27 | SSA variable other | classes.py:658:15:658:19 | ControlFlowNode for other |
| classes.py:667:16:667:19 | ControlFlowNode for arg2 | classes.py:657:23:657:27 | SSA variable other |
| classes.py:672:23:672:27 | SSA variable other | classes.py:673:15:673:19 | ControlFlowNode for other |
| classes.py:682:16:682:19 | ControlFlowNode for arg2 | classes.py:672:23:672:27 | SSA variable other |
| classes.py:687:23:687:27 | SSA variable other | classes.py:688:15:688:19 | ControlFlowNode for other |
| classes.py:697:16:697:19 | ControlFlowNode for arg2 | classes.py:687:23:687:27 | SSA variable other |
| classes.py:702:26:702:30 | SSA variable other | classes.py:703:15:703:19 | ControlFlowNode for other |
| classes.py:712:19:712:22 | ControlFlowNode for arg2 | classes.py:702:26:702:30 | SSA variable other |
| classes.py:717:27:717:31 | SSA variable other | classes.py:718:15:718:19 | ControlFlowNode for other |
| classes.py:727:20:727:23 | ControlFlowNode for arg2 | classes.py:717:27:717:31 | SSA variable other |
| classes.py:732:28:732:32 | SSA variable other | classes.py:733:15:733:19 | ControlFlowNode for other |
| classes.py:742:22:742:25 | ControlFlowNode for arg2 | classes.py:732:28:732:32 | SSA variable other |
| classes.py:747:23:747:27 | SSA variable other | classes.py:748:15:748:19 | ControlFlowNode for other |
| classes.py:757:16:757:19 | ControlFlowNode for arg2 | classes.py:747:23:747:27 | SSA variable other |
| classes.py:777:23:777:27 | SSA variable other | classes.py:778:15:778:19 | ControlFlowNode for other |
| classes.py:793:17:793:20 | ControlFlowNode for arg2 | classes.py:777:23:777:27 | SSA variable other |
| classes.py:798:26:798:30 | SSA variable other | classes.py:799:15:799:19 | ControlFlowNode for other |
| classes.py:808:20:808:23 | ControlFlowNode for arg2 | classes.py:798:26:798:30 | SSA variable other |
| classes.py:813:26:813:30 | SSA variable other | classes.py:814:15:814:19 | ControlFlowNode for other |
| classes.py:823:20:823:23 | ControlFlowNode for arg2 | classes.py:813:26:813:30 | SSA variable other |
| classes.py:828:23:828:27 | SSA variable other | classes.py:829:15:829:19 | ControlFlowNode for other |
| classes.py:838:16:838:19 | ControlFlowNode for arg2 | classes.py:828:23:828:27 | SSA variable other |
| classes.py:843:23:843:27 | SSA variable other | classes.py:844:15:844:19 | ControlFlowNode for other |
| classes.py:853:16:853:19 | ControlFlowNode for arg2 | classes.py:843:23:843:27 | SSA variable other |
| classes.py:858:22:858:26 | SSA variable other | classes.py:859:15:859:19 | ControlFlowNode for other |
| classes.py:868:15:868:18 | ControlFlowNode for arg2 | classes.py:858:22:858:26 | SSA variable other |
nodes
| argumentPassing.py:66:5:66:5 | SSA variable b | semmle.label | SSA variable b |
| argumentPassing.py:76:11:76:11 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
| argumentPassing.py:94:28:94:31 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| argumentPassing.py:97:25:97:25 | SSA variable b | semmle.label | SSA variable b |
| argumentPassing.py:99:11:99:11 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
| argumentPassing.py:104:25:104:28 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| argumentPassing.py:105:27:105:30 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| argumentPassing.py:109:30:109:30 | SSA variable b | semmle.label | SSA variable b |
| argumentPassing.py:111:11:111:11 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
| argumentPassing.py:117:29:117:32 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| argumentPassing.py:120:5:120:70 | KwUnpacked b | semmle.label | KwUnpacked b |
| argumentPassing.py:120:29:120:39 | ControlFlowNode for Dict [Dictionary element at key b] | semmle.label | ControlFlowNode for Dict [Dictionary element at key b] |
| argumentPassing.py:120:35:120:38 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| argumentPassing.py:123:36:123:36 | SSA variable b | semmle.label | SSA variable b |
| argumentPassing.py:125:11:125:11 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
| argumentPassing.py:133:30:133:33 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| argumentPassing.py:138:29:138:34 | SSA variable kwargs [Dictionary element at key bar] | semmle.label | SSA variable kwargs [Dictionary element at key bar] |
| argumentPassing.py:140:5:140:26 | KwUnpacked bar | semmle.label | KwUnpacked bar |
| argumentPassing.py:140:20:140:25 | ControlFlowNode for kwargs [Dictionary element at key bar] | semmle.label | ControlFlowNode for kwargs [Dictionary element at key bar] |
| argumentPassing.py:145:18:145:20 | SSA variable bar | semmle.label | SSA variable bar |
| argumentPassing.py:146:11:146:13 | ControlFlowNode for bar | semmle.label | ControlFlowNode for bar |
| argumentPassing.py:160:5:160:50 | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key bar] | semmle.label | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key bar] |
| argumentPassing.py:160:36:160:39 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:555:27:555:29 | SSA variable key | semmle.label | SSA variable key |
| classes.py:556:15:556:17 | ControlFlowNode for key | semmle.label | ControlFlowNode for key |
| classes.py:565:18:565:21 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:570:27:570:29 | SSA variable key | semmle.label | SSA variable key |
| classes.py:572:15:572:17 | ControlFlowNode for key | semmle.label | ControlFlowNode for key |
| classes.py:581:18:581:21 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:586:27:586:29 | SSA variable key | semmle.label | SSA variable key |
| classes.py:587:15:587:17 | ControlFlowNode for key | semmle.label | ControlFlowNode for key |
| classes.py:595:22:595:25 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:657:23:657:27 | SSA variable other | semmle.label | SSA variable other |
| classes.py:658:15:658:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:667:16:667:19 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:672:23:672:27 | SSA variable other | semmle.label | SSA variable other |
| classes.py:673:15:673:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:682:16:682:19 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:687:23:687:27 | SSA variable other | semmle.label | SSA variable other |
| classes.py:688:15:688:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:697:16:697:19 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:702:26:702:30 | SSA variable other | semmle.label | SSA variable other |
| classes.py:703:15:703:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:712:19:712:22 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:717:27:717:31 | SSA variable other | semmle.label | SSA variable other |
| classes.py:718:15:718:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:727:20:727:23 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:732:28:732:32 | SSA variable other | semmle.label | SSA variable other |
| classes.py:733:15:733:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:742:22:742:25 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:747:23:747:27 | SSA variable other | semmle.label | SSA variable other |
| classes.py:748:15:748:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:757:16:757:19 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:777:23:777:27 | SSA variable other | semmle.label | SSA variable other |
| classes.py:778:15:778:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:793:17:793:20 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:798:26:798:30 | SSA variable other | semmle.label | SSA variable other |
| classes.py:799:15:799:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:808:20:808:23 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:813:26:813:30 | SSA variable other | semmle.label | SSA variable other |
| classes.py:814:15:814:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:823:20:823:23 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:828:23:828:27 | SSA variable other | semmle.label | SSA variable other |
| classes.py:829:15:829:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:838:16:838:19 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:843:23:843:27 | SSA variable other | semmle.label | SSA variable other |
| classes.py:844:15:844:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:853:16:853:19 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
| classes.py:858:22:858:26 | SSA variable other | semmle.label | SSA variable other |
| classes.py:859:15:859:19 | ControlFlowNode for other | semmle.label | ControlFlowNode for other |
| classes.py:868:15:868:18 | ControlFlowNode for arg2 | semmle.label | ControlFlowNode for arg2 |
#select
| argumentPassing.py:94:28:94:31 | ControlFlowNode for arg2 | argumentPassing.py:94:28:94:31 | ControlFlowNode for arg2 | argumentPassing.py:76:11:76:11 | ControlFlowNode for b | Flow found |
| argumentPassing.py:104:25:104:28 | ControlFlowNode for arg2 | argumentPassing.py:104:25:104:28 | ControlFlowNode for arg2 | argumentPassing.py:99:11:99:11 | ControlFlowNode for b | Flow found |
| argumentPassing.py:105:27:105:30 | ControlFlowNode for arg2 | argumentPassing.py:105:27:105:30 | ControlFlowNode for arg2 | argumentPassing.py:99:11:99:11 | ControlFlowNode for b | Flow found |
| argumentPassing.py:117:29:117:32 | ControlFlowNode for arg2 | argumentPassing.py:117:29:117:32 | ControlFlowNode for arg2 | argumentPassing.py:111:11:111:11 | ControlFlowNode for b | Flow found |
| argumentPassing.py:120:35:120:38 | ControlFlowNode for arg2 | argumentPassing.py:120:35:120:38 | ControlFlowNode for arg2 | argumentPassing.py:111:11:111:11 | ControlFlowNode for b | Flow found |
| argumentPassing.py:133:30:133:33 | ControlFlowNode for arg2 | argumentPassing.py:133:30:133:33 | ControlFlowNode for arg2 | argumentPassing.py:125:11:125:11 | ControlFlowNode for b | Flow found |
| argumentPassing.py:160:36:160:39 | ControlFlowNode for arg2 | argumentPassing.py:160:36:160:39 | ControlFlowNode for arg2 | argumentPassing.py:146:11:146:13 | ControlFlowNode for bar | Flow found |
| classes.py:565:18:565:21 | ControlFlowNode for arg2 | classes.py:565:18:565:21 | ControlFlowNode for arg2 | classes.py:556:15:556:17 | ControlFlowNode for key | Flow found |
| classes.py:581:18:581:21 | ControlFlowNode for arg2 | classes.py:581:18:581:21 | ControlFlowNode for arg2 | classes.py:572:15:572:17 | ControlFlowNode for key | Flow found |
| classes.py:595:22:595:25 | ControlFlowNode for arg2 | classes.py:595:22:595:25 | ControlFlowNode for arg2 | classes.py:587:15:587:17 | ControlFlowNode for key | Flow found |
| classes.py:667:16:667:19 | ControlFlowNode for arg2 | classes.py:667:16:667:19 | ControlFlowNode for arg2 | classes.py:658:15:658:19 | ControlFlowNode for other | Flow found |
| classes.py:682:16:682:19 | ControlFlowNode for arg2 | classes.py:682:16:682:19 | ControlFlowNode for arg2 | classes.py:673:15:673:19 | ControlFlowNode for other | Flow found |
| classes.py:697:16:697:19 | ControlFlowNode for arg2 | classes.py:697:16:697:19 | ControlFlowNode for arg2 | classes.py:688:15:688:19 | ControlFlowNode for other | Flow found |
| classes.py:712:19:712:22 | ControlFlowNode for arg2 | classes.py:712:19:712:22 | ControlFlowNode for arg2 | classes.py:703:15:703:19 | ControlFlowNode for other | Flow found |
| classes.py:727:20:727:23 | ControlFlowNode for arg2 | classes.py:727:20:727:23 | ControlFlowNode for arg2 | classes.py:718:15:718:19 | ControlFlowNode for other | Flow found |
| classes.py:742:22:742:25 | ControlFlowNode for arg2 | classes.py:742:22:742:25 | ControlFlowNode for arg2 | classes.py:733:15:733:19 | ControlFlowNode for other | Flow found |
| classes.py:757:16:757:19 | ControlFlowNode for arg2 | classes.py:757:16:757:19 | ControlFlowNode for arg2 | classes.py:748:15:748:19 | ControlFlowNode for other | Flow found |
| classes.py:793:17:793:20 | ControlFlowNode for arg2 | classes.py:793:17:793:20 | ControlFlowNode for arg2 | classes.py:778:15:778:19 | ControlFlowNode for other | Flow found |
| classes.py:808:20:808:23 | ControlFlowNode for arg2 | classes.py:808:20:808:23 | ControlFlowNode for arg2 | classes.py:799:15:799:19 | ControlFlowNode for other | Flow found |
| classes.py:823:20:823:23 | ControlFlowNode for arg2 | classes.py:823:20:823:23 | ControlFlowNode for arg2 | classes.py:814:15:814:19 | ControlFlowNode for other | Flow found |
| classes.py:838:16:838:19 | ControlFlowNode for arg2 | classes.py:838:16:838:19 | ControlFlowNode for arg2 | classes.py:829:15:829:19 | ControlFlowNode for other | Flow found |
| classes.py:853:16:853:19 | ControlFlowNode for arg2 | classes.py:853:16:853:19 | ControlFlowNode for arg2 | classes.py:844:15:844:19 | ControlFlowNode for other | Flow found |
| classes.py:868:15:868:18 | ControlFlowNode for arg2 | classes.py:868:15:868:18 | ControlFlowNode for arg2 | classes.py:859:15:859:19 | ControlFlowNode for other | Flow found |

25
python/ql/test/experimental/dataflow/coverage/argumentRouting2.ql
View File

@@ -1,5 +1,10 @@
/**
* @kind path-problem
*/
import python
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.DataFlow
import DataFlow::PathGraph
/**
* A configuration to check routing of arguments through magic methods.
@@ -17,11 +22,19 @@ class ArgumentRoutingConfig extends DataFlow::Configuration {
node.(DataFlow::CfgNode).getNode() = call.getAnArg()
)
}
/**
* We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
* Use-use flow lets the argument to the first call reach the sink inside the second call,
* making it seem like we handle all cases even if we only handle the last one.
* We make the test honest by preventing flow into source nodes.
*/
override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}
from DataFlow::Node source, DataFlow::Node sink
from DataFlow::PathNode source, DataFlow::PathNode sink
where
source.getLocation().getFile().getBaseName() = "classes.py" and
sink.getLocation().getFile().getBaseName() = "classes.py" and
exists(ArgumentRoutingConfig cfg | cfg.hasFlow(source, sink))
select source, sink
source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
select source.getNode(), source, sink, "Flow found"

64
python/ql/test/experimental/dataflow/coverage/argumentRouting3.expected
View File

@@ -1 +1,63 @@
| classes.py:640:26:640:29 | ControlFlowNode for arg3 | classes.py:630:15:630:19 | ControlFlowNode for value |
edges
| argumentPassing.py:68:5:68:5 | SSA variable c | argumentPassing.py:77:11:77:11 | ControlFlowNode for c |
| argumentPassing.py:94:34:94:37 | ControlFlowNode for arg3 | argumentPassing.py:68:5:68:5 | SSA variable c |
| argumentPassing.py:109:33:109:33 | SSA variable c | argumentPassing.py:112:11:112:11 | ControlFlowNode for c |
| argumentPassing.py:117:37:117:40 | ControlFlowNode for arg3 | argumentPassing.py:109:33:109:33 | SSA variable c |
| argumentPassing.py:119:5:119:54 | KwUnpacked c | argumentPassing.py:109:33:109:33 | SSA variable c |
| argumentPassing.py:119:35:119:45 | ControlFlowNode for Dict [Dictionary element at key c] | argumentPassing.py:119:5:119:54 | KwUnpacked c |
| argumentPassing.py:119:41:119:44 | ControlFlowNode for arg3 | argumentPassing.py:119:35:119:45 | ControlFlowNode for Dict [Dictionary element at key c] |
| argumentPassing.py:120:5:120:70 | KwUnpacked c | argumentPassing.py:109:33:109:33 | SSA variable c |
| argumentPassing.py:120:44:120:54 | ControlFlowNode for Dict [Dictionary element at key c] | argumentPassing.py:120:5:120:70 | KwUnpacked c |
| argumentPassing.py:120:50:120:53 | ControlFlowNode for arg3 | argumentPassing.py:120:44:120:54 | ControlFlowNode for Dict [Dictionary element at key c] |
| argumentPassing.py:123:44:123:44 | SSA variable c | argumentPassing.py:126:11:126:11 | ControlFlowNode for c |
| argumentPassing.py:134:5:134:41 | KwUnpacked c | argumentPassing.py:123:44:123:44 | SSA variable c |
| argumentPassing.py:134:30:134:40 | ControlFlowNode for Dict [Dictionary element at key c] | argumentPassing.py:134:5:134:41 | KwUnpacked c |
| argumentPassing.py:134:36:134:39 | ControlFlowNode for arg3 | argumentPassing.py:134:30:134:40 | ControlFlowNode for Dict [Dictionary element at key c] |
| argumentPassing.py:138:29:138:34 | SSA variable kwargs [Dictionary element at key baz] | argumentPassing.py:140:5:140:26 | KwOverflowNode for grab_bar_baz() [Dictionary element at key baz] |
| argumentPassing.py:140:5:140:26 | KwOverflowNode for grab_bar_baz() [Dictionary element at key baz] | argumentPassing.py:145:25:145:30 | SSA variable kwargs [Dictionary element at key baz] |
| argumentPassing.py:145:25:145:30 | SSA variable kwargs [Dictionary element at key baz] | argumentPassing.py:151:16:151:21 | ControlFlowNode for kwargs [Dictionary element at key baz] |
| argumentPassing.py:151:5:151:22 | KwUnpacked baz | argumentPassing.py:154:14:154:16 | SSA variable baz |
| argumentPassing.py:151:16:151:21 | ControlFlowNode for kwargs [Dictionary element at key baz] | argumentPassing.py:151:5:151:22 | KwUnpacked baz |
| argumentPassing.py:154:14:154:16 | SSA variable baz | argumentPassing.py:155:11:155:13 | ControlFlowNode for baz |
| argumentPassing.py:160:5:160:50 | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key baz] | argumentPassing.py:138:29:138:34 | SSA variable kwargs [Dictionary element at key baz] |
| argumentPassing.py:160:26:160:29 | ControlFlowNode for arg3 | argumentPassing.py:160:5:160:50 | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key baz] |
| classes.py:570:32:570:36 | SSA variable value | classes.py:571:15:571:19 | ControlFlowNode for value |
| classes.py:581:26:581:29 | ControlFlowNode for arg3 | classes.py:570:32:570:36 | SSA variable value |
nodes
| argumentPassing.py:68:5:68:5 | SSA variable c | semmle.label | SSA variable c |
| argumentPassing.py:77:11:77:11 | ControlFlowNode for c | semmle.label | ControlFlowNode for c |
| argumentPassing.py:94:34:94:37 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
| argumentPassing.py:109:33:109:33 | SSA variable c | semmle.label | SSA variable c |
| argumentPassing.py:112:11:112:11 | ControlFlowNode for c | semmle.label | ControlFlowNode for c |
| argumentPassing.py:117:37:117:40 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
| argumentPassing.py:119:5:119:54 | KwUnpacked c | semmle.label | KwUnpacked c |
| argumentPassing.py:119:35:119:45 | ControlFlowNode for Dict [Dictionary element at key c] | semmle.label | ControlFlowNode for Dict [Dictionary element at key c] |
| argumentPassing.py:119:41:119:44 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
| argumentPassing.py:120:5:120:70 | KwUnpacked c | semmle.label | KwUnpacked c |
| argumentPassing.py:120:44:120:54 | ControlFlowNode for Dict [Dictionary element at key c] | semmle.label | ControlFlowNode for Dict [Dictionary element at key c] |
| argumentPassing.py:120:50:120:53 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
| argumentPassing.py:123:44:123:44 | SSA variable c | semmle.label | SSA variable c |
| argumentPassing.py:126:11:126:11 | ControlFlowNode for c | semmle.label | ControlFlowNode for c |
| argumentPassing.py:134:5:134:41 | KwUnpacked c | semmle.label | KwUnpacked c |
| argumentPassing.py:134:30:134:40 | ControlFlowNode for Dict [Dictionary element at key c] | semmle.label | ControlFlowNode for Dict [Dictionary element at key c] |
| argumentPassing.py:134:36:134:39 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
| argumentPassing.py:138:29:138:34 | SSA variable kwargs [Dictionary element at key baz] | semmle.label | SSA variable kwargs [Dictionary element at key baz] |
| argumentPassing.py:140:5:140:26 | KwOverflowNode for grab_bar_baz() [Dictionary element at key baz] | semmle.label | KwOverflowNode for grab_bar_baz() [Dictionary element at key baz] |
| argumentPassing.py:145:25:145:30 | SSA variable kwargs [Dictionary element at key baz] | semmle.label | SSA variable kwargs [Dictionary element at key baz] |
| argumentPassing.py:151:5:151:22 | KwUnpacked baz | semmle.label | KwUnpacked baz |
| argumentPassing.py:151:16:151:21 | ControlFlowNode for kwargs [Dictionary element at key baz] | semmle.label | ControlFlowNode for kwargs [Dictionary element at key baz] |
| argumentPassing.py:154:14:154:16 | SSA variable baz | semmle.label | SSA variable baz |
| argumentPassing.py:155:11:155:13 | ControlFlowNode for baz | semmle.label | ControlFlowNode for baz |
| argumentPassing.py:160:5:160:50 | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key baz] | semmle.label | KwOverflowNode for grab_foo_bar_baz() [Dictionary element at key baz] |
| argumentPassing.py:160:26:160:29 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
| classes.py:570:32:570:36 | SSA variable value | semmle.label | SSA variable value |
| classes.py:571:15:571:19 | ControlFlowNode for value | semmle.label | ControlFlowNode for value |
| classes.py:581:26:581:29 | ControlFlowNode for arg3 | semmle.label | ControlFlowNode for arg3 |
#select
| argumentPassing.py:94:34:94:37 | ControlFlowNode for arg3 | argumentPassing.py:94:34:94:37 | ControlFlowNode for arg3 | argumentPassing.py:77:11:77:11 | ControlFlowNode for c | Flow found |
| argumentPassing.py:117:37:117:40 | ControlFlowNode for arg3 | argumentPassing.py:117:37:117:40 | ControlFlowNode for arg3 | argumentPassing.py:112:11:112:11 | ControlFlowNode for c | Flow found |
| argumentPassing.py:119:41:119:44 | ControlFlowNode for arg3 | argumentPassing.py:119:41:119:44 | ControlFlowNode for arg3 | argumentPassing.py:112:11:112:11 | ControlFlowNode for c | Flow found |
| argumentPassing.py:120:50:120:53 | ControlFlowNode for arg3 | argumentPassing.py:120:50:120:53 | ControlFlowNode for arg3 | argumentPassing.py:112:11:112:11 | ControlFlowNode for c | Flow found |
| argumentPassing.py:134:36:134:39 | ControlFlowNode for arg3 | argumentPassing.py:134:36:134:39 | ControlFlowNode for arg3 | argumentPassing.py:126:11:126:11 | ControlFlowNode for c | Flow found |
| argumentPassing.py:160:26:160:29 | ControlFlowNode for arg3 | argumentPassing.py:160:26:160:29 | ControlFlowNode for arg3 | argumentPassing.py:155:11:155:13 | ControlFlowNode for baz | Flow found |
| classes.py:581:26:581:29 | ControlFlowNode for arg3 | classes.py:581:26:581:29 | ControlFlowNode for arg3 | classes.py:571:15:571:19 | ControlFlowNode for value | Flow found |

25
python/ql/test/experimental/dataflow/coverage/argumentRouting3.ql
View File

@@ -1,5 +1,10 @@
/**
* @kind path-problem
*/
import python
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.DataFlow
import DataFlow::PathGraph
/**
* A configuration to check routing of arguments through magic methods.
@@ -17,11 +22,19 @@ class ArgumentRoutingConfig extends DataFlow::Configuration {
node.(DataFlow::CfgNode).getNode() = call.getAnArg()
)
}
/**
* We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
* Use-use flow lets the argument to the first call reach the sink inside the second call,
* making it seem like we handle all cases even if we only handle the last one.
* We make the test honest by preventing flow into source nodes.
*/
override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}
from DataFlow::Node source, DataFlow::Node sink
from DataFlow::PathNode source, DataFlow::PathNode sink
where
source.getLocation().getFile().getBaseName() = "classes.py" and
sink.getLocation().getFile().getBaseName() = "classes.py" and
exists(ArgumentRoutingConfig cfg | cfg.hasFlow(source, sink))
select source, sink
source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
select source.getNode(), source, sink, "Flow found"

3
python/ql/test/experimental/dataflow/coverage/argumentRouting4.expected
View File

@@ -0,0 +1,3 @@
edges
nodes
#select

25
python/ql/test/experimental/dataflow/coverage/argumentRouting4.ql
View File

@@ -1,5 +1,10 @@
/**
* @kind path-problem
*/
import python
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.DataFlow
import DataFlow::PathGraph
/**
* A configuration to check routing of arguments through magic methods.
@@ -17,11 +22,19 @@ class ArgumentRoutingConfig extends DataFlow::Configuration {
node.(DataFlow::CfgNode).getNode() = call.getAnArg()
)
}
/**
* We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
* Use-use flow lets the argument to the first call reach the sink inside the second call,
* making it seem like we handle all cases even if we only handle the last one.
* We make the test honest by preventing flow into source nodes.
*/
override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}
from DataFlow::Node source, DataFlow::Node sink
from DataFlow::PathNode source, DataFlow::PathNode sink
where
source.getLocation().getFile().getBaseName() = "classes.py" and
sink.getLocation().getFile().getBaseName() = "classes.py" and
exists(ArgumentRoutingConfig cfg | cfg.hasFlow(source, sink))
select source, sink
source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
select source.getNode(), source, sink, "Flow found"

3
python/ql/test/experimental/dataflow/coverage/argumentRouting5.expected Normal file
View File

@@ -0,0 +1,3 @@
edges
nodes
#select

40
python/ql/test/experimental/dataflow/coverage/argumentRouting5.ql Normal file
View File

@@ -0,0 +1,40 @@
/**
* @kind path-problem
*/
import python
import semmle.python.dataflow.new.DataFlow
import DataFlow::PathGraph
/**
* A configuration to check routing of arguments through magic methods.
*/
class ArgumentRoutingConfig extends DataFlow::Configuration {
ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
override predicate isSource(DataFlow::Node node) {
node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg5"
}
override predicate isSink(DataFlow::Node node) {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "SINK5" and
node.(DataFlow::CfgNode).getNode() = call.getAnArg()
)
}
/**
* We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
* Use-use flow lets the argument to the first call reach the sink inside the second call,
* making it seem like we handle all cases even if we only handle the last one.
* We make the test honest by preventing flow into source nodes.
*/
override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}
from DataFlow::PathNode source, DataFlow::PathNode sink
where
source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
select source.getNode(), source, sink, "Flow found"

3
python/ql/test/experimental/dataflow/coverage/argumentRouting6.expected Normal file
View File

@@ -0,0 +1,3 @@
edges
nodes
#select

40
python/ql/test/experimental/dataflow/coverage/argumentRouting6.ql Normal file
View File

@@ -0,0 +1,40 @@
/**
* @kind path-problem
*/
import python
import semmle.python.dataflow.new.DataFlow
import DataFlow::PathGraph
/**
* A configuration to check routing of arguments through magic methods.
*/
class ArgumentRoutingConfig extends DataFlow::Configuration {
ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
override predicate isSource(DataFlow::Node node) {
node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg6"
}
override predicate isSink(DataFlow::Node node) {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "SINK6" and
node.(DataFlow::CfgNode).getNode() = call.getAnArg()
)
}
/**
* We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
* Use-use flow lets the argument to the first call reach the sink inside the second call,
* making it seem like we handle all cases even if we only handle the last one.
* We make the test honest by preventing flow into source nodes.
*/
override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}
from DataFlow::PathNode source, DataFlow::PathNode sink
where
source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
select source.getNode(), source, sink, "Flow found"

15
python/ql/test/experimental/dataflow/coverage/argumentRouting7.expected Normal file
View File

@@ -0,0 +1,15 @@
edges
| argumentPassing.py:73:7:73:7 | SSA variable g [Dictionary element at key g] | argumentPassing.py:82:15:82:15 | ControlFlowNode for g [Dictionary element at key g] |
| argumentPassing.py:82:15:82:15 | ControlFlowNode for g [Dictionary element at key g] | argumentPassing.py:82:15:82:20 | ControlFlowNode for Subscript |
| argumentPassing.py:89:5:89:81 | KwOverflowNode for argument_passing() [Dictionary element at key g] | argumentPassing.py:73:7:73:7 | SSA variable g [Dictionary element at key g] |
| argumentPassing.py:89:59:89:80 | ControlFlowNode for Dict [Dictionary element at key g] | argumentPassing.py:89:5:89:81 | KwOverflowNode for argument_passing() [Dictionary element at key g] |
| argumentPassing.py:89:76:89:79 | ControlFlowNode for arg7 | argumentPassing.py:89:59:89:80 | ControlFlowNode for Dict [Dictionary element at key g] |
nodes
| argumentPassing.py:73:7:73:7 | SSA variable g [Dictionary element at key g] | semmle.label | SSA variable g [Dictionary element at key g] |
| argumentPassing.py:82:15:82:15 | ControlFlowNode for g [Dictionary element at key g] | semmle.label | ControlFlowNode for g [Dictionary element at key g] |
| argumentPassing.py:82:15:82:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| argumentPassing.py:89:5:89:81 | KwOverflowNode for argument_passing() [Dictionary element at key g] | semmle.label | KwOverflowNode for argument_passing() [Dictionary element at key g] |
| argumentPassing.py:89:59:89:80 | ControlFlowNode for Dict [Dictionary element at key g] | semmle.label | ControlFlowNode for Dict [Dictionary element at key g] |
| argumentPassing.py:89:76:89:79 | ControlFlowNode for arg7 | semmle.label | ControlFlowNode for arg7 |
#select
| argumentPassing.py:89:76:89:79 | ControlFlowNode for arg7 | argumentPassing.py:89:76:89:79 | ControlFlowNode for arg7 | argumentPassing.py:82:15:82:20 | ControlFlowNode for Subscript | Flow found |

40
python/ql/test/experimental/dataflow/coverage/argumentRouting7.ql Normal file
View File

@@ -0,0 +1,40 @@
/**
* @kind path-problem
*/
import python
import semmle.python.dataflow.new.DataFlow
import DataFlow::PathGraph
/**
* A configuration to check routing of arguments through magic methods.
*/
class ArgumentRoutingConfig extends DataFlow::Configuration {
ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
override predicate isSource(DataFlow::Node node) {
node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg7"
}
override predicate isSink(DataFlow::Node node) {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "SINK7" and
node.(DataFlow::CfgNode).getNode() = call.getAnArg()
)
}
/**
* We want to be able to use `arg` in a sequence of calls such as `func(kw=arg); ... ; func(arg)`.
* Use-use flow lets the argument to the first call reach the sink inside the second call,
* making it seem like we handle all cases even if we only handle the last one.
* We make the test honest by preventing flow into source nodes.
*/
override predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}
from DataFlow::PathNode source, DataFlow::PathNode sink
where
source.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
sink.getNode().getLocation().getFile().getBaseName() in ["classes.py", "argumentPassing.py"] and
exists(ArgumentRoutingConfig cfg | cfg.hasFlowPath(source, sink))
select source.getNode(), source, sink, "Flow found"

395
python/ql/test/experimental/dataflow/coverage/classes.py
View File

File diff suppressed because it is too large Load Diff

78
python/ql/test/experimental/dataflow/coverage/classesCallGraph.expected
View File

@@ -1,39 +1,39 @@
| classes.py:41:16:41:35 | ControlFlowNode for Attribute() | classes.py:41:16:41:35 | ControlFlowNode for Attribute() |
| classes.py:264:9:264:24 | ControlFlowNode for set() | classes.py:264:9:264:24 | ControlFlowNode for set() |
| classes.py:269:9:269:30 | ControlFlowNode for frozenset() | classes.py:269:9:269:30 | ControlFlowNode for frozenset() |
| classes.py:274:9:274:28 | ControlFlowNode for dict() | classes.py:274:9:274:28 | ControlFlowNode for dict() |
| classes.py:454:29:454:52 | ControlFlowNode for dict() | classes.py:454:29:454:52 | ControlFlowNode for dict() |
| classes.py:622:5:622:16 | ControlFlowNode for with_getitem | classes.py:612:21:612:24 | SSA variable self |
| classes.py:622:18:622:21 | ControlFlowNode for arg2 | classes.py:612:27:612:29 | SSA variable key |
| classes.py:640:5:640:16 | ControlFlowNode for with_setitem | classes.py:629:21:629:24 | SSA variable self |
| classes.py:640:18:640:21 | ControlFlowNode for arg2 | classes.py:629:27:629:29 | SSA variable key |
| classes.py:640:26:640:29 | ControlFlowNode for arg3 | classes.py:629:32:629:36 | SSA variable value |
| classes.py:656:9:656:20 | ControlFlowNode for with_delitem | classes.py:647:21:647:24 | SSA variable self |
| classes.py:656:22:656:25 | ControlFlowNode for arg2 | classes.py:647:27:647:29 | SSA variable key |
| classes.py:683:16:683:28 | ControlFlowNode for Attribute() | classes.py:683:16:683:28 | ControlFlowNode for Attribute() |
| classes.py:737:5:737:12 | ControlFlowNode for with_add | classes.py:727:17:727:20 | SSA variable self |
| classes.py:737:16:737:19 | ControlFlowNode for arg2 | classes.py:727:23:727:27 | SSA variable other |
| classes.py:754:5:754:12 | ControlFlowNode for with_sub | classes.py:744:17:744:20 | SSA variable self |
| classes.py:754:16:754:19 | ControlFlowNode for arg2 | classes.py:744:23:744:27 | SSA variable other |
| classes.py:771:5:771:12 | ControlFlowNode for with_mul | classes.py:761:17:761:20 | SSA variable self |
| classes.py:771:16:771:19 | ControlFlowNode for arg2 | classes.py:761:23:761:27 | SSA variable other |
| classes.py:788:5:788:15 | ControlFlowNode for with_matmul | classes.py:778:20:778:23 | SSA variable self |
| classes.py:788:19:788:22 | ControlFlowNode for arg2 | classes.py:778:26:778:30 | SSA variable other |
| classes.py:805:5:805:16 | ControlFlowNode for with_truediv | classes.py:795:21:795:24 | SSA variable self |
| classes.py:805:20:805:23 | ControlFlowNode for arg2 | classes.py:795:27:795:31 | SSA variable other |
| classes.py:822:5:822:17 | ControlFlowNode for with_floordiv | classes.py:812:22:812:25 | SSA variable self |
| classes.py:822:22:822:25 | ControlFlowNode for arg2 | classes.py:812:28:812:32 | SSA variable other |
| classes.py:839:5:839:12 | ControlFlowNode for with_mod | classes.py:829:17:829:20 | SSA variable self |
| classes.py:839:16:839:19 | ControlFlowNode for arg2 | classes.py:829:23:829:27 | SSA variable other |
| classes.py:879:5:879:12 | ControlFlowNode for with_pow | classes.py:863:17:863:20 | SSA variable self |
| classes.py:879:17:879:20 | ControlFlowNode for arg2 | classes.py:863:23:863:27 | SSA variable other |
| classes.py:896:5:896:15 | ControlFlowNode for with_lshift | classes.py:886:20:886:23 | SSA variable self |
| classes.py:896:20:896:23 | ControlFlowNode for arg2 | classes.py:886:26:886:30 | SSA variable other |
| classes.py:913:5:913:15 | ControlFlowNode for with_rshift | classes.py:903:20:903:23 | SSA variable self |
| classes.py:913:20:913:23 | ControlFlowNode for arg2 | classes.py:903:26:903:30 | SSA variable other |
| classes.py:930:5:930:12 | ControlFlowNode for with_and | classes.py:920:17:920:20 | SSA variable self |
| classes.py:930:16:930:19 | ControlFlowNode for arg2 | classes.py:920:23:920:27 | SSA variable other |
| classes.py:947:5:947:12 | ControlFlowNode for with_xor | classes.py:937:17:937:20 | SSA variable self |
| classes.py:947:16:947:19 | ControlFlowNode for arg2 | classes.py:937:23:937:27 | SSA variable other |
| classes.py:964:5:964:11 | ControlFlowNode for with_or | classes.py:954:16:954:19 | SSA variable self |
| classes.py:964:15:964:18 | ControlFlowNode for arg2 | classes.py:954:22:954:26 | SSA variable other |
| classes.py:45:16:45:35 | ControlFlowNode for Attribute() | classes.py:45:16:45:35 | ControlFlowNode for Attribute() |
| classes.py:60:17:60:27 | [pre objCreate] ControlFlowNode for With_init() | classes.py:54:18:54:21 | SSA variable self |
| classes.py:242:9:242:24 | ControlFlowNode for set() | classes.py:242:9:242:24 | ControlFlowNode for set() |
| classes.py:247:9:247:30 | ControlFlowNode for frozenset() | classes.py:247:9:247:30 | ControlFlowNode for frozenset() |
| classes.py:252:9:252:28 | ControlFlowNode for dict() | classes.py:252:9:252:28 | ControlFlowNode for dict() |
| classes.py:565:5:565:16 | ControlFlowNode for with_getitem | classes.py:555:21:555:24 | SSA variable self |
| classes.py:565:18:565:21 | ControlFlowNode for arg2 | classes.py:555:27:555:29 | SSA variable key |
| classes.py:581:5:581:16 | ControlFlowNode for with_setitem | classes.py:570:21:570:24 | SSA variable self |
| classes.py:581:18:581:21 | ControlFlowNode for arg2 | classes.py:570:27:570:29 | SSA variable key |
| classes.py:581:26:581:29 | ControlFlowNode for arg3 | classes.py:570:32:570:36 | SSA variable value |
| classes.py:595:9:595:20 | ControlFlowNode for with_delitem | classes.py:586:21:586:24 | SSA variable self |
| classes.py:595:22:595:25 | ControlFlowNode for arg2 | classes.py:586:27:586:29 | SSA variable key |
| classes.py:618:16:618:28 | ControlFlowNode for Attribute() | classes.py:618:16:618:28 | ControlFlowNode for Attribute() |
| classes.py:667:5:667:12 | ControlFlowNode for with_add | classes.py:657:17:657:20 | SSA variable self |
| classes.py:667:16:667:19 | ControlFlowNode for arg2 | classes.py:657:23:657:27 | SSA variable other |
| classes.py:682:5:682:12 | ControlFlowNode for with_sub | classes.py:672:17:672:20 | SSA variable self |
| classes.py:682:16:682:19 | ControlFlowNode for arg2 | classes.py:672:23:672:27 | SSA variable other |
| classes.py:697:5:697:12 | ControlFlowNode for with_mul | classes.py:687:17:687:20 | SSA variable self |
| classes.py:697:16:697:19 | ControlFlowNode for arg2 | classes.py:687:23:687:27 | SSA variable other |
| classes.py:712:5:712:15 | ControlFlowNode for with_matmul | classes.py:702:20:702:23 | SSA variable self |
| classes.py:712:19:712:22 | ControlFlowNode for arg2 | classes.py:702:26:702:30 | SSA variable other |
| classes.py:727:5:727:16 | ControlFlowNode for with_truediv | classes.py:717:21:717:24 | SSA variable self |
| classes.py:727:20:727:23 | ControlFlowNode for arg2 | classes.py:717:27:717:31 | SSA variable other |
| classes.py:742:5:742:17 | ControlFlowNode for with_floordiv | classes.py:732:22:732:25 | SSA variable self |
| classes.py:742:22:742:25 | ControlFlowNode for arg2 | classes.py:732:28:732:32 | SSA variable other |
| classes.py:757:5:757:12 | ControlFlowNode for with_mod | classes.py:747:17:747:20 | SSA variable self |
| classes.py:757:16:757:19 | ControlFlowNode for arg2 | classes.py:747:23:747:27 | SSA variable other |
| classes.py:793:5:793:12 | ControlFlowNode for with_pow | classes.py:777:17:777:20 | SSA variable self |
| classes.py:793:17:793:20 | ControlFlowNode for arg2 | classes.py:777:23:777:27 | SSA variable other |
| classes.py:808:5:808:15 | ControlFlowNode for with_lshift | classes.py:798:20:798:23 | SSA variable self |
| classes.py:808:20:808:23 | ControlFlowNode for arg2 | classes.py:798:26:798:30 | SSA variable other |
| classes.py:823:5:823:15 | ControlFlowNode for with_rshift | classes.py:813:20:813:23 | SSA variable self |
| classes.py:823:20:823:23 | ControlFlowNode for arg2 | classes.py:813:26:813:30 | SSA variable other |
| classes.py:838:5:838:12 | ControlFlowNode for with_and | classes.py:828:17:828:20 | SSA variable self |
| classes.py:838:16:838:19 | ControlFlowNode for arg2 | classes.py:828:23:828:27 | SSA variable other |
| classes.py:853:5:853:12 | ControlFlowNode for with_xor | classes.py:843:17:843:20 | SSA variable self |
| classes.py:853:16:853:19 | ControlFlowNode for arg2 | classes.py:843:23:843:27 | SSA variable other |
| classes.py:868:5:868:11 | ControlFlowNode for with_or | classes.py:858:16:858:19 | SSA variable self |
| classes.py:868:15:868:18 | ControlFlowNode for arg2 | classes.py:858:22:858:26 | SSA variable other |

11
python/ql/test/experimental/dataflow/coverage/classesCallGraph.ql
View File

@@ -1,4 +1,5 @@
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate
/**
* A configuration to find the call graph edges.
@@ -7,18 +8,18 @@ class CallGraphConfig extends DataFlow::Configuration {
CallGraphConfig() { this = "CallGraphConfig" }
override predicate isSource(DataFlow::Node node) {
node instanceof DataFlow::ReturnNode
node instanceof DataFlowPrivate::ReturnNode
or
// These sources should allow for the non-standard call syntax
node instanceof DataFlow::ArgumentNode
node instanceof DataFlowPrivate::ArgumentNode
}
override predicate isSink(DataFlow::Node node) {
node instanceof DataFlow::OutNode
node instanceof DataFlowPrivate::OutNode
or
node instanceof DataFlow::ParameterNode and
// exclude parameters to the SINK-functions
not exists(DataFlow::DataFlowCallable c |
not exists(DataFlowPrivate::DataFlowCallable c |
node.(DataFlow::ParameterNode).isParameterOf(c, _) and
c.getName().matches("SINK_")
)

701
python/ql/test/experimental/dataflow/coverage/dataflow.expected
View File

@@ -1,303 +1,454 @@
edges
| datamodel.py:13:1:13:6 | GSSA Variable SOURCE | datamodel.py:38:6:38:17 | ControlFlowNode for f() |
| datamodel.py:13:1:13:6 | GSSA Variable SOURCE | datamodel.py:38:6:38:17 | GSSA Variable SOURCE |
| datamodel.py:13:1:13:6 | GSSA Variable SOURCE | datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE |
| datamodel.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module datamodel | datamodel.py:152:14:152:19 | ControlFlowNode for SOURCE |
| datamodel.py:13:1:13:6 | GSSA Variable SOURCE | datamodel.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module datamodel |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:13:1:13:6 | GSSA Variable SOURCE |
| datamodel.py:38:6:38:17 | GSSA Variable SOURCE | datamodel.py:65:5:65:7 | ControlFlowNode for C() |
| datamodel.py:38:6:38:17 | GSSA Variable SOURCE | datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() |
| datamodel.py:38:6:38:17 | GSSA Variable SOURCE | datamodel.py:71:6:71:24 | GSSA Variable SOURCE |
| datamodel.py:38:6:38:17 | GSSA Variable SOURCE | datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE |
| datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:38:6:38:17 | ControlFlowNode for f() |
| datamodel.py:65:1:65:1 | GSSA Variable c | datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() |
| datamodel.py:65:1:65:1 | GSSA Variable c | datamodel.py:71:6:71:24 | GSSA Variable c |
| datamodel.py:65:5:65:7 | ControlFlowNode for C() | datamodel.py:65:1:65:1 | GSSA Variable c |
| datamodel.py:71:6:71:24 | GSSA Variable SOURCE | datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() |
| datamodel.py:71:6:71:24 | GSSA Variable SOURCE | datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE |
| datamodel.py:71:6:71:24 | GSSA Variable SOURCE | datamodel.py:73:6:73:27 | ControlFlowNode for func_obj() |
| datamodel.py:71:6:71:24 | GSSA Variable SOURCE | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() |
| datamodel.py:71:6:71:24 | GSSA Variable SOURCE | datamodel.py:80:6:80:26 | GSSA Variable SOURCE |
| datamodel.py:71:6:71:24 | GSSA Variable SOURCE | datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE |
| datamodel.py:71:6:71:24 | GSSA Variable c | datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() |
| datamodel.py:71:6:71:24 | GSSA Variable c | datamodel.py:72:6:72:27 | GSSA Variable c |
| datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE |
| datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE |
| datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE |
| datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE |
| datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() |
| datamodel.py:72:6:72:27 | GSSA Variable c | datamodel.py:73:6:73:27 | ControlFlowNode for func_obj() |
| datamodel.py:72:6:72:27 | GSSA Variable c | datamodel.py:73:6:73:27 | GSSA Variable c |
| datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE |
| datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE |
| datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE |
| datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() |
| datamodel.py:73:6:73:27 | GSSA Variable c | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() |
| datamodel.py:73:6:73:27 | GSSA Variable c | datamodel.py:80:6:80:26 | GSSA Variable c |
| datamodel.py:80:6:80:26 | GSSA Variable SOURCE | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() |
| datamodel.py:80:6:80:26 | GSSA Variable SOURCE | datamodel.py:81:6:81:26 | GSSA Variable SOURCE |
| datamodel.py:80:6:80:26 | GSSA Variable SOURCE | datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE |
| datamodel.py:80:6:80:26 | GSSA Variable c | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() |
| datamodel.py:80:6:80:26 | GSSA Variable c | datamodel.py:82:6:82:26 | ControlFlowNode for c_func_obj() |
| datamodel.py:80:6:80:26 | GSSA Variable c | datamodel.py:92:8:92:21 | ControlFlowNode for gen() |
| datamodel.py:80:6:80:26 | GSSA Variable c | datamodel.py:93:6:93:20 | ControlFlowNode for Attribute() |
| datamodel.py:80:6:80:26 | GSSA Variable c | datamodel.py:96:9:96:24 | ControlFlowNode for Attribute() |
| datamodel.py:80:6:80:26 | GSSA Variable c | datamodel.py:96:9:96:24 | GSSA Variable c |
| datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE |
| datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE |
| datamodel.py:73:18:73:23 | ControlFlowNode for SOURCE | datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE |
| datamodel.py:73:18:73:23 | ControlFlowNode for SOURCE | datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE |
| datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() |
| datamodel.py:81:6:81:26 | GSSA Variable SOURCE | datamodel.py:82:6:82:26 | ControlFlowNode for c_func_obj() |
| datamodel.py:81:6:81:26 | GSSA Variable SOURCE | datamodel.py:92:8:92:21 | ControlFlowNode for gen() |
| datamodel.py:81:6:81:26 | GSSA Variable SOURCE | datamodel.py:92:8:92:21 | GSSA Variable SOURCE |
| datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE | datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE |
| datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() |
| datamodel.py:92:1:92:4 | GSSA Variable iter | datamodel.py:93:6:93:20 | ControlFlowNode for Attribute() |
| datamodel.py:92:1:92:4 | GSSA Variable iter | datamodel.py:93:6:93:20 | GSSA Variable iter |
| datamodel.py:92:8:92:21 | ControlFlowNode for gen() | datamodel.py:92:1:92:4 | GSSA Variable iter |
| datamodel.py:92:8:92:21 | GSSA Variable SOURCE | datamodel.py:93:6:93:20 | ControlFlowNode for Attribute() |
| datamodel.py:92:8:92:21 | GSSA Variable SOURCE | datamodel.py:96:9:96:24 | ControlFlowNode for Attribute() |
| datamodel.py:92:8:92:21 | GSSA Variable SOURCE | datamodel.py:96:9:96:24 | GSSA Variable SOURCE |
| datamodel.py:93:6:93:20 | GSSA Variable iter | datamodel.py:96:9:96:24 | ControlFlowNode for Attribute() |
| datamodel.py:93:6:93:20 | GSSA Variable iter | datamodel.py:97:6:97:21 | ControlFlowNode for Attribute() |
| datamodel.py:93:6:93:20 | GSSA Variable iter | datamodel.py:106:6:106:30 | ControlFlowNode for Attribute() |
| datamodel.py:93:6:93:20 | GSSA Variable iter | datamodel.py:107:6:107:32 | ControlFlowNode for Attribute() |
| datamodel.py:93:6:93:20 | GSSA Variable iter | datamodel.py:119:6:119:30 | ControlFlowNode for Attribute() |
| datamodel.py:96:1:96:5 | GSSA Variable oiter | datamodel.py:97:6:97:21 | ControlFlowNode for Attribute() |
| datamodel.py:96:1:96:5 | GSSA Variable oiter | datamodel.py:97:6:97:21 | GSSA Variable oiter |
| datamodel.py:96:9:96:24 | ControlFlowNode for Attribute() | datamodel.py:96:1:96:5 | GSSA Variable oiter |
| datamodel.py:96:9:96:24 | GSSA Variable SOURCE | datamodel.py:97:6:97:21 | ControlFlowNode for Attribute() |
| datamodel.py:96:9:96:24 | GSSA Variable SOURCE | datamodel.py:106:18:106:29 | GSSA Variable SOURCE |
| datamodel.py:96:9:96:24 | GSSA Variable c | datamodel.py:97:6:97:21 | ControlFlowNode for Attribute() |
| datamodel.py:96:9:96:24 | GSSA Variable c | datamodel.py:106:6:106:30 | ControlFlowNode for Attribute() |
| datamodel.py:96:9:96:24 | GSSA Variable c | datamodel.py:107:18:107:31 | GSSA Variable c |
| datamodel.py:97:6:97:21 | GSSA Variable oiter | datamodel.py:106:6:106:30 | ControlFlowNode for Attribute() |
| datamodel.py:97:6:97:21 | GSSA Variable oiter | datamodel.py:107:6:107:32 | ControlFlowNode for Attribute() |
| datamodel.py:97:6:97:21 | GSSA Variable oiter | datamodel.py:119:6:119:30 | ControlFlowNode for Attribute() |
| datamodel.py:106:18:106:29 | GSSA Variable SOURCE | datamodel.py:106:6:106:30 | ControlFlowNode for Attribute() |
| datamodel.py:106:18:106:29 | GSSA Variable SOURCE | datamodel.py:107:18:107:31 | GSSA Variable SOURCE |
| datamodel.py:107:18:107:31 | GSSA Variable SOURCE | datamodel.py:107:6:107:32 | ControlFlowNode for Attribute() |
| datamodel.py:107:18:107:31 | GSSA Variable SOURCE | datamodel.py:119:18:119:29 | GSSA Variable SOURCE |
| datamodel.py:107:18:107:31 | GSSA Variable c | datamodel.py:107:6:107:32 | ControlFlowNode for Attribute() |
| datamodel.py:107:18:107:31 | GSSA Variable c | datamodel.py:119:6:119:30 | ControlFlowNode for Attribute() |
| datamodel.py:119:18:119:29 | GSSA Variable SOURCE | datamodel.py:119:6:119:30 | ControlFlowNode for Attribute() |
| test.py:32:10:32:26 | ControlFlowNode for Tuple [Tuple element at index 1] | test.py:33:9:33:9 | ControlFlowNode for x [Tuple element at index 1] |
| test.py:32:21:32:26 | ControlFlowNode for SOURCE | test.py:32:10:32:26 | ControlFlowNode for Tuple [Tuple element at index 1] |
| test.py:33:9:33:9 | ControlFlowNode for x [Tuple element at index 1] | test.py:33:9:33:12 | ControlFlowNode for Subscript |
| test.py:33:9:33:12 | ControlFlowNode for Subscript | test.py:34:10:34:10 | ControlFlowNode for y |
| test.py:43:9:43:14 | ControlFlowNode for SOURCE | test.py:44:10:44:10 | ControlFlowNode for x |
| test.py:48:9:48:16 | ControlFlowNode for Str | test.py:49:10:49:10 | ControlFlowNode for x |
| test.py:52:9:52:17 | ControlFlowNode for Str | test.py:53:10:53:10 | ControlFlowNode for x |
| test.py:56:9:56:10 | ControlFlowNode for IntegerLiteral | test.py:57:10:57:10 | ControlFlowNode for x |
| test.py:60:9:60:12 | ControlFlowNode for FloatLiteral | test.py:61:10:61:10 | ControlFlowNode for x |
| test.py:69:10:69:15 | ControlFlowNode for SOURCE | test.py:70:10:70:10 | ControlFlowNode for x |
| test.py:74:9:74:16 | ControlFlowNode for List [List element] | test.py:75:10:75:10 | ControlFlowNode for x [List element] |
| test.py:74:10:74:15 | ControlFlowNode for SOURCE | test.py:74:9:74:16 | ControlFlowNode for List [List element] |
| test.py:75:10:75:10 | ControlFlowNode for x [List element] | test.py:75:10:75:13 | ControlFlowNode for Subscript |
| test.py:82:9:82:37 | ControlFlowNode for ListComp [List element] | test.py:83:10:83:10 | ControlFlowNode for x [List element] |
| test.py:82:10:82:15 | ControlFlowNode for SOURCE | test.py:82:9:82:37 | ControlFlowNode for ListComp [List element] |
| test.py:83:10:83:10 | ControlFlowNode for x [List element] | test.py:83:10:83:13 | ControlFlowNode for Subscript |
| test.py:86:9:86:29 | ControlFlowNode for ListComp [List element] | test.py:87:10:87:10 | ControlFlowNode for x [List element] |
| test.py:86:10:86:10 | ControlFlowNode for y | test.py:86:9:86:29 | ControlFlowNode for ListComp [List element] |
| test.py:86:16:86:16 | SSA variable y | test.py:86:10:86:10 | ControlFlowNode for y |
| test.py:86:21:86:28 | ControlFlowNode for List [List element] | test.py:86:16:86:16 | SSA variable y |
| test.py:86:22:86:27 | ControlFlowNode for SOURCE | test.py:86:21:86:28 | ControlFlowNode for List [List element] |
| test.py:87:10:87:10 | ControlFlowNode for x [List element] | test.py:87:10:87:13 | ControlFlowNode for Subscript |
| test.py:90:9:90:16 | ControlFlowNode for List [List element] | test.py:91:21:91:21 | ControlFlowNode for l [List element] |
| test.py:90:10:90:15 | ControlFlowNode for SOURCE | test.py:90:9:90:16 | ControlFlowNode for List [List element] |
| test.py:91:9:91:22 | ControlFlowNode for ListComp [List element] | test.py:92:10:92:10 | ControlFlowNode for x [List element] |
| test.py:91:10:91:10 | ControlFlowNode for y | test.py:91:9:91:22 | ControlFlowNode for ListComp [List element] |
| test.py:91:16:91:16 | SSA variable y | test.py:91:10:91:10 | ControlFlowNode for y |
| test.py:91:21:91:21 | ControlFlowNode for l [List element] | test.py:91:16:91:16 | SSA variable y |
| test.py:92:10:92:10 | ControlFlowNode for x [List element] | test.py:92:10:92:13 | ControlFlowNode for Subscript |
| test.py:100:9:100:16 | ControlFlowNode for Set [List element] | test.py:101:10:101:10 | ControlFlowNode for x [List element] |
| test.py:100:10:100:15 | ControlFlowNode for SOURCE | test.py:100:9:100:16 | ControlFlowNode for Set [List element] |
| test.py:101:10:101:10 | ControlFlowNode for x [List element] | test.py:101:10:101:16 | ControlFlowNode for Attribute() |
| test.py:104:9:104:37 | ControlFlowNode for SetComp [Set element] | test.py:105:10:105:10 | ControlFlowNode for x [Set element] |
| test.py:104:10:104:15 | ControlFlowNode for SOURCE | test.py:104:9:104:37 | ControlFlowNode for SetComp [Set element] |
| test.py:105:10:105:10 | ControlFlowNode for x [Set element] | test.py:105:10:105:16 | ControlFlowNode for Attribute() |
| test.py:108:9:108:29 | ControlFlowNode for SetComp [Set element] | test.py:109:10:109:10 | ControlFlowNode for x [Set element] |
| test.py:108:10:108:10 | ControlFlowNode for y | test.py:108:9:108:29 | ControlFlowNode for SetComp [Set element] |
| datamodel.py:152:5:152:8 | [post store] ControlFlowNode for self [Attribute b] | datamodel.py:155:14:155:25 | ControlFlowNode for Customized() [Attribute b] |
| datamodel.py:152:14:152:19 | ControlFlowNode for SOURCE | datamodel.py:152:5:152:8 | [post store] ControlFlowNode for self [Attribute b] |
| datamodel.py:155:14:155:25 | ControlFlowNode for Customized() [Attribute b] | datamodel.py:159:6:159:15 | ControlFlowNode for customized [Attribute b] |
| datamodel.py:159:6:159:15 | ControlFlowNode for customized [Attribute b] | datamodel.py:159:6:159:17 | ControlFlowNode for Attribute |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:42:21:42:26 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:55:9:55:14 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:87:10:87:15 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:93:10:93:15 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:103:10:103:15 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:108:22:108:27 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:113:10:113:15 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:125:10:125:15 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:130:10:130:15 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:135:22:135:27 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:140:10:140:15 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:152:15:152:20 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:157:15:157:20 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:183:23:183:28 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:188:25:188:30 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:199:34:199:39 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:336:11:336:16 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:340:11:340:16 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:344:16:344:21 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:367:28:367:33 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:375:30:375:35 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:383:36:383:41 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:391:33:391:38 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:399:39:399:44 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:420:10:420:15 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:428:34:428:39 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:452:12:452:17 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:459:28:459:33 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:473:30:473:35 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:487:36:487:41 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:492:33:492:38 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:497:39:497:44 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:509:9:509:14 | ControlFlowNode for SOURCE |
| test.py:20:1:20:6 | GSSA Variable SOURCE | test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test |
| test.py:20:10:20:17 | ControlFlowNode for Str | test.py:20:1:20:6 | GSSA Variable SOURCE |
| test.py:42:10:42:26 | ControlFlowNode for Tuple [Tuple element at index 1] | test.py:43:9:43:9 | ControlFlowNode for x [Tuple element at index 1] |
| test.py:42:21:42:26 | ControlFlowNode for SOURCE | test.py:42:10:42:26 | ControlFlowNode for Tuple [Tuple element at index 1] |
| test.py:43:9:43:9 | ControlFlowNode for x [Tuple element at index 1] | test.py:43:9:43:12 | ControlFlowNode for Subscript |
| test.py:43:9:43:12 | ControlFlowNode for Subscript | test.py:44:10:44:10 | ControlFlowNode for y |
| test.py:55:9:55:14 | ControlFlowNode for SOURCE | test.py:56:10:56:10 | ControlFlowNode for x |
| test.py:61:9:61:16 | ControlFlowNode for Str | test.py:62:10:62:10 | ControlFlowNode for x |
| test.py:66:9:66:17 | ControlFlowNode for Str | test.py:67:10:67:10 | ControlFlowNode for x |
| test.py:71:9:71:10 | ControlFlowNode for IntegerLiteral | test.py:72:10:72:10 | ControlFlowNode for x |
| test.py:76:9:76:12 | ControlFlowNode for FloatLiteral | test.py:77:10:77:10 | ControlFlowNode for x |
| test.py:87:10:87:15 | ControlFlowNode for SOURCE | test.py:88:10:88:10 | ControlFlowNode for x |
| test.py:93:9:93:16 | ControlFlowNode for List [List element] | test.py:94:10:94:10 | ControlFlowNode for x [List element] |
| test.py:93:10:93:15 | ControlFlowNode for SOURCE | test.py:93:9:93:16 | ControlFlowNode for List [List element] |
| test.py:94:10:94:10 | ControlFlowNode for x [List element] | test.py:94:10:94:13 | ControlFlowNode for Subscript |
| test.py:103:9:103:37 | ControlFlowNode for ListComp [List element] | test.py:104:10:104:10 | ControlFlowNode for x [List element] |
| test.py:103:10:103:15 | ControlFlowNode for SOURCE | test.py:103:9:103:37 | ControlFlowNode for ListComp [List element] |
| test.py:104:10:104:10 | ControlFlowNode for x [List element] | test.py:104:10:104:13 | ControlFlowNode for Subscript |
| test.py:108:9:108:29 | ControlFlowNode for ListComp [List element] | test.py:109:10:109:10 | ControlFlowNode for x [List element] |
| test.py:108:10:108:10 | ControlFlowNode for y | test.py:108:9:108:29 | ControlFlowNode for ListComp [List element] |
| test.py:108:16:108:16 | SSA variable y | test.py:108:10:108:10 | ControlFlowNode for y |
| test.py:108:21:108:28 | ControlFlowNode for List [List element] | test.py:108:16:108:16 | SSA variable y |
| test.py:108:22:108:27 | ControlFlowNode for SOURCE | test.py:108:21:108:28 | ControlFlowNode for List [List element] |
| test.py:109:10:109:10 | ControlFlowNode for x [Set element] | test.py:109:10:109:16 | ControlFlowNode for Attribute() |
| test.py:112:9:112:16 | ControlFlowNode for Set [List element] | test.py:113:21:113:21 | ControlFlowNode for l [List element] |
| test.py:112:10:112:15 | ControlFlowNode for SOURCE | test.py:112:9:112:16 | ControlFlowNode for Set [List element] |
| test.py:113:9:113:22 | ControlFlowNode for SetComp [Set element] | test.py:114:10:114:10 | ControlFlowNode for x [Set element] |
| test.py:113:10:113:10 | ControlFlowNode for y | test.py:113:9:113:22 | ControlFlowNode for SetComp [Set element] |
| test.py:113:16:113:16 | SSA variable y | test.py:113:10:113:10 | ControlFlowNode for y |
| test.py:113:21:113:21 | ControlFlowNode for l [List element] | test.py:113:16:113:16 | SSA variable y |
| test.py:114:10:114:10 | ControlFlowNode for x [Set element] | test.py:114:10:114:16 | ControlFlowNode for Attribute() |
| test.py:122:9:122:21 | ControlFlowNode for Dict [Dictionary element at key s] | test.py:123:10:123:10 | ControlFlowNode for x [Dictionary element at key s] |
| test.py:122:15:122:20 | ControlFlowNode for SOURCE | test.py:122:9:122:21 | ControlFlowNode for Dict [Dictionary element at key s] |
| test.py:123:10:123:10 | ControlFlowNode for x [Dictionary element at key s] | test.py:123:10:123:15 | ControlFlowNode for Subscript |
| test.py:126:9:126:21 | ControlFlowNode for Dict [Dictionary element at key s] | test.py:127:10:127:10 | ControlFlowNode for x [Dictionary element at key s] |
| test.py:126:15:126:20 | ControlFlowNode for SOURCE | test.py:126:9:126:21 | ControlFlowNode for Dict [Dictionary element at key s] |
| test.py:127:10:127:10 | ControlFlowNode for x [Dictionary element at key s] | test.py:127:10:127:19 | ControlFlowNode for Attribute() |
| test.py:252:11:252:16 | ControlFlowNode for SOURCE | test.py:252:11:252:17 | ControlFlowNode for Tuple [Tuple element at index 0] |
| test.py:252:11:252:17 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:252:10:252:21 | ControlFlowNode for Subscript |
| test.py:255:10:255:17 | ControlFlowNode for List [List element] | test.py:255:10:255:20 | ControlFlowNode for Subscript |
| test.py:255:11:255:16 | ControlFlowNode for SOURCE | test.py:255:10:255:17 | ControlFlowNode for List [List element] |
| test.py:258:10:258:21 | ControlFlowNode for Dict [Dictionary element at key s] | test.py:258:10:258:26 | ControlFlowNode for Subscript |
| test.py:258:15:258:20 | ControlFlowNode for SOURCE | test.py:258:10:258:21 | ControlFlowNode for Dict [Dictionary element at key s] |
| test.py:276:28:276:33 | ControlFlowNode for SOURCE | test.py:276:10:276:34 | ControlFlowNode for second() |
| test.py:335:12:335:17 | ControlFlowNode for SOURCE | test.py:335:10:335:18 | ControlFlowNode for f() |
| test.py:339:28:339:33 | ControlFlowNode for SOURCE | test.py:339:10:339:34 | ControlFlowNode for second() |
| test.py:109:10:109:10 | ControlFlowNode for x [List element] | test.py:109:10:109:13 | ControlFlowNode for Subscript |
| test.py:113:9:113:16 | ControlFlowNode for List [List element] | test.py:114:21:114:21 | ControlFlowNode for l [List element] |
| test.py:113:10:113:15 | ControlFlowNode for SOURCE | test.py:113:9:113:16 | ControlFlowNode for List [List element] |
| test.py:114:9:114:22 | ControlFlowNode for ListComp [List element] | test.py:115:10:115:10 | ControlFlowNode for x [List element] |
| test.py:114:10:114:10 | ControlFlowNode for y | test.py:114:9:114:22 | ControlFlowNode for ListComp [List element] |
| test.py:114:16:114:16 | SSA variable y | test.py:114:10:114:10 | ControlFlowNode for y |
| test.py:114:21:114:21 | ControlFlowNode for l [List element] | test.py:114:16:114:16 | SSA variable y |
| test.py:115:10:115:10 | ControlFlowNode for x [List element] | test.py:115:10:115:13 | ControlFlowNode for Subscript |
| test.py:125:9:125:16 | ControlFlowNode for Set [List element] | test.py:126:10:126:10 | ControlFlowNode for x [List element] |
| test.py:125:10:125:15 | ControlFlowNode for SOURCE | test.py:125:9:125:16 | ControlFlowNode for Set [List element] |
| test.py:126:10:126:10 | ControlFlowNode for x [List element] | test.py:126:10:126:16 | ControlFlowNode for Attribute() |
| test.py:130:9:130:37 | ControlFlowNode for SetComp [Set element] | test.py:131:10:131:10 | ControlFlowNode for x [Set element] |
| test.py:130:10:130:15 | ControlFlowNode for SOURCE | test.py:130:9:130:37 | ControlFlowNode for SetComp [Set element] |
| test.py:131:10:131:10 | ControlFlowNode for x [Set element] | test.py:131:10:131:16 | ControlFlowNode for Attribute() |
| test.py:135:9:135:29 | ControlFlowNode for SetComp [Set element] | test.py:136:10:136:10 | ControlFlowNode for x [Set element] |
| test.py:135:10:135:10 | ControlFlowNode for y | test.py:135:9:135:29 | ControlFlowNode for SetComp [Set element] |
| test.py:135:16:135:16 | SSA variable y | test.py:135:10:135:10 | ControlFlowNode for y |
| test.py:135:21:135:28 | ControlFlowNode for List [List element] | test.py:135:16:135:16 | SSA variable y |
| test.py:135:22:135:27 | ControlFlowNode for SOURCE | test.py:135:21:135:28 | ControlFlowNode for List [List element] |
| test.py:136:10:136:10 | ControlFlowNode for x [Set element] | test.py:136:10:136:16 | ControlFlowNode for Attribute() |
| test.py:140:9:140:16 | ControlFlowNode for Set [List element] | test.py:141:21:141:21 | ControlFlowNode for l [List element] |
| test.py:140:10:140:15 | ControlFlowNode for SOURCE | test.py:140:9:140:16 | ControlFlowNode for Set [List element] |
| test.py:141:9:141:22 | ControlFlowNode for SetComp [Set element] | test.py:142:10:142:10 | ControlFlowNode for x [Set element] |
| test.py:141:10:141:10 | ControlFlowNode for y | test.py:141:9:141:22 | ControlFlowNode for SetComp [Set element] |
| test.py:141:16:141:16 | SSA variable y | test.py:141:10:141:10 | ControlFlowNode for y |
| test.py:141:21:141:21 | ControlFlowNode for l [List element] | test.py:141:16:141:16 | SSA variable y |
| test.py:142:10:142:10 | ControlFlowNode for x [Set element] | test.py:142:10:142:16 | ControlFlowNode for Attribute() |
| test.py:152:9:152:21 | ControlFlowNode for Dict [Dictionary element at key s] | test.py:153:10:153:10 | ControlFlowNode for x [Dictionary element at key s] |
| test.py:152:15:152:20 | ControlFlowNode for SOURCE | test.py:152:9:152:21 | ControlFlowNode for Dict [Dictionary element at key s] |
| test.py:153:10:153:10 | ControlFlowNode for x [Dictionary element at key s] | test.py:153:10:153:15 | ControlFlowNode for Subscript |
| test.py:157:9:157:21 | ControlFlowNode for Dict [Dictionary element at key s] | test.py:158:10:158:10 | ControlFlowNode for x [Dictionary element at key s] |
| test.py:157:15:157:20 | ControlFlowNode for SOURCE | test.py:157:9:157:21 | ControlFlowNode for Dict [Dictionary element at key s] |
| test.py:158:10:158:10 | ControlFlowNode for x [Dictionary element at key s] | test.py:158:10:158:19 | ControlFlowNode for Attribute() |
| test.py:183:9:183:42 | ControlFlowNode for ListComp [List element] | test.py:184:10:184:10 | ControlFlowNode for x [List element] |
| test.py:183:10:183:10 | ControlFlowNode for y | test.py:183:9:183:42 | ControlFlowNode for ListComp [List element] |
| test.py:183:16:183:16 | SSA variable z [List element] | test.py:183:41:183:41 | ControlFlowNode for z [List element] |
| test.py:183:21:183:30 | ControlFlowNode for List [List element, List element] | test.py:183:16:183:16 | SSA variable z [List element] |
| test.py:183:22:183:29 | ControlFlowNode for List [List element] | test.py:183:21:183:30 | ControlFlowNode for List [List element, List element] |
| test.py:183:23:183:28 | ControlFlowNode for SOURCE | test.py:183:22:183:29 | ControlFlowNode for List [List element] |
| test.py:183:36:183:36 | SSA variable y | test.py:183:10:183:10 | ControlFlowNode for y |
| test.py:183:41:183:41 | ControlFlowNode for z [List element] | test.py:183:36:183:36 | SSA variable y |
| test.py:184:10:184:10 | ControlFlowNode for x [List element] | test.py:184:10:184:13 | ControlFlowNode for Subscript |
| test.py:188:9:188:68 | ControlFlowNode for ListComp [List element] | test.py:189:10:189:10 | ControlFlowNode for x [List element] |
| test.py:188:10:188:10 | ControlFlowNode for y | test.py:188:9:188:68 | ControlFlowNode for ListComp [List element] |
| test.py:188:16:188:16 | SSA variable v [List element, List element, List element] | test.py:188:45:188:45 | ControlFlowNode for v [List element, List element, List element] |
| test.py:188:21:188:34 | ControlFlowNode for List [List element, List element, List element, List element] | test.py:188:16:188:16 | SSA variable v [List element, List element, List element] |
| test.py:188:22:188:33 | ControlFlowNode for List [List element, List element, List element] | test.py:188:21:188:34 | ControlFlowNode for List [List element, List element, List element, List element] |
| test.py:188:23:188:32 | ControlFlowNode for List [List element, List element] | test.py:188:22:188:33 | ControlFlowNode for List [List element, List element, List element] |
| test.py:188:24:188:31 | ControlFlowNode for List [List element] | test.py:188:23:188:32 | ControlFlowNode for List [List element, List element] |
| test.py:188:25:188:30 | ControlFlowNode for SOURCE | test.py:188:24:188:31 | ControlFlowNode for List [List element] |
| test.py:188:40:188:40 | SSA variable u [List element, List element] | test.py:188:56:188:56 | ControlFlowNode for u [List element, List element] |
| test.py:188:45:188:45 | ControlFlowNode for v [List element, List element, List element] | test.py:188:40:188:40 | SSA variable u [List element, List element] |
| test.py:188:51:188:51 | SSA variable z [List element] | test.py:188:67:188:67 | ControlFlowNode for z [List element] |
| test.py:188:56:188:56 | ControlFlowNode for u [List element, List element] | test.py:188:51:188:51 | SSA variable z [List element] |
| test.py:188:62:188:62 | SSA variable y | test.py:188:10:188:10 | ControlFlowNode for y |
| test.py:188:67:188:67 | ControlFlowNode for z [List element] | test.py:188:62:188:62 | SSA variable y |
| test.py:189:10:189:10 | ControlFlowNode for x [List element] | test.py:189:10:189:13 | ControlFlowNode for Subscript |
| test.py:199:9:199:42 | ControlFlowNode for ListComp [List element] | test.py:200:10:200:10 | ControlFlowNode for x [List element] |
| test.py:199:10:199:10 | ControlFlowNode for y | test.py:199:9:199:42 | ControlFlowNode for ListComp [List element] |
| test.py:199:16:199:16 | SSA variable y | test.py:199:10:199:10 | ControlFlowNode for y |
| test.py:199:22:199:22 | ControlFlowNode for z | test.py:199:22:199:40 | ControlFlowNode for GeneratorExp [List element] |
| test.py:199:22:199:40 | ControlFlowNode for GeneratorExp [List element] | test.py:199:16:199:16 | SSA variable y |
| test.py:199:28:199:28 | SSA variable z | test.py:199:22:199:22 | ControlFlowNode for z |
| test.py:199:33:199:40 | ControlFlowNode for List [List element] | test.py:199:28:199:28 | SSA variable z |
| test.py:199:34:199:39 | ControlFlowNode for SOURCE | test.py:199:33:199:40 | ControlFlowNode for List [List element] |
| test.py:200:10:200:10 | ControlFlowNode for x [List element] | test.py:200:10:200:13 | ControlFlowNode for Subscript |
| test.py:336:11:336:16 | ControlFlowNode for SOURCE | test.py:336:11:336:17 | ControlFlowNode for Tuple [Tuple element at index 0] |
| test.py:336:11:336:17 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:336:10:336:21 | ControlFlowNode for Subscript |
| test.py:340:10:340:17 | ControlFlowNode for List [List element] | test.py:340:10:340:20 | ControlFlowNode for Subscript |
| test.py:340:11:340:16 | ControlFlowNode for SOURCE | test.py:340:10:340:17 | ControlFlowNode for List [List element] |
| test.py:344:10:344:22 | ControlFlowNode for Dict [Dictionary element at key s] | test.py:344:10:344:27 | ControlFlowNode for Subscript |
| test.py:344:16:344:21 | ControlFlowNode for SOURCE | test.py:344:10:344:22 | ControlFlowNode for Dict [Dictionary element at key s] |
| test.py:367:28:367:33 | ControlFlowNode for SOURCE | test.py:367:10:367:34 | ControlFlowNode for second() |
| test.py:375:30:375:35 | ControlFlowNode for SOURCE | test.py:375:10:375:36 | ControlFlowNode for second() |
| test.py:383:10:383:43 | KwUnpacked b | test.py:383:10:383:43 | ControlFlowNode for second() |
| test.py:383:30:383:42 | ControlFlowNode for Dict [Dictionary element at key b] | test.py:383:10:383:43 | KwUnpacked b |
| test.py:383:36:383:41 | ControlFlowNode for SOURCE | test.py:383:30:383:42 | ControlFlowNode for Dict [Dictionary element at key b] |
| test.py:391:10:391:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] | test.py:391:10:391:39 | ControlFlowNode for f_extra_pos() |
| test.py:391:33:391:38 | ControlFlowNode for SOURCE | test.py:391:10:391:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] |
| test.py:399:10:399:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] | test.py:399:10:399:45 | ControlFlowNode for f_extra_keyword() |
| test.py:399:39:399:44 | ControlFlowNode for SOURCE | test.py:399:10:399:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] |
| test.py:420:10:420:15 | ControlFlowNode for SOURCE | test.py:420:10:420:38 | ControlFlowNode for IfExp |
| test.py:428:34:428:39 | ControlFlowNode for SOURCE | test.py:428:10:428:39 | ControlFlowNode for IfExp |
| test.py:452:12:452:17 | ControlFlowNode for SOURCE | test.py:452:10:452:18 | ControlFlowNode for f() |
| test.py:459:28:459:33 | ControlFlowNode for SOURCE | test.py:459:10:459:34 | ControlFlowNode for second() |
| test.py:473:30:473:35 | ControlFlowNode for SOURCE | test.py:473:10:473:36 | ControlFlowNode for second() |
| test.py:487:10:487:43 | KwUnpacked b | test.py:487:10:487:43 | ControlFlowNode for second() |
| test.py:487:30:487:42 | ControlFlowNode for Dict [Dictionary element at key b] | test.py:487:10:487:43 | KwUnpacked b |
| test.py:487:36:487:41 | ControlFlowNode for SOURCE | test.py:487:30:487:42 | ControlFlowNode for Dict [Dictionary element at key b] |
| test.py:492:10:492:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] | test.py:492:10:492:39 | ControlFlowNode for f_extra_pos() |
| test.py:492:33:492:38 | ControlFlowNode for SOURCE | test.py:492:10:492:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] |
| test.py:497:10:497:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] | test.py:497:10:497:45 | ControlFlowNode for f_extra_keyword() |
| test.py:497:39:497:44 | ControlFlowNode for SOURCE | test.py:497:10:497:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] |
| test.py:509:9:509:14 | ControlFlowNode for SOURCE | test.py:511:10:511:10 | ControlFlowNode for a |
| test.py:509:9:509:14 | ControlFlowNode for SOURCE | test.py:516:10:516:10 | ControlFlowNode for b |
nodes
| datamodel.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module datamodel | semmle.label | ModuleVariableNode for Global Variable SOURCE in Module datamodel |
| datamodel.py:13:1:13:6 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
| datamodel.py:38:6:38:17 | ControlFlowNode for f() | semmle.label | ControlFlowNode for f() |
| datamodel.py:38:6:38:17 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| datamodel.py:65:1:65:1 | GSSA Variable c | semmle.label | GSSA Variable c |
| datamodel.py:65:5:65:7 | ControlFlowNode for C() | semmle.label | ControlFlowNode for C() |
| datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| datamodel.py:71:6:71:24 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| datamodel.py:71:6:71:24 | GSSA Variable c | semmle.label | GSSA Variable c |
| datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| datamodel.py:72:6:72:27 | GSSA Variable c | semmle.label | GSSA Variable c |
| datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| datamodel.py:73:6:73:27 | ControlFlowNode for func_obj() | semmle.label | ControlFlowNode for func_obj() |
| datamodel.py:73:6:73:27 | GSSA Variable c | semmle.label | GSSA Variable c |
| datamodel.py:73:18:73:23 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| datamodel.py:80:6:80:26 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| datamodel.py:80:6:80:26 | GSSA Variable c | semmle.label | GSSA Variable c |
| datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| datamodel.py:81:6:81:26 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| datamodel.py:82:6:82:26 | ControlFlowNode for c_func_obj() | semmle.label | ControlFlowNode for c_func_obj() |
| datamodel.py:92:1:92:4 | GSSA Variable iter | semmle.label | GSSA Variable iter |
| datamodel.py:92:8:92:21 | ControlFlowNode for gen() | semmle.label | ControlFlowNode for gen() |
| datamodel.py:92:8:92:21 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| datamodel.py:93:6:93:20 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| datamodel.py:93:6:93:20 | GSSA Variable iter | semmle.label | GSSA Variable iter |
| datamodel.py:96:1:96:5 | GSSA Variable oiter | semmle.label | GSSA Variable oiter |
| datamodel.py:96:9:96:24 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| datamodel.py:96:9:96:24 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| datamodel.py:96:9:96:24 | GSSA Variable c | semmle.label | GSSA Variable c |
| datamodel.py:97:6:97:21 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| datamodel.py:97:6:97:21 | GSSA Variable oiter | semmle.label | GSSA Variable oiter |
| datamodel.py:106:6:106:30 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| datamodel.py:106:18:106:29 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| datamodel.py:107:6:107:32 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| datamodel.py:107:18:107:31 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| datamodel.py:107:18:107:31 | GSSA Variable c | semmle.label | GSSA Variable c |
| datamodel.py:119:6:119:30 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| datamodel.py:119:18:119:29 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| test.py:32:10:32:26 | ControlFlowNode for Tuple [Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1] |
| test.py:32:21:32:26 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:33:9:33:9 | ControlFlowNode for x [Tuple element at index 1] | semmle.label | ControlFlowNode for x [Tuple element at index 1] |
| test.py:33:9:33:12 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:34:10:34:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:43:9:43:14 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:44:10:44:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:48:9:48:16 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
| test.py:49:10:49:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:52:9:52:17 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
| test.py:53:10:53:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:56:9:56:10 | ControlFlowNode for IntegerLiteral | semmle.label | ControlFlowNode for IntegerLiteral |
| test.py:57:10:57:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:60:9:60:12 | ControlFlowNode for FloatLiteral | semmle.label | ControlFlowNode for FloatLiteral |
| test.py:61:10:61:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:69:10:69:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:70:10:70:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:74:9:74:16 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:74:10:74:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:75:10:75:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:75:10:75:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:82:9:82:37 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
| test.py:82:10:82:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:83:10:83:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:83:10:83:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:86:9:86:29 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
| test.py:86:10:86:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:86:16:86:16 | SSA variable y | semmle.label | SSA variable y |
| test.py:86:21:86:28 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:86:22:86:27 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:87:10:87:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:87:10:87:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:90:9:90:16 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:90:10:90:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:91:9:91:22 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
| test.py:91:10:91:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:91:16:91:16 | SSA variable y | semmle.label | SSA variable y |
| test.py:91:21:91:21 | ControlFlowNode for l [List element] | semmle.label | ControlFlowNode for l [List element] |
| test.py:92:10:92:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:92:10:92:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:100:9:100:16 | ControlFlowNode for Set [List element] | semmle.label | ControlFlowNode for Set [List element] |
| test.py:100:10:100:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:101:10:101:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:101:10:101:16 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:104:9:104:37 | ControlFlowNode for SetComp [Set element] | semmle.label | ControlFlowNode for SetComp [Set element] |
| test.py:104:10:104:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:105:10:105:10 | ControlFlowNode for x [Set element] | semmle.label | ControlFlowNode for x [Set element] |
| test.py:105:10:105:16 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:108:9:108:29 | ControlFlowNode for SetComp [Set element] | semmle.label | ControlFlowNode for SetComp [Set element] |
| datamodel.py:152:5:152:8 | [post store] ControlFlowNode for self [Attribute b] | semmle.label | [post store] ControlFlowNode for self [Attribute b] |
| datamodel.py:152:14:152:19 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| datamodel.py:155:14:155:25 | ControlFlowNode for Customized() [Attribute b] | semmle.label | ControlFlowNode for Customized() [Attribute b] |
| datamodel.py:159:6:159:15 | ControlFlowNode for customized [Attribute b] | semmle.label | ControlFlowNode for customized [Attribute b] |
| datamodel.py:159:6:159:17 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | semmle.label | ModuleVariableNode for Global Variable SOURCE in Module test |
| test.py:20:1:20:6 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| test.py:20:10:20:17 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
| test.py:42:10:42:26 | ControlFlowNode for Tuple [Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1] |
| test.py:42:21:42:26 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:43:9:43:9 | ControlFlowNode for x [Tuple element at index 1] | semmle.label | ControlFlowNode for x [Tuple element at index 1] |
| test.py:43:9:43:12 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:44:10:44:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:55:9:55:14 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:56:10:56:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:61:9:61:16 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
| test.py:62:10:62:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:66:9:66:17 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
| test.py:67:10:67:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:71:9:71:10 | ControlFlowNode for IntegerLiteral | semmle.label | ControlFlowNode for IntegerLiteral |
| test.py:72:10:72:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:76:9:76:12 | ControlFlowNode for FloatLiteral | semmle.label | ControlFlowNode for FloatLiteral |
| test.py:77:10:77:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:87:10:87:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:88:10:88:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:93:9:93:16 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:93:10:93:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:94:10:94:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:94:10:94:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:103:9:103:37 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
| test.py:103:10:103:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:104:10:104:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:104:10:104:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:108:9:108:29 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
| test.py:108:10:108:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:108:16:108:16 | SSA variable y | semmle.label | SSA variable y |
| test.py:108:21:108:28 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:108:22:108:27 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:109:10:109:10 | ControlFlowNode for x [Set element] | semmle.label | ControlFlowNode for x [Set element] |
| test.py:109:10:109:16 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:112:9:112:16 | ControlFlowNode for Set [List element] | semmle.label | ControlFlowNode for Set [List element] |
| test.py:112:10:112:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:113:9:113:22 | ControlFlowNode for SetComp [Set element] | semmle.label | ControlFlowNode for SetComp [Set element] |
| test.py:113:10:113:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:113:16:113:16 | SSA variable y | semmle.label | SSA variable y |
| test.py:113:21:113:21 | ControlFlowNode for l [List element] | semmle.label | ControlFlowNode for l [List element] |
| test.py:114:10:114:10 | ControlFlowNode for x [Set element] | semmle.label | ControlFlowNode for x [Set element] |
| test.py:114:10:114:16 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:122:9:122:21 | ControlFlowNode for Dict [Dictionary element at key s] | semmle.label | ControlFlowNode for Dict [Dictionary element at key s] |
| test.py:122:15:122:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:123:10:123:10 | ControlFlowNode for x [Dictionary element at key s] | semmle.label | ControlFlowNode for x [Dictionary element at key s] |
| test.py:123:10:123:15 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:126:9:126:21 | ControlFlowNode for Dict [Dictionary element at key s] | semmle.label | ControlFlowNode for Dict [Dictionary element at key s] |
| test.py:126:15:126:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:127:10:127:10 | ControlFlowNode for x [Dictionary element at key s] | semmle.label | ControlFlowNode for x [Dictionary element at key s] |
| test.py:127:10:127:19 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:252:10:252:21 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:252:11:252:16 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:252:11:252:17 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
| test.py:255:10:255:17 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:255:10:255:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:255:11:255:16 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:258:10:258:21 | ControlFlowNode for Dict [Dictionary element at key s] | semmle.label | ControlFlowNode for Dict [Dictionary element at key s] |
| test.py:258:10:258:26 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:258:15:258:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:276:10:276:34 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
| test.py:276:28:276:33 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:335:10:335:18 | ControlFlowNode for f() | semmle.label | ControlFlowNode for f() |
| test.py:335:12:335:17 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:339:10:339:34 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
| test.py:339:28:339:33 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:109:10:109:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:109:10:109:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:113:9:113:16 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:113:10:113:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:114:9:114:22 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
| test.py:114:10:114:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:114:16:114:16 | SSA variable y | semmle.label | SSA variable y |
| test.py:114:21:114:21 | ControlFlowNode for l [List element] | semmle.label | ControlFlowNode for l [List element] |
| test.py:115:10:115:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:115:10:115:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:125:9:125:16 | ControlFlowNode for Set [List element] | semmle.label | ControlFlowNode for Set [List element] |
| test.py:125:10:125:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:126:10:126:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:126:10:126:16 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:130:9:130:37 | ControlFlowNode for SetComp [Set element] | semmle.label | ControlFlowNode for SetComp [Set element] |
| test.py:130:10:130:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:131:10:131:10 | ControlFlowNode for x [Set element] | semmle.label | ControlFlowNode for x [Set element] |
| test.py:131:10:131:16 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:135:9:135:29 | ControlFlowNode for SetComp [Set element] | semmle.label | ControlFlowNode for SetComp [Set element] |
| test.py:135:10:135:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:135:16:135:16 | SSA variable y | semmle.label | SSA variable y |
| test.py:135:21:135:28 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:135:22:135:27 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:136:10:136:10 | ControlFlowNode for x [Set element] | semmle.label | ControlFlowNode for x [Set element] |
| test.py:136:10:136:16 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:140:9:140:16 | ControlFlowNode for Set [List element] | semmle.label | ControlFlowNode for Set [List element] |
| test.py:140:10:140:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:141:9:141:22 | ControlFlowNode for SetComp [Set element] | semmle.label | ControlFlowNode for SetComp [Set element] |
| test.py:141:10:141:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:141:16:141:16 | SSA variable y | semmle.label | SSA variable y |
| test.py:141:21:141:21 | ControlFlowNode for l [List element] | semmle.label | ControlFlowNode for l [List element] |
| test.py:142:10:142:10 | ControlFlowNode for x [Set element] | semmle.label | ControlFlowNode for x [Set element] |
| test.py:142:10:142:16 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:152:9:152:21 | ControlFlowNode for Dict [Dictionary element at key s] | semmle.label | ControlFlowNode for Dict [Dictionary element at key s] |
| test.py:152:15:152:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:153:10:153:10 | ControlFlowNode for x [Dictionary element at key s] | semmle.label | ControlFlowNode for x [Dictionary element at key s] |
| test.py:153:10:153:15 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:157:9:157:21 | ControlFlowNode for Dict [Dictionary element at key s] | semmle.label | ControlFlowNode for Dict [Dictionary element at key s] |
| test.py:157:15:157:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:158:10:158:10 | ControlFlowNode for x [Dictionary element at key s] | semmle.label | ControlFlowNode for x [Dictionary element at key s] |
| test.py:158:10:158:19 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:183:9:183:42 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
| test.py:183:10:183:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:183:16:183:16 | SSA variable z [List element] | semmle.label | SSA variable z [List element] |
| test.py:183:21:183:30 | ControlFlowNode for List [List element, List element] | semmle.label | ControlFlowNode for List [List element, List element] |
| test.py:183:22:183:29 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:183:23:183:28 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:183:36:183:36 | SSA variable y | semmle.label | SSA variable y |
| test.py:183:41:183:41 | ControlFlowNode for z [List element] | semmle.label | ControlFlowNode for z [List element] |
| test.py:184:10:184:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:184:10:184:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:188:9:188:68 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
| test.py:188:10:188:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:188:16:188:16 | SSA variable v [List element, List element, List element] | semmle.label | SSA variable v [List element, List element, List element] |
| test.py:188:21:188:34 | ControlFlowNode for List [List element, List element, List element, List element] | semmle.label | ControlFlowNode for List [List element, List element, List element, List element] |
| test.py:188:22:188:33 | ControlFlowNode for List [List element, List element, List element] | semmle.label | ControlFlowNode for List [List element, List element, List element] |
| test.py:188:23:188:32 | ControlFlowNode for List [List element, List element] | semmle.label | ControlFlowNode for List [List element, List element] |
| test.py:188:24:188:31 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:188:25:188:30 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:188:40:188:40 | SSA variable u [List element, List element] | semmle.label | SSA variable u [List element, List element] |
| test.py:188:45:188:45 | ControlFlowNode for v [List element, List element, List element] | semmle.label | ControlFlowNode for v [List element, List element, List element] |
| test.py:188:51:188:51 | SSA variable z [List element] | semmle.label | SSA variable z [List element] |
| test.py:188:56:188:56 | ControlFlowNode for u [List element, List element] | semmle.label | ControlFlowNode for u [List element, List element] |
| test.py:188:62:188:62 | SSA variable y | semmle.label | SSA variable y |
| test.py:188:67:188:67 | ControlFlowNode for z [List element] | semmle.label | ControlFlowNode for z [List element] |
| test.py:189:10:189:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:189:10:189:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:199:9:199:42 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
| test.py:199:10:199:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:199:16:199:16 | SSA variable y | semmle.label | SSA variable y |
| test.py:199:22:199:22 | ControlFlowNode for z | semmle.label | ControlFlowNode for z |
| test.py:199:22:199:40 | ControlFlowNode for GeneratorExp [List element] | semmle.label | ControlFlowNode for GeneratorExp [List element] |
| test.py:199:28:199:28 | SSA variable z | semmle.label | SSA variable z |
| test.py:199:33:199:40 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:199:34:199:39 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:200:10:200:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
| test.py:200:10:200:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:336:10:336:21 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:336:11:336:16 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:336:11:336:17 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
| test.py:340:10:340:17 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:340:10:340:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:340:11:340:16 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:344:10:344:22 | ControlFlowNode for Dict [Dictionary element at key s] | semmle.label | ControlFlowNode for Dict [Dictionary element at key s] |
| test.py:344:10:344:27 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:344:16:344:21 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:367:10:367:34 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
| test.py:367:28:367:33 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:375:10:375:36 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
| test.py:375:30:375:35 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:383:10:383:43 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
| test.py:383:10:383:43 | KwUnpacked b | semmle.label | KwUnpacked b |
| test.py:383:30:383:42 | ControlFlowNode for Dict [Dictionary element at key b] | semmle.label | ControlFlowNode for Dict [Dictionary element at key b] |
| test.py:383:36:383:41 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:391:10:391:39 | ControlFlowNode for f_extra_pos() | semmle.label | ControlFlowNode for f_extra_pos() |
| test.py:391:10:391:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] | semmle.label | PosOverflowNode for f_extra_pos() [Tuple element at index 0] |
| test.py:391:33:391:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:399:10:399:45 | ControlFlowNode for f_extra_keyword() | semmle.label | ControlFlowNode for f_extra_keyword() |
| test.py:399:10:399:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] | semmle.label | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] |
| test.py:399:39:399:44 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:420:10:420:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:420:10:420:38 | ControlFlowNode for IfExp | semmle.label | ControlFlowNode for IfExp |
| test.py:428:10:428:39 | ControlFlowNode for IfExp | semmle.label | ControlFlowNode for IfExp |
| test.py:428:34:428:39 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:452:10:452:18 | ControlFlowNode for f() | semmle.label | ControlFlowNode for f() |
| test.py:452:12:452:17 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:459:10:459:34 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
| test.py:459:28:459:33 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:473:10:473:36 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
| test.py:473:30:473:35 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:487:10:487:43 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
| test.py:487:10:487:43 | KwUnpacked b | semmle.label | KwUnpacked b |
| test.py:487:30:487:42 | ControlFlowNode for Dict [Dictionary element at key b] | semmle.label | ControlFlowNode for Dict [Dictionary element at key b] |
| test.py:487:36:487:41 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:492:10:492:39 | ControlFlowNode for f_extra_pos() | semmle.label | ControlFlowNode for f_extra_pos() |
| test.py:492:10:492:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] | semmle.label | PosOverflowNode for f_extra_pos() [Tuple element at index 0] |
| test.py:492:33:492:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:497:10:497:45 | ControlFlowNode for f_extra_keyword() | semmle.label | ControlFlowNode for f_extra_keyword() |
| test.py:497:10:497:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] | semmle.label | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] |
| test.py:497:39:497:44 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:509:9:509:14 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:511:10:511:10 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
| test.py:516:10:516:10 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
#select
| datamodel.py:38:6:38:17 | ControlFlowNode for f() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:38:6:38:17 | ControlFlowNode for f() | <message> |
| datamodel.py:38:6:38:17 | ControlFlowNode for f() | datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:38:6:38:17 | ControlFlowNode for f() | <message> |
| datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | <message> |
| datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | <message> |
| datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | <message> |
| datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | <message> |
| datamodel.py:73:6:73:27 | ControlFlowNode for func_obj() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:73:6:73:27 | ControlFlowNode for func_obj() | <message> |
| datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | <message> |
| datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | <message> |
| datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | <message> |
| datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | <message> |
| datamodel.py:82:6:82:26 | ControlFlowNode for c_func_obj() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:82:6:82:26 | ControlFlowNode for c_func_obj() | <message> |
| datamodel.py:93:6:93:20 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:93:6:93:20 | ControlFlowNode for Attribute() | <message> |
| datamodel.py:97:6:97:21 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:97:6:97:21 | ControlFlowNode for Attribute() | <message> |
| datamodel.py:106:6:106:30 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:106:6:106:30 | ControlFlowNode for Attribute() | <message> |
| datamodel.py:107:6:107:32 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:107:6:107:32 | ControlFlowNode for Attribute() | <message> |
| datamodel.py:119:6:119:30 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:119:6:119:30 | ControlFlowNode for Attribute() | <message> |
| test.py:34:10:34:10 | ControlFlowNode for y | test.py:32:21:32:26 | ControlFlowNode for SOURCE | test.py:34:10:34:10 | ControlFlowNode for y | <message> |
| test.py:44:10:44:10 | ControlFlowNode for x | test.py:43:9:43:14 | ControlFlowNode for SOURCE | test.py:44:10:44:10 | ControlFlowNode for x | <message> |
| test.py:49:10:49:10 | ControlFlowNode for x | test.py:48:9:48:16 | ControlFlowNode for Str | test.py:49:10:49:10 | ControlFlowNode for x | <message> |
| test.py:53:10:53:10 | ControlFlowNode for x | test.py:52:9:52:17 | ControlFlowNode for Str | test.py:53:10:53:10 | ControlFlowNode for x | <message> |
| test.py:57:10:57:10 | ControlFlowNode for x | test.py:56:9:56:10 | ControlFlowNode for IntegerLiteral | test.py:57:10:57:10 | ControlFlowNode for x | <message> |
| test.py:61:10:61:10 | ControlFlowNode for x | test.py:60:9:60:12 | ControlFlowNode for FloatLiteral | test.py:61:10:61:10 | ControlFlowNode for x | <message> |
| test.py:70:10:70:10 | ControlFlowNode for x | test.py:69:10:69:15 | ControlFlowNode for SOURCE | test.py:70:10:70:10 | ControlFlowNode for x | <message> |
| test.py:75:10:75:13 | ControlFlowNode for Subscript | test.py:74:10:74:15 | ControlFlowNode for SOURCE | test.py:75:10:75:13 | ControlFlowNode for Subscript | <message> |
| test.py:83:10:83:13 | ControlFlowNode for Subscript | test.py:82:10:82:15 | ControlFlowNode for SOURCE | test.py:83:10:83:13 | ControlFlowNode for Subscript | <message> |
| test.py:87:10:87:13 | ControlFlowNode for Subscript | test.py:86:22:86:27 | ControlFlowNode for SOURCE | test.py:87:10:87:13 | ControlFlowNode for Subscript | <message> |
| test.py:92:10:92:13 | ControlFlowNode for Subscript | test.py:90:10:90:15 | ControlFlowNode for SOURCE | test.py:92:10:92:13 | ControlFlowNode for Subscript | <message> |
| test.py:101:10:101:16 | ControlFlowNode for Attribute() | test.py:100:10:100:15 | ControlFlowNode for SOURCE | test.py:101:10:101:16 | ControlFlowNode for Attribute() | <message> |
| test.py:105:10:105:16 | ControlFlowNode for Attribute() | test.py:104:10:104:15 | ControlFlowNode for SOURCE | test.py:105:10:105:16 | ControlFlowNode for Attribute() | <message> |
| test.py:109:10:109:16 | ControlFlowNode for Attribute() | test.py:108:22:108:27 | ControlFlowNode for SOURCE | test.py:109:10:109:16 | ControlFlowNode for Attribute() | <message> |
| test.py:114:10:114:16 | ControlFlowNode for Attribute() | test.py:112:10:112:15 | ControlFlowNode for SOURCE | test.py:114:10:114:16 | ControlFlowNode for Attribute() | <message> |
| test.py:123:10:123:15 | ControlFlowNode for Subscript | test.py:122:15:122:20 | ControlFlowNode for SOURCE | test.py:123:10:123:15 | ControlFlowNode for Subscript | <message> |
| test.py:127:10:127:19 | ControlFlowNode for Attribute() | test.py:126:15:126:20 | ControlFlowNode for SOURCE | test.py:127:10:127:19 | ControlFlowNode for Attribute() | <message> |
| test.py:252:10:252:21 | ControlFlowNode for Subscript | test.py:252:11:252:16 | ControlFlowNode for SOURCE | test.py:252:10:252:21 | ControlFlowNode for Subscript | <message> |
| test.py:255:10:255:20 | ControlFlowNode for Subscript | test.py:255:11:255:16 | ControlFlowNode for SOURCE | test.py:255:10:255:20 | ControlFlowNode for Subscript | <message> |
| test.py:258:10:258:26 | ControlFlowNode for Subscript | test.py:258:15:258:20 | ControlFlowNode for SOURCE | test.py:258:10:258:26 | ControlFlowNode for Subscript | <message> |
| test.py:276:10:276:34 | ControlFlowNode for second() | test.py:276:28:276:33 | ControlFlowNode for SOURCE | test.py:276:10:276:34 | ControlFlowNode for second() | <message> |
| test.py:335:10:335:18 | ControlFlowNode for f() | test.py:335:12:335:17 | ControlFlowNode for SOURCE | test.py:335:10:335:18 | ControlFlowNode for f() | <message> |
| test.py:339:10:339:34 | ControlFlowNode for second() | test.py:339:28:339:33 | ControlFlowNode for SOURCE | test.py:339:10:339:34 | ControlFlowNode for second() | <message> |
| datamodel.py:38:6:38:17 | ControlFlowNode for f() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:38:6:38:17 | ControlFlowNode for f() | Flow found |
| datamodel.py:38:6:38:17 | ControlFlowNode for f() | datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:38:6:38:17 | ControlFlowNode for f() | Flow found |
| datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | datamodel.py:73:18:73:23 | ControlFlowNode for SOURCE | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | datamodel.py:73:18:73:23 | ControlFlowNode for SOURCE | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | Flow found |
| datamodel.py:159:6:159:17 | ControlFlowNode for Attribute | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:159:6:159:17 | ControlFlowNode for Attribute | Flow found |
| datamodel.py:159:6:159:17 | ControlFlowNode for Attribute | datamodel.py:152:14:152:19 | ControlFlowNode for SOURCE | datamodel.py:159:6:159:17 | ControlFlowNode for Attribute | Flow found |
| test.py:44:10:44:10 | ControlFlowNode for y | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:44:10:44:10 | ControlFlowNode for y | Flow found |
| test.py:44:10:44:10 | ControlFlowNode for y | test.py:42:21:42:26 | ControlFlowNode for SOURCE | test.py:44:10:44:10 | ControlFlowNode for y | Flow found |
| test.py:56:10:56:10 | ControlFlowNode for x | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:56:10:56:10 | ControlFlowNode for x | Flow found |
| test.py:56:10:56:10 | ControlFlowNode for x | test.py:55:9:55:14 | ControlFlowNode for SOURCE | test.py:56:10:56:10 | ControlFlowNode for x | Flow found |
| test.py:62:10:62:10 | ControlFlowNode for x | test.py:61:9:61:16 | ControlFlowNode for Str | test.py:62:10:62:10 | ControlFlowNode for x | Flow found |
| test.py:67:10:67:10 | ControlFlowNode for x | test.py:66:9:66:17 | ControlFlowNode for Str | test.py:67:10:67:10 | ControlFlowNode for x | Flow found |
| test.py:72:10:72:10 | ControlFlowNode for x | test.py:71:9:71:10 | ControlFlowNode for IntegerLiteral | test.py:72:10:72:10 | ControlFlowNode for x | Flow found |
| test.py:77:10:77:10 | ControlFlowNode for x | test.py:76:9:76:12 | ControlFlowNode for FloatLiteral | test.py:77:10:77:10 | ControlFlowNode for x | Flow found |
| test.py:88:10:88:10 | ControlFlowNode for x | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:88:10:88:10 | ControlFlowNode for x | Flow found |
| test.py:88:10:88:10 | ControlFlowNode for x | test.py:87:10:87:15 | ControlFlowNode for SOURCE | test.py:88:10:88:10 | ControlFlowNode for x | Flow found |
| test.py:94:10:94:13 | ControlFlowNode for Subscript | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:94:10:94:13 | ControlFlowNode for Subscript | Flow found |
| test.py:94:10:94:13 | ControlFlowNode for Subscript | test.py:93:10:93:15 | ControlFlowNode for SOURCE | test.py:94:10:94:13 | ControlFlowNode for Subscript | Flow found |
| test.py:104:10:104:13 | ControlFlowNode for Subscript | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:104:10:104:13 | ControlFlowNode for Subscript | Flow found |
| test.py:104:10:104:13 | ControlFlowNode for Subscript | test.py:103:10:103:15 | ControlFlowNode for SOURCE | test.py:104:10:104:13 | ControlFlowNode for Subscript | Flow found |
| test.py:109:10:109:13 | ControlFlowNode for Subscript | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:109:10:109:13 | ControlFlowNode for Subscript | Flow found |
| test.py:109:10:109:13 | ControlFlowNode for Subscript | test.py:108:22:108:27 | ControlFlowNode for SOURCE | test.py:109:10:109:13 | ControlFlowNode for Subscript | Flow found |
| test.py:115:10:115:13 | ControlFlowNode for Subscript | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:115:10:115:13 | ControlFlowNode for Subscript | Flow found |
| test.py:115:10:115:13 | ControlFlowNode for Subscript | test.py:113:10:113:15 | ControlFlowNode for SOURCE | test.py:115:10:115:13 | ControlFlowNode for Subscript | Flow found |
| test.py:126:10:126:16 | ControlFlowNode for Attribute() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:126:10:126:16 | ControlFlowNode for Attribute() | Flow found |
| test.py:126:10:126:16 | ControlFlowNode for Attribute() | test.py:125:10:125:15 | ControlFlowNode for SOURCE | test.py:126:10:126:16 | ControlFlowNode for Attribute() | Flow found |
| test.py:131:10:131:16 | ControlFlowNode for Attribute() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:131:10:131:16 | ControlFlowNode for Attribute() | Flow found |
| test.py:131:10:131:16 | ControlFlowNode for Attribute() | test.py:130:10:130:15 | ControlFlowNode for SOURCE | test.py:131:10:131:16 | ControlFlowNode for Attribute() | Flow found |
| test.py:136:10:136:16 | ControlFlowNode for Attribute() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:136:10:136:16 | ControlFlowNode for Attribute() | Flow found |
| test.py:136:10:136:16 | ControlFlowNode for Attribute() | test.py:135:22:135:27 | ControlFlowNode for SOURCE | test.py:136:10:136:16 | ControlFlowNode for Attribute() | Flow found |
| test.py:142:10:142:16 | ControlFlowNode for Attribute() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:142:10:142:16 | ControlFlowNode for Attribute() | Flow found |
| test.py:142:10:142:16 | ControlFlowNode for Attribute() | test.py:140:10:140:15 | ControlFlowNode for SOURCE | test.py:142:10:142:16 | ControlFlowNode for Attribute() | Flow found |
| test.py:153:10:153:15 | ControlFlowNode for Subscript | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:153:10:153:15 | ControlFlowNode for Subscript | Flow found |
| test.py:153:10:153:15 | ControlFlowNode for Subscript | test.py:152:15:152:20 | ControlFlowNode for SOURCE | test.py:153:10:153:15 | ControlFlowNode for Subscript | Flow found |
| test.py:158:10:158:19 | ControlFlowNode for Attribute() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:158:10:158:19 | ControlFlowNode for Attribute() | Flow found |
| test.py:158:10:158:19 | ControlFlowNode for Attribute() | test.py:157:15:157:20 | ControlFlowNode for SOURCE | test.py:158:10:158:19 | ControlFlowNode for Attribute() | Flow found |
| test.py:184:10:184:13 | ControlFlowNode for Subscript | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:184:10:184:13 | ControlFlowNode for Subscript | Flow found |
| test.py:184:10:184:13 | ControlFlowNode for Subscript | test.py:183:23:183:28 | ControlFlowNode for SOURCE | test.py:184:10:184:13 | ControlFlowNode for Subscript | Flow found |
| test.py:189:10:189:13 | ControlFlowNode for Subscript | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:189:10:189:13 | ControlFlowNode for Subscript | Flow found |
| test.py:189:10:189:13 | ControlFlowNode for Subscript | test.py:188:25:188:30 | ControlFlowNode for SOURCE | test.py:189:10:189:13 | ControlFlowNode for Subscript | Flow found |
| test.py:200:10:200:13 | ControlFlowNode for Subscript | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:200:10:200:13 | ControlFlowNode for Subscript | Flow found |
| test.py:200:10:200:13 | ControlFlowNode for Subscript | test.py:199:34:199:39 | ControlFlowNode for SOURCE | test.py:200:10:200:13 | ControlFlowNode for Subscript | Flow found |
| test.py:336:10:336:21 | ControlFlowNode for Subscript | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:336:10:336:21 | ControlFlowNode for Subscript | Flow found |
| test.py:336:10:336:21 | ControlFlowNode for Subscript | test.py:336:11:336:16 | ControlFlowNode for SOURCE | test.py:336:10:336:21 | ControlFlowNode for Subscript | Flow found |
| test.py:340:10:340:20 | ControlFlowNode for Subscript | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:340:10:340:20 | ControlFlowNode for Subscript | Flow found |
| test.py:340:10:340:20 | ControlFlowNode for Subscript | test.py:340:11:340:16 | ControlFlowNode for SOURCE | test.py:340:10:340:20 | ControlFlowNode for Subscript | Flow found |
| test.py:344:10:344:27 | ControlFlowNode for Subscript | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:344:10:344:27 | ControlFlowNode for Subscript | Flow found |
| test.py:344:10:344:27 | ControlFlowNode for Subscript | test.py:344:16:344:21 | ControlFlowNode for SOURCE | test.py:344:10:344:27 | ControlFlowNode for Subscript | Flow found |
| test.py:367:10:367:34 | ControlFlowNode for second() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:367:10:367:34 | ControlFlowNode for second() | Flow found |
| test.py:367:10:367:34 | ControlFlowNode for second() | test.py:367:28:367:33 | ControlFlowNode for SOURCE | test.py:367:10:367:34 | ControlFlowNode for second() | Flow found |
| test.py:375:10:375:36 | ControlFlowNode for second() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:375:10:375:36 | ControlFlowNode for second() | Flow found |
| test.py:375:10:375:36 | ControlFlowNode for second() | test.py:375:30:375:35 | ControlFlowNode for SOURCE | test.py:375:10:375:36 | ControlFlowNode for second() | Flow found |
| test.py:383:10:383:43 | ControlFlowNode for second() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:383:10:383:43 | ControlFlowNode for second() | Flow found |
| test.py:383:10:383:43 | ControlFlowNode for second() | test.py:383:36:383:41 | ControlFlowNode for SOURCE | test.py:383:10:383:43 | ControlFlowNode for second() | Flow found |
| test.py:391:10:391:39 | ControlFlowNode for f_extra_pos() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:391:10:391:39 | ControlFlowNode for f_extra_pos() | Flow found |
| test.py:391:10:391:39 | ControlFlowNode for f_extra_pos() | test.py:391:33:391:38 | ControlFlowNode for SOURCE | test.py:391:10:391:39 | ControlFlowNode for f_extra_pos() | Flow found |
| test.py:399:10:399:45 | ControlFlowNode for f_extra_keyword() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:399:10:399:45 | ControlFlowNode for f_extra_keyword() | Flow found |
| test.py:399:10:399:45 | ControlFlowNode for f_extra_keyword() | test.py:399:39:399:44 | ControlFlowNode for SOURCE | test.py:399:10:399:45 | ControlFlowNode for f_extra_keyword() | Flow found |
| test.py:420:10:420:38 | ControlFlowNode for IfExp | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:420:10:420:38 | ControlFlowNode for IfExp | Flow found |
| test.py:420:10:420:38 | ControlFlowNode for IfExp | test.py:420:10:420:15 | ControlFlowNode for SOURCE | test.py:420:10:420:38 | ControlFlowNode for IfExp | Flow found |
| test.py:428:10:428:39 | ControlFlowNode for IfExp | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:428:10:428:39 | ControlFlowNode for IfExp | Flow found |
| test.py:428:10:428:39 | ControlFlowNode for IfExp | test.py:428:34:428:39 | ControlFlowNode for SOURCE | test.py:428:10:428:39 | ControlFlowNode for IfExp | Flow found |
| test.py:452:10:452:18 | ControlFlowNode for f() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:452:10:452:18 | ControlFlowNode for f() | Flow found |
| test.py:452:10:452:18 | ControlFlowNode for f() | test.py:452:12:452:17 | ControlFlowNode for SOURCE | test.py:452:10:452:18 | ControlFlowNode for f() | Flow found |
| test.py:459:10:459:34 | ControlFlowNode for second() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:459:10:459:34 | ControlFlowNode for second() | Flow found |
| test.py:459:10:459:34 | ControlFlowNode for second() | test.py:459:28:459:33 | ControlFlowNode for SOURCE | test.py:459:10:459:34 | ControlFlowNode for second() | Flow found |
| test.py:473:10:473:36 | ControlFlowNode for second() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:473:10:473:36 | ControlFlowNode for second() | Flow found |
| test.py:473:10:473:36 | ControlFlowNode for second() | test.py:473:30:473:35 | ControlFlowNode for SOURCE | test.py:473:10:473:36 | ControlFlowNode for second() | Flow found |
| test.py:487:10:487:43 | ControlFlowNode for second() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:487:10:487:43 | ControlFlowNode for second() | Flow found |
| test.py:487:10:487:43 | ControlFlowNode for second() | test.py:487:36:487:41 | ControlFlowNode for SOURCE | test.py:487:10:487:43 | ControlFlowNode for second() | Flow found |
| test.py:492:10:492:39 | ControlFlowNode for f_extra_pos() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:492:10:492:39 | ControlFlowNode for f_extra_pos() | Flow found |
| test.py:492:10:492:39 | ControlFlowNode for f_extra_pos() | test.py:492:33:492:38 | ControlFlowNode for SOURCE | test.py:492:10:492:39 | ControlFlowNode for f_extra_pos() | Flow found |
| test.py:497:10:497:45 | ControlFlowNode for f_extra_keyword() | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:497:10:497:45 | ControlFlowNode for f_extra_keyword() | Flow found |
| test.py:497:10:497:45 | ControlFlowNode for f_extra_keyword() | test.py:497:39:497:44 | ControlFlowNode for SOURCE | test.py:497:10:497:45 | ControlFlowNode for f_extra_keyword() | Flow found |
| test.py:511:10:511:10 | ControlFlowNode for a | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:511:10:511:10 | ControlFlowNode for a | Flow found |
| test.py:511:10:511:10 | ControlFlowNode for a | test.py:509:9:509:14 | ControlFlowNode for SOURCE | test.py:511:10:511:10 | ControlFlowNode for a | Flow found |
| test.py:516:10:516:10 | ControlFlowNode for b | test.py:20:10:20:17 | ControlFlowNode for Str | test.py:516:10:516:10 | ControlFlowNode for b | Flow found |
| test.py:516:10:516:10 | ControlFlowNode for b | test.py:509:9:509:14 | ControlFlowNode for SOURCE | test.py:516:10:516:10 | ControlFlowNode for b | Flow found |

2
python/ql/test/experimental/dataflow/coverage/dataflow.ql
View File

@@ -8,4 +8,4 @@ import DataFlow::PathGraph
from TestConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
where config.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "<message>"
select sink.getNode(), source, sink, "Flow found"

2
python/ql/test/experimental/dataflow/coverage/datamodel.py
View File

@@ -156,4 +156,4 @@ customized = Customized()
SINK(Customized.a)
SINK_F(Customized.b)
SINK(customized.a)
SINK(customized.b)
SINK(customized.b) # Flow found

20
python/ql/test/experimental/dataflow/coverage/localFlow.expected
View File

@@ -1,5 +1,15 @@
| test.py:32:5:32:5 | SSA variable x | test.py:33:9:33:9 | ControlFlowNode for x |
| test.py:32:10:32:26 | ControlFlowNode for Tuple | test.py:32:5:32:5 | SSA variable x |
| test.py:33:5:33:5 | SSA variable y | test.py:34:5:34:11 | SSA variable y |
| test.py:33:5:33:5 | SSA variable y | test.py:34:10:34:10 | ControlFlowNode for y |
| test.py:33:9:33:12 | ControlFlowNode for Subscript | test.py:33:5:33:5 | SSA variable y |
| test.py:41:1:41:33 | GSSA Variable NONSOURCE | test.py:42:10:42:18 | ControlFlowNode for NONSOURCE |
| test.py:41:1:41:33 | GSSA Variable SINK | test.py:44:5:44:8 | ControlFlowNode for SINK |
| test.py:41:1:41:33 | GSSA Variable SOURCE | test.py:42:21:42:26 | ControlFlowNode for SOURCE |
| test.py:42:5:42:5 | SSA variable x | test.py:43:9:43:9 | ControlFlowNode for x |
| test.py:42:10:42:26 | ControlFlowNode for Tuple | test.py:42:5:42:5 | SSA variable x |
| test.py:43:5:43:5 | SSA variable y | test.py:44:10:44:10 | ControlFlowNode for y |
| test.py:43:9:43:12 | ControlFlowNode for Subscript | test.py:43:5:43:5 | SSA variable y |
| test.py:187:1:187:53 | GSSA Variable SINK | test.py:189:5:189:8 | ControlFlowNode for SINK |
| test.py:187:1:187:53 | GSSA Variable SOURCE | test.py:188:25:188:30 | ControlFlowNode for SOURCE |
| test.py:188:5:188:5 | SSA variable x | test.py:189:10:189:10 | ControlFlowNode for x |
| test.py:188:9:188:68 | ControlFlowNode for ListComp | test.py:188:5:188:5 | SSA variable x |
| test.py:188:16:188:16 | SSA variable v | test.py:188:45:188:45 | ControlFlowNode for v |
| test.py:188:40:188:40 | SSA variable u | test.py:188:56:188:56 | ControlFlowNode for u |
| test.py:188:51:188:51 | SSA variable z | test.py:188:67:188:67 | ControlFlowNode for z |
| test.py:188:62:188:62 | SSA variable y | test.py:188:10:188:10 | ControlFlowNode for y |

2
python/ql/test/experimental/dataflow/coverage/localFlow.ql
View File

@@ -1,5 +1,5 @@
import python
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.DataFlow
from DataFlow::Node nodeFrom, DataFlow::Node nodeTo
where

326
python/ql/test/experimental/dataflow/coverage/test.py
View File

@@ -6,191 +6,261 @@
#
# Functions whose name ends with "_with_local_flow" will also be tested for local flow.
#
# All functions starting with "test_" should run and print `"OK"`.
# All functions starting with "test_" should run and execute `print("OK")` exactly once.
# This can be checked by running validTest.py.
import sys
import os
sys.path.append(os.path.dirname(os.path.dirname((__file__))))
from testlib import *
# These are defined so that we can evaluate the test code.
NONSOURCE = "not a source"
SOURCE = "source"
def is_source(x):
return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
def SINK(x):
if is_source(x):
print("OK")
else:
print("Unexpected flow", x)
def SINK_F(x):
if is_source(x):
print("Unexpected flow", x)
else:
print("OK")
def test_tuple_with_local_flow():
x = (NONSOURCE, SOURCE)
y = x[1]
SINK(y)
def test_tuple_negative():
x = (NONSOURCE, SOURCE)
y = x[0]
SINK_F(y)
# 6.2.1. Identifiers (Names)
def test_names():
x = SOURCE
SINK(x)
# 6.2.2. Literals
def test_string_literal():
x = "source"
SINK(x)
def test_bytes_literal():
x = b"source"
SINK(x)
def test_integer_literal():
x = 42
SINK(x)
def test_floatnumber_literal():
x = 42.0
SINK(x)
def test_imagnumber_literal():
x = 42j
SINK(x) # Flow missing
SINK(x) # Flow missing
# 6.2.3. Parenthesized forms
def test_parenthesized_form():
x = (SOURCE)
SINK(x)
# 6.2.5. List displays
def test_list_display():
x = [SOURCE]
SINK(x[0])
def test_list_display_negative():
x = [SOURCE]
SINK_F(x)
def test_list_comprehension():
x = [SOURCE for y in [NONSOURCE]]
SINK(x[0])
def test_list_comprehension_flow():
x = [y for y in [SOURCE]]
SINK(x[0])
def test_list_comprehension_inflow():
l = [SOURCE]
x = [y for y in l]
SINK(x[0])
def test_nested_list_display():
x = [* [SOURCE]]
SINK(x[0]) # Flow missing
x = [*[SOURCE]]
SINK(x[0]) # Flow missing
# 6.2.6. Set displays
def test_set_display():
x = {SOURCE}
SINK(x.pop())
def test_set_comprehension():
x = {SOURCE for y in [NONSOURCE]}
SINK(x.pop())
def test_set_comprehension_flow():
x = {y for y in [SOURCE]}
SINK(x.pop())
def test_set_comprehension_inflow():
l = {SOURCE}
x = {y for y in l}
SINK(x.pop())
def test_nested_set_display():
x = {* {SOURCE}}
SINK(x.pop()) # Flow missing
x = {*{SOURCE}}
SINK(x.pop()) # Flow missing
# 6.2.7. Dictionary displays
def test_dict_display():
x = {"s": SOURCE}
SINK(x["s"])
def test_dict_display_pop():
x = {"s": SOURCE}
SINK(x.pop("s"))
def test_dict_comprehension():
x = {y: SOURCE for y in ["s"]}
SINK(x["s"]) # Flow missing
SINK(x["s"]) # Flow missing
def test_dict_comprehension_pop():
x = {y: SOURCE for y in ["s"]}
SINK(x.pop("s")) # Flow missing
SINK(x.pop("s")) # Flow missing
def test_nested_dict_display():
x = {** {"s": SOURCE}}
SINK(x["s"]) # Flow missing
x = {**{"s": SOURCE}}
SINK(x["s"]) # Flow missing
def test_nested_dict_display_pop():
x = {** {"s": SOURCE}}
SINK(x.pop("s")) # Flow missing
x = {**{"s": SOURCE}}
SINK(x.pop("s")) # Flow missing
# Nested comprehensions
def test_nested_comprehension():
x = [y for z in [[SOURCE]] for y in z]
SINK(x[0])
def test_nested_comprehension_deep_with_local_flow():
x = [y for v in [[[[SOURCE]]]] for u in v for z in u for y in z]
SINK(x[0])
def test_nested_comprehension_dict():
d = {"s": [SOURCE]}
x = [y for k, v in d.items() for y in v]
SINK(x[0]) # Flow missing
def test_nested_comprehension_paren():
x = [y for y in (z for z in [SOURCE])]
SINK(x[0])
# 6.2.8. Generator expressions
def test_generator():
x = (SOURCE for y in [NONSOURCE])
SINK([*x][0]) # Flow missing
SINK([*x][0]) # Flow missing
# 6.2.9. Yield expressions
def gen(x):
yield x
def test_yield():
g = gen(SOURCE)
SINK(next(g)) # Flow missing
SINK(next(g)) # Flow missing
def gen_from(x):
yield from gen(x)
def test_yield_from():
g = gen_from(SOURCE)
SINK(next(g)) # Flow missing
SINK(next(g)) # Flow missing
# a statement rather than an expression, but related to generators
def test_for():
for x in gen(SOURCE):
SINK(x) # Flow missing
SINK(x) # Flow missing
# 6.2.9.1. Generator-iterator methods
def test___next__():
g = gen(SOURCE)
SINK(g.__next__()) # Flow missing
SINK(g.__next__()) # Flow missing
def gen2(x):
m = yield x # argument of `send` has to flow to value of `yield x` (and so to `m`)
# argument of `send` has to flow to value of `yield x` (and so to `m`)
m = yield x
yield m
def test_send():
g = gen2(NONSOURCE)
n = next(g)
SINK(g.send(SOURCE)) # Flow missing
SINK(g.send(SOURCE)) # Flow missing
def gen_ex(x):
try:
yield NONSOURCE
except:
yield x # `x` has to flow to call to `throw`
yield x # `x` has to flow to call to `throw`
def test_throw():
g = gen_ex(SOURCE)
n = next(g)
SINK(g.throw(TypeError)) # Flow missing
SINK(g.throw(TypeError)) # Flow missing
# no `test_close` as `close` involves no data flow
@@ -198,52 +268,66 @@ def test_throw():
async def agen(x):
yield x
# 6.2.9.4. Asynchronous generator-iterator methods
# helper to run async test functions
def runa(a):
import asyncio
asyncio.run(a)
async def atest___anext__():
g = agen(SOURCE)
SINK(await g.__anext__()) # Flow missing
SINK(await g.__anext__()) # Flow missing
def test___anext__():
runa(atest___anext__())
async def agen2(x):
m = yield x # argument of `send` has to flow to value of `yield x` (and so to `m`)
# argument of `send` has to flow to value of `yield x` (and so to `m`)
m = yield x
yield m
async def atest_asend():
g = agen2(NONSOURCE)
n = await g.__anext__()
SINK(await g.asend(SOURCE)) # Flow missing
SINK(await g.asend(SOURCE)) # Flow missing
def test_asend():
runa(atest_asend())
async def agen_ex(x):
try:
yield NONSOURCE
except:
yield x # `x` has to flow to call to `athrow`
yield x # `x` has to flow to call to `athrow`
async def atest_athrow():
g = agen_ex(SOURCE)
n = await g.__anext__()
SINK(await g.athrow(TypeError)) # Flow missing
SINK(await g.athrow(TypeError)) # Flow missing
def test_athrow():
runa(atest_athrow())
# 6.3.1. Attribute references
class C:
a = SOURCE
def test_attribute_reference():
SINK(C.a) # Flow missing
SINK(C.a) # Flow missing
# overriding __getattr__ should be tested by the class coverage tests
@@ -251,20 +335,26 @@ def test_attribute_reference():
def test_subscription_tuple():
SINK((SOURCE,)[0])
def test_subscription_list():
SINK([SOURCE][0])
def test_subscription_mapping():
SINK({"s":SOURCE}["s"])
SINK({"s": SOURCE}["s"])
# overriding __getitem__ should be tested by the class coverage tests
# 6.3.3. Slicings
l = [SOURCE]
def test_slicing():
s = l[0:1:1]
SINK(s[0]) # Flow missing
SINK(s[0]) # Flow missing
# The grammar seems to allow `l[0:1:1, 0:1]`, but the interpreter does not like it
@@ -272,97 +362,221 @@ def test_slicing():
def second(a, b):
return b
def test_call_positional():
SINK(second(NONSOURCE, SOURCE))
def test_call_positional_negative():
SINK_F(second(SOURCE, NONSOURCE))
def test_call_keyword():
SINK(second(NONSOURCE, b=SOURCE)) # Flow missing
SINK(second(NONSOURCE, b=SOURCE))
def test_call_unpack_iterable():
SINK(second(NONSOURCE, *[SOURCE])) # Flow missing
SINK(second(NONSOURCE, *[SOURCE])) # Flow missing
def test_call_unpack_mapping():
SINK(second(NONSOURCE, **{"b": SOURCE})) # Flow missing
SINK(second(NONSOURCE, **{"b": SOURCE}))
def f_extra_pos(a, *b):
return b[0]
def test_call_extra_pos():
SINK(f_extra_pos(NONSOURCE, SOURCE)) # Flow missing
SINK(f_extra_pos(NONSOURCE, SOURCE))
def f_extra_keyword(a, **b):
return b["b"]
def test_call_extra_keyword():
SINK(f_extra_keyword(NONSOURCE, b=SOURCE)) # Flow missing
SINK(f_extra_keyword(NONSOURCE, b=SOURCE))
# return the name of the first extra keyword argument
def f_extra_keyword_flow(**a):
return [*a][0]
# call the function with our source as the name of the keyword arguemnt
def test_call_extra_keyword_flow():
SINK(f_extra_keyword_flow(**{SOURCE: None})) # Flow missing
SINK(f_extra_keyword_flow(**{SOURCE: None})) # Flow missing
# 6.12. Assignment expressions
def test_assignment_expression():
x = NONSOURCE
SINK(x := SOURCE) # Flow missing
SINK(x := SOURCE) # Flow missing
# 6.13. Conditional expressions
def test_conditional_true():
SINK(SOURCE if True else NONSOURCE) # Flow missing
SINK(SOURCE if True else NONSOURCE)
def test_conditional_true_guards():
SINK_F(NONSOURCE if True else SOURCE)
def test_conditional_false():
SINK(NONSOURCE if False else SOURCE) # Flow missing
SINK(NONSOURCE if False else SOURCE)
def test_conditional_false_guards():
SINK_F(SOURCE if False else NONSOURCE)
# Condition is evaluated first, so x is SOURCE once chosen
def test_conditional_evaluation_true():
x = NONSOURCE
SINK(x if (SOURCE == (x := SOURCE)) else NONSOURCE) # Flow missing
SINK(x if (SOURCE == (x := SOURCE)) else NONSOURCE) # Flow missing
# Condition is evaluated first, so x is SOURCE once chosen
def test_conditional_evaluation_false():
x = NONSOURCE
SINK(NONSOURCE if (NONSOURCE == (x := SOURCE)) else x) # Flow missing
SINK(NONSOURCE if (NONSOURCE == (x := SOURCE)) else x) # Flow missing
# 6.14. Lambdas
def test_lambda():
f = lambda x : x
def f(x):
return x
SINK(f(SOURCE))
def test_lambda_positional():
second = lambda a, b : b
def second(a, b):
return b
SINK(second(NONSOURCE, SOURCE))
def test_lambda_positional_negative():
second = lambda a, b : b
def second(a, b):
return b
SINK_F(second(SOURCE, NONSOURCE))
def test_lambda_keyword():
second = lambda a, b : b
SINK(second(NONSOURCE, b=SOURCE)) # Flow missing
def second(a, b):
return b
SINK(second(NONSOURCE, b=SOURCE))
def test_lambda_unpack_iterable():
second = lambda a, b : b
SINK(second(NONSOURCE, *[SOURCE])) # Flow missing
def second(a, b):
return b
SINK(second(NONSOURCE, *[SOURCE])) # Flow missing
def test_lambda_unpack_mapping():
second = lambda a, b : b
SINK(second(NONSOURCE, **{"b": SOURCE})) # Flow missing
def second(a, b):
return b
SINK(second(NONSOURCE, **{"b": SOURCE}))
def test_lambda_extra_pos():
f_extra_pos = lambda a, *b : b[0]
SINK(f_extra_pos(NONSOURCE, SOURCE)) # Flow missing
f_extra_pos = lambda a, *b: b[0]
SINK(f_extra_pos(NONSOURCE, SOURCE))
def test_lambda_extra_keyword():
f_extra_keyword = lambda a, **b : b["b"]
SINK(f_extra_keyword(NONSOURCE, b=SOURCE)) # Flow missing
f_extra_keyword = lambda a, **b: b["b"]
SINK(f_extra_keyword(NONSOURCE, b=SOURCE))
# call the function with our source as the name of the keyword arguemnt
# call the function with our source as the name of the keyword argument
def test_lambda_extra_keyword_flow():
f_extra_keyword_flow = lambda **a : [*a][0] # return the name of the first extra keyword argument
SINK(f_extra_keyword_flow(**{SOURCE: None})) # Flow missing
# return the name of the first extra keyword argument
f_extra_keyword_flow = lambda **a: [*a][0]
SINK(f_extra_keyword_flow(**{SOURCE: None})) # Flow missing
@expects(4)
def test_swap():
a = SOURCE
b = NONSOURCE
SINK(a)
SINK_F(b)
a, b = b, a
SINK_F(a)
SINK(b)
def test_deep_callgraph():
# port of python/ql/test/library-tests/taint/general/deep.py
def f1(arg):
return arg
def f2(arg):
return f1(arg)
def f3(arg):
return f2(arg)
def f4(arg):
return f3(arg)
def f5(arg):
return f4(arg)
def f6(arg):
return f5(arg)
x = f6(SOURCE)
SINK(x) # Flow missing
@expects(2)
def test_dynamic_tuple_creation_1():
tup = tuple()
tup += (SOURCE,)
tup += (NONSOURCE,)
SINK(tup[0]) # Flow missing
SINK_F(tup[1])
@expects(2)
def test_dynamic_tuple_creation_2():
tup = ()
tup += (SOURCE,)
tup += (NONSOURCE,)
SINK(tup[0]) # Flow missing
SINK_F(tup[1])
@expects(2)
def test_dynamic_tuple_creation_3():
tup1 = (SOURCE,)
tup2 = (NONSOURCE,)
tup = tup1 + tup2
SINK(tup[0]) # Flow missing
SINK_F(tup[1])
# Inspired by FP-report https://github.com/github/codeql/issues/4239
@expects(2)
def test_dynamic_tuple_creation_4():
tup = ()
for item in [SOURCE, NONSOURCE]:
tup += (item,)
SINK(tup[0]) # Flow missing
SINK_F(tup[1])

27
python/ql/test/experimental/dataflow/coverage/testlib.py Normal file
View File

@@ -0,0 +1,27 @@
def expects(n):
def check_output(output):
lines = output.splitlines()
if all(s == "OK" for s in lines):
if len(lines) == n:
print("OK")
else:
print("Expected", n, "outputs but got", len(lines))
else:
print(list(s for s in lines if s != "OK"))
def wrap(f):
def wrapped(*args, **kwargs):
from io import StringIO
import sys
capturer = StringIO()
old_stdout = sys.stdout
sys.stdout = capturer
f(*args, **kwargs)
sys.stdout = old_stdout
check_output(capturer.getvalue())
wrapped.__name__ = "[" + str(n) + "]" + f.__name__
return wrapped
return wrap

22
python/ql/test/experimental/dataflow/coverage/validTest.py
View File

@@ -1,8 +1,9 @@
def check_output(s, f):
if s == "OK\n":
def check_output(outtext, f):
if outtext == "OK\n":
pass
else:
raise RuntimeError("Function failed", s, f)
raise RuntimeError("Function failed", outtext, f.__name__)
def check_test_function(f):
from io import StringIO
@@ -15,6 +16,7 @@ def check_test_function(f):
sys.stdout = old_stdout
check_output(capturer.getvalue(), f)
def check_async_test_function(f):
from io import StringIO
import sys
@@ -27,23 +29,27 @@ def check_async_test_function(f):
sys.stdout = old_stdout
check_output(capturer.getvalue(), f)
def check_tests_valid(testFile):
import importlib
tests = importlib.import_module(testFile)
for i in dir(tests):
# print("Considering", i)
if i.startswith("test_"):
item = getattr(tests,i)
item = getattr(tests, i)
if callable(item):
print("Checking", testFile, item)
print("Checking", testFile, item.__name__)
check_test_function(item)
elif i.startswith("atest_"):
item = getattr(tests,i)
item = getattr(tests, i)
if callable(item):
print("Checking", testFile, item)
print("Checking", testFile, item.__name__)
check_async_test_function(item)
if __name__ == '__main__':
if __name__ == "__main__":
check_tests_valid("classes")
check_tests_valid("test")
check_tests_valid("argumentPassing")

159
python/ql/test/experimental/dataflow/fieldflow/allLocalFlow.expected Normal file
View File

@@ -0,0 +1,159 @@
| examples.py:0:0:0:0 | GSSA Variable SINK | examples.py:28:1:28:4 | ControlFlowNode for SINK |
| examples.py:0:0:0:0 | GSSA Variable SOURCE | examples.py:27:15:27:20 | ControlFlowNode for SOURCE |
| examples.py:0:0:0:0 | GSSA Variable object | examples.py:6:13:6:18 | ControlFlowNode for object |
| examples.py:6:1:6:20 | ControlFlowNode for ClassExpr | examples.py:6:7:6:11 | GSSA Variable MyObj |
| examples.py:6:7:6:11 | GSSA Variable MyObj | examples.py:25:9:25:13 | ControlFlowNode for MyObj |
| examples.py:6:13:6:18 | ControlFlowNode for object | examples.py:11:17:11:22 | ControlFlowNode for object |
| examples.py:7:5:7:28 | ControlFlowNode for FunctionExpr | examples.py:7:9:7:16 | SSA variable __init__ |
| examples.py:7:18:7:21 | SSA variable self | examples.py:8:9:8:12 | ControlFlowNode for self |
| examples.py:7:24:7:26 | SSA variable foo | examples.py:8:20:8:22 | ControlFlowNode for foo |
| examples.py:11:1:11:24 | ControlFlowNode for ClassExpr | examples.py:11:7:11:15 | GSSA Variable NestedObj |
| examples.py:11:7:11:15 | GSSA Variable NestedObj | examples.py:33:5:33:13 | ControlFlowNode for NestedObj |
| examples.py:12:5:12:23 | ControlFlowNode for FunctionExpr | examples.py:12:9:12:16 | SSA variable __init__ |
| examples.py:12:5:12:23 | GSSA Variable MyObj | examples.py:13:20:13:24 | ControlFlowNode for MyObj |
| examples.py:12:18:12:21 | SSA variable self | examples.py:13:9:13:12 | ControlFlowNode for self |
| examples.py:15:5:15:21 | ControlFlowNode for FunctionExpr | examples.py:15:9:15:14 | SSA variable getObj |
| examples.py:15:16:15:19 | SSA variable self | examples.py:16:16:16:19 | ControlFlowNode for self |
| examples.py:20:1:20:19 | ControlFlowNode for FunctionExpr | examples.py:20:5:20:10 | GSSA Variable setFoo |
| examples.py:20:1:20:19 | GSSA Variable SINK_F | examples.py:21:5:21:10 | ControlFlowNode for SINK_F |
| examples.py:20:5:20:10 | GSSA Variable setFoo | examples.py:27:1:27:6 | ControlFlowNode for setFoo |
| examples.py:20:12:20:14 | SSA variable obj | examples.py:21:12:21:14 | ControlFlowNode for obj |
| examples.py:20:17:20:17 | SSA variable x | examples.py:22:15:22:15 | ControlFlowNode for x |
| examples.py:21:12:21:14 | ControlFlowNode for obj | examples.py:22:5:22:7 | ControlFlowNode for obj |
| examples.py:21:12:21:14 | [post read] ControlFlowNode for obj | examples.py:22:5:22:7 | ControlFlowNode for obj |
| examples.py:25:1:25:5 | GSSA Variable myobj | examples.py:27:8:27:12 | ControlFlowNode for myobj |
| examples.py:25:9:25:13 | ControlFlowNode for MyObj | examples.py:49:7:49:11 | ControlFlowNode for MyObj |
| examples.py:25:9:25:19 | ControlFlowNode for MyObj() | examples.py:25:1:25:5 | GSSA Variable myobj |
| examples.py:27:8:27:12 | ControlFlowNode for myobj | examples.py:28:6:28:10 | ControlFlowNode for myobj |
| examples.py:27:8:27:12 | [post arg] ControlFlowNode for myobj | examples.py:28:6:28:10 | ControlFlowNode for myobj |
| examples.py:27:15:27:20 | ControlFlowNode for SOURCE | examples.py:31:5:31:10 | ControlFlowNode for SOURCE |
| examples.py:27:15:27:20 | [post arg] ControlFlowNode for SOURCE | examples.py:31:5:31:10 | ControlFlowNode for SOURCE |
| examples.py:28:1:28:4 | ControlFlowNode for SINK | examples.py:37:1:37:4 | ControlFlowNode for SINK |
| examples.py:31:1:31:1 | GSSA Variable x | examples.py:35:13:35:13 | ControlFlowNode for x |
| examples.py:31:5:31:10 | ControlFlowNode for SOURCE | examples.py:31:1:31:1 | GSSA Variable x |
| examples.py:31:5:31:10 | ControlFlowNode for SOURCE | examples.py:40:5:40:10 | ControlFlowNode for SOURCE |
| examples.py:33:1:33:1 | GSSA Variable a | examples.py:35:1:35:1 | ControlFlowNode for a |
| examples.py:33:5:33:13 | ControlFlowNode for NestedObj | examples.py:42:5:42:13 | ControlFlowNode for NestedObj |
| examples.py:33:5:33:15 | ControlFlowNode for NestedObj() | examples.py:33:1:33:1 | GSSA Variable a |
| examples.py:35:1:35:1 | ControlFlowNode for a | examples.py:37:6:37:6 | ControlFlowNode for a |
| examples.py:35:1:35:1 | [post read] ControlFlowNode for a | examples.py:37:6:37:6 | ControlFlowNode for a |
| examples.py:37:1:37:4 | ControlFlowNode for SINK | examples.py:46:1:46:4 | ControlFlowNode for SINK |
| examples.py:40:1:40:1 | GSSA Variable x | examples.py:44:18:44:18 | ControlFlowNode for x |
| examples.py:40:5:40:10 | ControlFlowNode for SOURCE | examples.py:40:1:40:1 | GSSA Variable x |
| examples.py:40:5:40:10 | ControlFlowNode for SOURCE | examples.py:49:13:49:18 | ControlFlowNode for SOURCE |
| examples.py:42:1:42:1 | GSSA Variable a | examples.py:44:1:44:1 | ControlFlowNode for a |
| examples.py:42:5:42:15 | ControlFlowNode for NestedObj() | examples.py:42:1:42:1 | GSSA Variable a |
| examples.py:44:1:44:1 | ControlFlowNode for a | examples.py:46:6:46:6 | ControlFlowNode for a |
| examples.py:44:1:44:1 | [post read] ControlFlowNode for a | examples.py:46:6:46:6 | ControlFlowNode for a |
| examples.py:46:1:46:4 | ControlFlowNode for SINK | examples.py:50:1:50:4 | ControlFlowNode for SINK |
| examples.py:49:1:49:3 | GSSA Variable obj | examples.py:50:6:50:8 | ControlFlowNode for obj |
| examples.py:49:7:49:19 | ControlFlowNode for MyObj() | examples.py:49:1:49:3 | GSSA Variable obj |
| examples.py:49:13:49:18 | ControlFlowNode for SOURCE | examples.py:59:29:59:34 | ControlFlowNode for SOURCE |
| examples.py:49:13:49:18 | [post arg] ControlFlowNode for SOURCE | examples.py:59:29:59:34 | ControlFlowNode for SOURCE |
| examples.py:50:1:50:4 | ControlFlowNode for SINK | examples.py:59:1:59:4 | ControlFlowNode for SINK |
| examples.py:53:1:53:30 | ControlFlowNode for FunctionExpr | examples.py:53:5:53:26 | GSSA Variable fields_with_local_flow |
| examples.py:53:1:53:30 | GSSA Variable MyObj | examples.py:54:11:54:15 | ControlFlowNode for MyObj |
| examples.py:53:5:53:26 | GSSA Variable fields_with_local_flow | examples.py:59:6:59:27 | ControlFlowNode for fields_with_local_flow |
| examples.py:53:28:53:28 | SSA variable x | examples.py:54:17:54:17 | ControlFlowNode for x |
| examples.py:54:5:54:7 | SSA variable obj | examples.py:55:9:55:11 | ControlFlowNode for obj |
| examples.py:54:11:54:18 | ControlFlowNode for MyObj() | examples.py:54:5:54:7 | SSA variable obj |
| examples.py:55:5:55:5 | SSA variable a | examples.py:56:12:56:12 | ControlFlowNode for a |
| examples.py:55:9:55:15 | ControlFlowNode for Attribute | examples.py:55:5:55:5 | SSA variable a |
| test.py:2:13:2:26 | ControlFlowNode for Str | test.py:2:1:2:9 | GSSA Variable NONSOURCE |
| test.py:3:10:3:17 | ControlFlowNode for Str | test.py:3:1:3:6 | GSSA Variable SOURCE |
| test.py:6:1:6:17 | ControlFlowNode for FunctionExpr | test.py:6:5:6:13 | GSSA Variable is_source |
| test.py:6:15:6:15 | SSA variable x | test.py:7:12:7:12 | ControlFlowNode for x |
| test.py:7:12:7:12 | ControlFlowNode for x | test.py:7:29:7:29 | ControlFlowNode for x |
| test.py:7:29:7:29 | ControlFlowNode for x | test.py:7:47:7:47 | ControlFlowNode for x |
| test.py:7:47:7:47 | ControlFlowNode for x | test.py:7:58:7:58 | ControlFlowNode for x |
| test.py:7:58:7:58 | ControlFlowNode for x | test.py:7:71:7:71 | ControlFlowNode for x |
| test.py:10:1:10:12 | ControlFlowNode for FunctionExpr | test.py:10:5:10:8 | GSSA Variable SINK |
| test.py:10:1:10:12 | GSSA Variable is_source | test.py:11:8:11:16 | ControlFlowNode for is_source |
| test.py:10:10:10:10 | SSA variable x | test.py:11:18:11:18 | ControlFlowNode for x |
| test.py:11:18:11:18 | ControlFlowNode for x | test.py:14:34:14:34 | ControlFlowNode for x |
| test.py:11:18:11:18 | [post arg] ControlFlowNode for x | test.py:14:34:14:34 | ControlFlowNode for x |
| test.py:17:1:17:14 | ControlFlowNode for FunctionExpr | test.py:17:5:17:10 | GSSA Variable SINK_F |
| test.py:17:1:17:14 | GSSA Variable is_source | test.py:18:8:18:16 | ControlFlowNode for is_source |
| test.py:17:12:17:12 | SSA variable x | test.py:18:18:18:18 | ControlFlowNode for x |
| test.py:18:18:18:18 | ControlFlowNode for x | test.py:19:34:19:34 | ControlFlowNode for x |
| test.py:18:18:18:18 | [post arg] ControlFlowNode for x | test.py:19:34:19:34 | ControlFlowNode for x |
| test.py:25:1:25:20 | ControlFlowNode for ClassExpr | test.py:25:7:25:11 | GSSA Variable MyObj |
| test.py:25:13:25:18 | ControlFlowNode for object | test.py:33:17:33:22 | ControlFlowNode for object |
| test.py:26:5:26:28 | ControlFlowNode for FunctionExpr | test.py:26:9:26:16 | SSA variable __init__ |
| test.py:26:18:26:21 | SSA variable self | test.py:27:9:27:12 | ControlFlowNode for self |
| test.py:26:24:26:26 | SSA variable foo | test.py:27:20:27:22 | ControlFlowNode for foo |
| test.py:29:5:29:26 | ControlFlowNode for FunctionExpr | test.py:29:9:29:14 | SSA variable setFoo |
| test.py:29:16:29:19 | SSA variable self | test.py:30:9:30:12 | ControlFlowNode for self |
| test.py:29:22:29:24 | SSA variable foo | test.py:30:20:30:22 | ControlFlowNode for foo |
| test.py:33:1:33:24 | ControlFlowNode for ClassExpr | test.py:33:7:33:15 | GSSA Variable NestedObj |
| test.py:34:5:34:23 | ControlFlowNode for FunctionExpr | test.py:34:9:34:16 | SSA variable __init__ |
| test.py:34:5:34:23 | GSSA Variable MyObj | test.py:35:20:35:24 | ControlFlowNode for MyObj |
| test.py:34:18:34:21 | SSA variable self | test.py:35:9:35:12 | ControlFlowNode for self |
| test.py:37:5:37:21 | ControlFlowNode for FunctionExpr | test.py:37:9:37:14 | SSA variable getObj |
| test.py:37:16:37:19 | SSA variable self | test.py:38:16:38:19 | ControlFlowNode for self |
| test.py:41:1:41:19 | ControlFlowNode for FunctionExpr | test.py:41:5:41:10 | GSSA Variable setFoo |
| test.py:41:1:41:19 | GSSA Variable SINK_F | test.py:42:5:42:10 | ControlFlowNode for SINK_F |
| test.py:41:12:41:14 | SSA variable obj | test.py:42:12:42:14 | ControlFlowNode for obj |
| test.py:41:17:41:17 | SSA variable x | test.py:43:15:43:15 | ControlFlowNode for x |
| test.py:42:12:42:14 | ControlFlowNode for obj | test.py:43:5:43:7 | ControlFlowNode for obj |
| test.py:42:12:42:14 | [post read] ControlFlowNode for obj | test.py:43:5:43:7 | ControlFlowNode for obj |
| test.py:46:1:46:20 | ControlFlowNode for FunctionExpr | test.py:46:5:46:17 | GSSA Variable test_example1 |
| test.py:46:1:46:20 | GSSA Variable MyObj | test.py:47:13:47:17 | ControlFlowNode for MyObj |
| test.py:46:1:46:20 | GSSA Variable SINK | test.py:50:5:50:8 | ControlFlowNode for SINK |
| test.py:46:1:46:20 | GSSA Variable SOURCE | test.py:49:19:49:24 | ControlFlowNode for SOURCE |
| test.py:46:1:46:20 | GSSA Variable setFoo | test.py:49:5:49:10 | ControlFlowNode for setFoo |
| test.py:47:5:47:9 | SSA variable myobj | test.py:49:12:49:16 | ControlFlowNode for myobj |
| test.py:47:13:47:23 | ControlFlowNode for MyObj() | test.py:47:5:47:9 | SSA variable myobj |
| test.py:49:12:49:16 | ControlFlowNode for myobj | test.py:50:10:50:14 | ControlFlowNode for myobj |
| test.py:49:12:49:16 | [post arg] ControlFlowNode for myobj | test.py:50:10:50:14 | ControlFlowNode for myobj |
| test.py:53:1:53:27 | ControlFlowNode for FunctionExpr | test.py:53:5:53:24 | GSSA Variable test_example1_method |
| test.py:53:1:53:27 | GSSA Variable MyObj | test.py:54:13:54:17 | ControlFlowNode for MyObj |
| test.py:53:1:53:27 | GSSA Variable SINK | test.py:57:5:57:8 | ControlFlowNode for SINK |
| test.py:53:1:53:27 | GSSA Variable SOURCE | test.py:56:18:56:23 | ControlFlowNode for SOURCE |
| test.py:54:5:54:9 | SSA variable myobj | test.py:56:5:56:9 | ControlFlowNode for myobj |
| test.py:54:13:54:23 | ControlFlowNode for MyObj() | test.py:54:5:54:9 | SSA variable myobj |
| test.py:56:5:56:9 | ControlFlowNode for myobj | test.py:57:10:57:14 | ControlFlowNode for myobj |
| test.py:56:5:56:9 | [post read] ControlFlowNode for myobj | test.py:57:10:57:14 | ControlFlowNode for myobj |
| test.py:60:1:60:20 | ControlFlowNode for FunctionExpr | test.py:60:5:60:17 | GSSA Variable test_example2 |
| test.py:60:1:60:20 | GSSA Variable NestedObj | test.py:63:9:63:17 | ControlFlowNode for NestedObj |
| test.py:60:1:60:20 | GSSA Variable SINK | test.py:67:5:67:8 | ControlFlowNode for SINK |
| test.py:60:1:60:20 | GSSA Variable SOURCE | test.py:61:9:61:14 | ControlFlowNode for SOURCE |
| test.py:61:5:61:5 | SSA variable x | test.py:65:17:65:17 | ControlFlowNode for x |
| test.py:61:9:61:14 | ControlFlowNode for SOURCE | test.py:61:5:61:5 | SSA variable x |
| test.py:63:5:63:5 | SSA variable a | test.py:65:5:65:5 | ControlFlowNode for a |
| test.py:63:9:63:19 | ControlFlowNode for NestedObj() | test.py:63:5:63:5 | SSA variable a |
| test.py:65:5:65:5 | ControlFlowNode for a | test.py:67:10:67:10 | ControlFlowNode for a |
| test.py:65:5:65:5 | [post read] ControlFlowNode for a | test.py:67:10:67:10 | ControlFlowNode for a |
| test.py:70:1:70:27 | ControlFlowNode for FunctionExpr | test.py:70:5:70:24 | GSSA Variable test_example2_method |
| test.py:70:1:70:27 | GSSA Variable NestedObj | test.py:73:9:73:17 | ControlFlowNode for NestedObj |
| test.py:70:1:70:27 | GSSA Variable SINK | test.py:77:5:77:8 | ControlFlowNode for SINK |
| test.py:70:1:70:27 | GSSA Variable SOURCE | test.py:71:9:71:14 | ControlFlowNode for SOURCE |
| test.py:71:5:71:5 | SSA variable x | test.py:75:22:75:22 | ControlFlowNode for x |
| test.py:71:9:71:14 | ControlFlowNode for SOURCE | test.py:71:5:71:5 | SSA variable x |
| test.py:73:5:73:5 | SSA variable a | test.py:75:5:75:5 | ControlFlowNode for a |
| test.py:73:9:73:19 | ControlFlowNode for NestedObj() | test.py:73:5:73:5 | SSA variable a |
| test.py:75:5:75:5 | ControlFlowNode for a | test.py:77:10:77:10 | ControlFlowNode for a |
| test.py:75:5:75:5 | [post read] ControlFlowNode for a | test.py:77:10:77:10 | ControlFlowNode for a |
| test.py:80:1:80:20 | ControlFlowNode for FunctionExpr | test.py:80:5:80:17 | GSSA Variable test_example3 |
| test.py:80:1:80:20 | GSSA Variable MyObj | test.py:81:11:81:15 | ControlFlowNode for MyObj |
| test.py:80:1:80:20 | GSSA Variable SINK | test.py:82:5:82:8 | ControlFlowNode for SINK |
| test.py:80:1:80:20 | GSSA Variable SOURCE | test.py:81:17:81:22 | ControlFlowNode for SOURCE |
| test.py:81:5:81:7 | SSA variable obj | test.py:82:10:82:12 | ControlFlowNode for obj |
| test.py:81:11:81:23 | ControlFlowNode for MyObj() | test.py:81:5:81:7 | SSA variable obj |
| test.py:85:1:85:23 | ControlFlowNode for FunctionExpr | test.py:85:5:85:20 | GSSA Variable test_example3_kw |
| test.py:85:1:85:23 | GSSA Variable MyObj | test.py:86:11:86:15 | ControlFlowNode for MyObj |
| test.py:85:1:85:23 | GSSA Variable SINK | test.py:87:5:87:8 | ControlFlowNode for SINK |
| test.py:85:1:85:23 | GSSA Variable SOURCE | test.py:86:21:86:26 | ControlFlowNode for SOURCE |
| test.py:86:5:86:7 | SSA variable obj | test.py:87:10:87:12 | ControlFlowNode for obj |
| test.py:86:11:86:27 | ControlFlowNode for MyObj() | test.py:86:5:86:7 | SSA variable obj |
| test.py:90:1:90:30 | ControlFlowNode for FunctionExpr | test.py:90:5:90:26 | GSSA Variable fields_with_local_flow |
| test.py:90:1:90:30 | GSSA Variable MyObj | test.py:91:11:91:15 | ControlFlowNode for MyObj |
| test.py:90:28:90:28 | SSA variable x | test.py:91:17:91:17 | ControlFlowNode for x |
| test.py:91:5:91:7 | SSA variable obj | test.py:92:9:92:11 | ControlFlowNode for obj |
| test.py:91:11:91:18 | ControlFlowNode for MyObj() | test.py:91:5:91:7 | SSA variable obj |
| test.py:92:5:92:5 | SSA variable a | test.py:93:12:93:12 | ControlFlowNode for a |
| test.py:92:9:92:15 | ControlFlowNode for Attribute | test.py:92:5:92:5 | SSA variable a |
| test.py:96:1:96:18 | ControlFlowNode for FunctionExpr | test.py:96:5:96:15 | GSSA Variable test_fields |
| test.py:96:1:96:18 | GSSA Variable SINK | test.py:97:5:97:8 | ControlFlowNode for SINK |
| test.py:96:1:96:18 | GSSA Variable SOURCE | test.py:97:33:97:38 | ControlFlowNode for SOURCE |
| test.py:96:1:96:18 | GSSA Variable fields_with_local_flow | test.py:97:10:97:31 | ControlFlowNode for fields_with_local_flow |

8
python/ql/test/experimental/dataflow/fieldflow/allLocalFlow.ql Normal file
View File

@@ -0,0 +1,8 @@
import python
import semmle.python.dataflow.new.DataFlow
from DataFlow::Node nodeFrom, DataFlow::Node nodeTo
where
DataFlow::localFlowStep(nodeFrom, nodeTo) and
nodeFrom.getLocation().getFile().getParent().getBaseName() = "fieldflow"
select nodeFrom, nodeTo

137
python/ql/test/experimental/dataflow/fieldflow/dataflow.expected Normal file
View File

@@ -0,0 +1,137 @@
edges
| examples.py:27:8:27:12 | [post arg] ControlFlowNode for myobj [Attribute foo] | examples.py:28:6:28:10 | ControlFlowNode for myobj [Attribute foo] |
| examples.py:27:15:27:20 | ControlFlowNode for SOURCE | examples.py:27:8:27:12 | [post arg] ControlFlowNode for myobj [Attribute foo] |
| examples.py:27:15:27:20 | ControlFlowNode for SOURCE | examples.py:35:13:35:13 | ControlFlowNode for x |
| examples.py:27:15:27:20 | ControlFlowNode for SOURCE | examples.py:49:13:49:18 | ControlFlowNode for SOURCE |
| examples.py:27:15:27:20 | ControlFlowNode for SOURCE | examples.py:59:29:59:34 | ControlFlowNode for SOURCE |
| examples.py:28:6:28:10 | ControlFlowNode for myobj [Attribute foo] | examples.py:28:6:28:14 | ControlFlowNode for Attribute |
| examples.py:31:5:31:10 | ControlFlowNode for SOURCE | examples.py:35:13:35:13 | ControlFlowNode for x |
| examples.py:31:5:31:10 | ControlFlowNode for SOURCE | examples.py:49:13:49:18 | ControlFlowNode for SOURCE |
| examples.py:31:5:31:10 | ControlFlowNode for SOURCE | examples.py:59:29:59:34 | ControlFlowNode for SOURCE |
| examples.py:35:1:35:1 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] | examples.py:37:6:37:6 | ControlFlowNode for a [Attribute obj, Attribute foo] |
| examples.py:35:1:35:5 | [post store] ControlFlowNode for Attribute [Attribute foo] | examples.py:35:1:35:1 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] |
| examples.py:35:13:35:13 | ControlFlowNode for x | examples.py:35:1:35:5 | [post store] ControlFlowNode for Attribute [Attribute foo] |
| examples.py:37:6:37:6 | ControlFlowNode for a [Attribute obj, Attribute foo] | examples.py:37:6:37:10 | ControlFlowNode for Attribute [Attribute foo] |
| examples.py:37:6:37:10 | ControlFlowNode for Attribute [Attribute foo] | examples.py:37:6:37:14 | ControlFlowNode for Attribute |
| examples.py:40:5:40:10 | ControlFlowNode for SOURCE | examples.py:49:13:49:18 | ControlFlowNode for SOURCE |
| examples.py:40:5:40:10 | ControlFlowNode for SOURCE | examples.py:59:29:59:34 | ControlFlowNode for SOURCE |
| examples.py:49:7:49:19 | ControlFlowNode for MyObj() [Attribute foo] | examples.py:50:6:50:8 | ControlFlowNode for obj [Attribute foo] |
| examples.py:49:13:49:18 | ControlFlowNode for SOURCE | examples.py:49:7:49:19 | ControlFlowNode for MyObj() [Attribute foo] |
| examples.py:49:13:49:18 | ControlFlowNode for SOURCE | examples.py:59:29:59:34 | ControlFlowNode for SOURCE |
| examples.py:50:6:50:8 | ControlFlowNode for obj [Attribute foo] | examples.py:50:6:50:12 | ControlFlowNode for Attribute |
| examples.py:59:29:59:34 | ControlFlowNode for SOURCE | examples.py:59:6:59:35 | ControlFlowNode for fields_with_local_flow() |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:49:19:49:24 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:56:18:56:23 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:61:9:61:14 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:71:9:71:14 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:81:17:81:22 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:86:21:86:26 | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:97:33:97:38 | ControlFlowNode for SOURCE |
| test.py:3:1:3:6 | GSSA Variable SOURCE | test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test |
| test.py:3:10:3:17 | ControlFlowNode for Str | test.py:3:1:3:6 | GSSA Variable SOURCE |
| test.py:49:12:49:16 | [post arg] ControlFlowNode for myobj [Attribute foo] | test.py:50:10:50:14 | ControlFlowNode for myobj [Attribute foo] |
| test.py:49:19:49:24 | ControlFlowNode for SOURCE | test.py:49:12:49:16 | [post arg] ControlFlowNode for myobj [Attribute foo] |
| test.py:50:10:50:14 | ControlFlowNode for myobj [Attribute foo] | test.py:50:10:50:18 | ControlFlowNode for Attribute |
| test.py:56:5:56:9 | [post read] ControlFlowNode for myobj [Attribute foo] | test.py:57:10:57:14 | ControlFlowNode for myobj [Attribute foo] |
| test.py:56:18:56:23 | ControlFlowNode for SOURCE | test.py:56:5:56:9 | [post read] ControlFlowNode for myobj [Attribute foo] |
| test.py:57:10:57:14 | ControlFlowNode for myobj [Attribute foo] | test.py:57:10:57:18 | ControlFlowNode for Attribute |
| test.py:61:9:61:14 | ControlFlowNode for SOURCE | test.py:65:17:65:17 | ControlFlowNode for x |
| test.py:65:5:65:5 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] | test.py:67:10:67:10 | ControlFlowNode for a [Attribute obj, Attribute foo] |
| test.py:65:5:65:9 | [post store] ControlFlowNode for Attribute [Attribute foo] | test.py:65:5:65:5 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] |
| test.py:65:17:65:17 | ControlFlowNode for x | test.py:65:5:65:9 | [post store] ControlFlowNode for Attribute [Attribute foo] |
| test.py:67:10:67:10 | ControlFlowNode for a [Attribute obj, Attribute foo] | test.py:67:10:67:14 | ControlFlowNode for Attribute [Attribute foo] |
| test.py:67:10:67:14 | ControlFlowNode for Attribute [Attribute foo] | test.py:67:10:67:18 | ControlFlowNode for Attribute |
| test.py:71:9:71:14 | ControlFlowNode for SOURCE | test.py:75:22:75:22 | ControlFlowNode for x |
| test.py:75:5:75:5 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] | test.py:77:10:77:10 | ControlFlowNode for a [Attribute obj, Attribute foo] |
| test.py:75:5:75:14 | [post store] ControlFlowNode for Attribute() [Attribute foo] | test.py:75:5:75:5 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] |
| test.py:75:22:75:22 | ControlFlowNode for x | test.py:75:5:75:14 | [post store] ControlFlowNode for Attribute() [Attribute foo] |
| test.py:77:10:77:10 | ControlFlowNode for a [Attribute obj, Attribute foo] | test.py:77:10:77:14 | ControlFlowNode for Attribute [Attribute foo] |
| test.py:77:10:77:14 | ControlFlowNode for Attribute [Attribute foo] | test.py:77:10:77:18 | ControlFlowNode for Attribute |
| test.py:81:11:81:23 | ControlFlowNode for MyObj() [Attribute foo] | test.py:82:10:82:12 | ControlFlowNode for obj [Attribute foo] |
| test.py:81:17:81:22 | ControlFlowNode for SOURCE | test.py:81:11:81:23 | ControlFlowNode for MyObj() [Attribute foo] |
| test.py:82:10:82:12 | ControlFlowNode for obj [Attribute foo] | test.py:82:10:82:16 | ControlFlowNode for Attribute |
| test.py:86:11:86:27 | ControlFlowNode for MyObj() [Attribute foo] | test.py:87:10:87:12 | ControlFlowNode for obj [Attribute foo] |
| test.py:86:21:86:26 | ControlFlowNode for SOURCE | test.py:86:11:86:27 | ControlFlowNode for MyObj() [Attribute foo] |
| test.py:87:10:87:12 | ControlFlowNode for obj [Attribute foo] | test.py:87:10:87:16 | ControlFlowNode for Attribute |
| test.py:97:33:97:38 | ControlFlowNode for SOURCE | test.py:97:10:97:39 | ControlFlowNode for fields_with_local_flow() |
nodes
| examples.py:27:8:27:12 | [post arg] ControlFlowNode for myobj [Attribute foo] | semmle.label | [post arg] ControlFlowNode for myobj [Attribute foo] |
| examples.py:27:15:27:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| examples.py:28:6:28:10 | ControlFlowNode for myobj [Attribute foo] | semmle.label | ControlFlowNode for myobj [Attribute foo] |
| examples.py:28:6:28:14 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| examples.py:31:5:31:10 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| examples.py:35:1:35:1 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] | semmle.label | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] |
| examples.py:35:1:35:5 | [post store] ControlFlowNode for Attribute [Attribute foo] | semmle.label | [post store] ControlFlowNode for Attribute [Attribute foo] |
| examples.py:35:13:35:13 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| examples.py:37:6:37:6 | ControlFlowNode for a [Attribute obj, Attribute foo] | semmle.label | ControlFlowNode for a [Attribute obj, Attribute foo] |
| examples.py:37:6:37:10 | ControlFlowNode for Attribute [Attribute foo] | semmle.label | ControlFlowNode for Attribute [Attribute foo] |
| examples.py:37:6:37:14 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| examples.py:40:5:40:10 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| examples.py:49:7:49:19 | ControlFlowNode for MyObj() [Attribute foo] | semmle.label | ControlFlowNode for MyObj() [Attribute foo] |
| examples.py:49:13:49:18 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| examples.py:50:6:50:8 | ControlFlowNode for obj [Attribute foo] | semmle.label | ControlFlowNode for obj [Attribute foo] |
| examples.py:50:6:50:12 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| examples.py:59:6:59:35 | ControlFlowNode for fields_with_local_flow() | semmle.label | ControlFlowNode for fields_with_local_flow() |
| examples.py:59:29:59:34 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | semmle.label | ModuleVariableNode for Global Variable SOURCE in Module test |
| test.py:3:1:3:6 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| test.py:3:10:3:17 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
| test.py:49:12:49:16 | [post arg] ControlFlowNode for myobj [Attribute foo] | semmle.label | [post arg] ControlFlowNode for myobj [Attribute foo] |
| test.py:49:19:49:24 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:50:10:50:14 | ControlFlowNode for myobj [Attribute foo] | semmle.label | ControlFlowNode for myobj [Attribute foo] |
| test.py:50:10:50:18 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| test.py:56:5:56:9 | [post read] ControlFlowNode for myobj [Attribute foo] | semmle.label | [post read] ControlFlowNode for myobj [Attribute foo] |
| test.py:56:18:56:23 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:57:10:57:14 | ControlFlowNode for myobj [Attribute foo] | semmle.label | ControlFlowNode for myobj [Attribute foo] |
| test.py:57:10:57:18 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| test.py:61:9:61:14 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:65:5:65:5 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] | semmle.label | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] |
| test.py:65:5:65:9 | [post store] ControlFlowNode for Attribute [Attribute foo] | semmle.label | [post store] ControlFlowNode for Attribute [Attribute foo] |
| test.py:65:17:65:17 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:67:10:67:10 | ControlFlowNode for a [Attribute obj, Attribute foo] | semmle.label | ControlFlowNode for a [Attribute obj, Attribute foo] |
| test.py:67:10:67:14 | ControlFlowNode for Attribute [Attribute foo] | semmle.label | ControlFlowNode for Attribute [Attribute foo] |
| test.py:67:10:67:18 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| test.py:71:9:71:14 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:75:5:75:5 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] | semmle.label | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] |
| test.py:75:5:75:14 | [post store] ControlFlowNode for Attribute() [Attribute foo] | semmle.label | [post store] ControlFlowNode for Attribute() [Attribute foo] |
| test.py:75:22:75:22 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
| test.py:77:10:77:10 | ControlFlowNode for a [Attribute obj, Attribute foo] | semmle.label | ControlFlowNode for a [Attribute obj, Attribute foo] |
| test.py:77:10:77:14 | ControlFlowNode for Attribute [Attribute foo] | semmle.label | ControlFlowNode for Attribute [Attribute foo] |
| test.py:77:10:77:18 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| test.py:81:11:81:23 | ControlFlowNode for MyObj() [Attribute foo] | semmle.label | ControlFlowNode for MyObj() [Attribute foo] |
| test.py:81:17:81:22 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:82:10:82:12 | ControlFlowNode for obj [Attribute foo] | semmle.label | ControlFlowNode for obj [Attribute foo] |
| test.py:82:10:82:16 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| test.py:86:11:86:27 | ControlFlowNode for MyObj() [Attribute foo] | semmle.label | ControlFlowNode for MyObj() [Attribute foo] |
| test.py:86:21:86:26 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:87:10:87:12 | ControlFlowNode for obj [Attribute foo] | semmle.label | ControlFlowNode for obj [Attribute foo] |
| test.py:87:10:87:16 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| test.py:97:10:97:39 | ControlFlowNode for fields_with_local_flow() | semmle.label | ControlFlowNode for fields_with_local_flow() |
| test.py:97:33:97:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
#select
| examples.py:28:6:28:14 | ControlFlowNode for Attribute | examples.py:27:15:27:20 | ControlFlowNode for SOURCE | examples.py:28:6:28:14 | ControlFlowNode for Attribute | Flow found |
| examples.py:37:6:37:14 | ControlFlowNode for Attribute | examples.py:27:15:27:20 | ControlFlowNode for SOURCE | examples.py:37:6:37:14 | ControlFlowNode for Attribute | Flow found |
| examples.py:37:6:37:14 | ControlFlowNode for Attribute | examples.py:31:5:31:10 | ControlFlowNode for SOURCE | examples.py:37:6:37:14 | ControlFlowNode for Attribute | Flow found |
| examples.py:50:6:50:12 | ControlFlowNode for Attribute | examples.py:27:15:27:20 | ControlFlowNode for SOURCE | examples.py:50:6:50:12 | ControlFlowNode for Attribute | Flow found |
| examples.py:50:6:50:12 | ControlFlowNode for Attribute | examples.py:31:5:31:10 | ControlFlowNode for SOURCE | examples.py:50:6:50:12 | ControlFlowNode for Attribute | Flow found |
| examples.py:50:6:50:12 | ControlFlowNode for Attribute | examples.py:40:5:40:10 | ControlFlowNode for SOURCE | examples.py:50:6:50:12 | ControlFlowNode for Attribute | Flow found |
| examples.py:50:6:50:12 | ControlFlowNode for Attribute | examples.py:49:13:49:18 | ControlFlowNode for SOURCE | examples.py:50:6:50:12 | ControlFlowNode for Attribute | Flow found |
| examples.py:59:6:59:35 | ControlFlowNode for fields_with_local_flow() | examples.py:27:15:27:20 | ControlFlowNode for SOURCE | examples.py:59:6:59:35 | ControlFlowNode for fields_with_local_flow() | Flow found |
| examples.py:59:6:59:35 | ControlFlowNode for fields_with_local_flow() | examples.py:31:5:31:10 | ControlFlowNode for SOURCE | examples.py:59:6:59:35 | ControlFlowNode for fields_with_local_flow() | Flow found |
| examples.py:59:6:59:35 | ControlFlowNode for fields_with_local_flow() | examples.py:40:5:40:10 | ControlFlowNode for SOURCE | examples.py:59:6:59:35 | ControlFlowNode for fields_with_local_flow() | Flow found |
| examples.py:59:6:59:35 | ControlFlowNode for fields_with_local_flow() | examples.py:49:13:49:18 | ControlFlowNode for SOURCE | examples.py:59:6:59:35 | ControlFlowNode for fields_with_local_flow() | Flow found |
| examples.py:59:6:59:35 | ControlFlowNode for fields_with_local_flow() | examples.py:59:29:59:34 | ControlFlowNode for SOURCE | examples.py:59:6:59:35 | ControlFlowNode for fields_with_local_flow() | Flow found |
| test.py:50:10:50:18 | ControlFlowNode for Attribute | test.py:3:10:3:17 | ControlFlowNode for Str | test.py:50:10:50:18 | ControlFlowNode for Attribute | Flow found |
| test.py:50:10:50:18 | ControlFlowNode for Attribute | test.py:49:19:49:24 | ControlFlowNode for SOURCE | test.py:50:10:50:18 | ControlFlowNode for Attribute | Flow found |
| test.py:57:10:57:18 | ControlFlowNode for Attribute | test.py:3:10:3:17 | ControlFlowNode for Str | test.py:57:10:57:18 | ControlFlowNode for Attribute | Flow found |
| test.py:57:10:57:18 | ControlFlowNode for Attribute | test.py:56:18:56:23 | ControlFlowNode for SOURCE | test.py:57:10:57:18 | ControlFlowNode for Attribute | Flow found |
| test.py:67:10:67:18 | ControlFlowNode for Attribute | test.py:3:10:3:17 | ControlFlowNode for Str | test.py:67:10:67:18 | ControlFlowNode for Attribute | Flow found |
| test.py:67:10:67:18 | ControlFlowNode for Attribute | test.py:61:9:61:14 | ControlFlowNode for SOURCE | test.py:67:10:67:18 | ControlFlowNode for Attribute | Flow found |
| test.py:77:10:77:18 | ControlFlowNode for Attribute | test.py:3:10:3:17 | ControlFlowNode for Str | test.py:77:10:77:18 | ControlFlowNode for Attribute | Flow found |
| test.py:77:10:77:18 | ControlFlowNode for Attribute | test.py:71:9:71:14 | ControlFlowNode for SOURCE | test.py:77:10:77:18 | ControlFlowNode for Attribute | Flow found |
| test.py:82:10:82:16 | ControlFlowNode for Attribute | test.py:3:10:3:17 | ControlFlowNode for Str | test.py:82:10:82:16 | ControlFlowNode for Attribute | Flow found |
| test.py:82:10:82:16 | ControlFlowNode for Attribute | test.py:81:17:81:22 | ControlFlowNode for SOURCE | test.py:82:10:82:16 | ControlFlowNode for Attribute | Flow found |
| test.py:87:10:87:16 | ControlFlowNode for Attribute | test.py:3:10:3:17 | ControlFlowNode for Str | test.py:87:10:87:16 | ControlFlowNode for Attribute | Flow found |
| test.py:87:10:87:16 | ControlFlowNode for Attribute | test.py:86:21:86:26 | ControlFlowNode for SOURCE | test.py:87:10:87:16 | ControlFlowNode for Attribute | Flow found |
| test.py:97:10:97:39 | ControlFlowNode for fields_with_local_flow() | test.py:3:10:3:17 | ControlFlowNode for Str | test.py:97:10:97:39 | ControlFlowNode for fields_with_local_flow() | Flow found |
| test.py:97:10:97:39 | ControlFlowNode for fields_with_local_flow() | test.py:97:33:97:38 | ControlFlowNode for SOURCE | test.py:97:10:97:39 | ControlFlowNode for fields_with_local_flow() | Flow found |

10
python/ql/test/experimental/dataflow/fieldflow/dataflow.ql Normal file
View File

@@ -0,0 +1,10 @@
/**
* @kind path-problem
*/
import experimental.dataflow.testConfig
import DataFlow::PathGraph
from TestConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
where config.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Flow found"

59
python/ql/test/experimental/dataflow/fieldflow/examples.py Normal file
View File

@@ -0,0 +1,59 @@
from python.ql.test.experimental.dataflow.testDefinitions import *
# Preamble
class MyObj(object):
def __init__(self, foo):
self.foo = foo
class NestedObj(object):
def __init__(self):
self.obj = MyObj("OK")
def getObj(self):
return self.obj
# Example 1
def setFoo(obj, x):
SINK_F(obj.foo)
obj.foo = x
myobj = MyObj("OK")
setFoo(myobj, SOURCE)
SINK(myobj.foo)
# Example 2
x = SOURCE
a = NestedObj()
a.obj.foo = x
SINK(a.obj.foo)
# Example 2 with method call
x = SOURCE
a = NestedObj()
a.getObj().foo = x
SINK(a.obj.foo) # Flow missing
# Example 3
obj = MyObj(SOURCE)
SINK(obj.foo)
# Local flow
def fields_with_local_flow(x):
obj = MyObj(x)
a = obj.foo
return a
SINK(fields_with_local_flow(SOURCE))

1075
python/ql/test/experimental/dataflow/fieldflow/globalStep.expected Normal file
View File

File diff suppressed because it is too large Load Diff

7
python/ql/test/experimental/dataflow/fieldflow/globalStep.ql Normal file
View File

@@ -0,0 +1,7 @@
import experimental.dataflow.basic.allFlowsConfig
from DataFlow::PathNode fromNode, DataFlow::PathNode toNode
where
toNode = fromNode.getASuccessor() and
fromNode.getNode().getLocation().getFile().getParent().getBaseName() = "fieldflow"
select fromNode, toNode

12
python/ql/test/experimental/dataflow/fieldflow/localFlow.expected Normal file
View File

@@ -0,0 +1,12 @@
| examples.py:53:1:53:30 | GSSA Variable MyObj | examples.py:54:11:54:15 | ControlFlowNode for MyObj |
| examples.py:53:28:53:28 | SSA variable x | examples.py:54:17:54:17 | ControlFlowNode for x |
| examples.py:54:5:54:7 | SSA variable obj | examples.py:55:9:55:11 | ControlFlowNode for obj |
| examples.py:54:11:54:18 | ControlFlowNode for MyObj() | examples.py:54:5:54:7 | SSA variable obj |
| examples.py:55:5:55:5 | SSA variable a | examples.py:56:12:56:12 | ControlFlowNode for a |
| examples.py:55:9:55:15 | ControlFlowNode for Attribute | examples.py:55:5:55:5 | SSA variable a |
| test.py:90:1:90:30 | GSSA Variable MyObj | test.py:91:11:91:15 | ControlFlowNode for MyObj |
| test.py:90:28:90:28 | SSA variable x | test.py:91:17:91:17 | ControlFlowNode for x |
| test.py:91:5:91:7 | SSA variable obj | test.py:92:9:92:11 | ControlFlowNode for obj |
| test.py:91:11:91:18 | ControlFlowNode for MyObj() | test.py:91:5:91:7 | SSA variable obj |
| test.py:92:5:92:5 | SSA variable a | test.py:93:12:93:12 | ControlFlowNode for a |
| test.py:92:9:92:15 | ControlFlowNode for Attribute | test.py:92:5:92:5 | SSA variable a |

8
python/ql/test/experimental/dataflow/fieldflow/localFlow.ql Normal file
View File

@@ -0,0 +1,8 @@
import python
import semmle.python.dataflow.new.DataFlow
from DataFlow::Node nodeFrom, DataFlow::Node nodeTo
where
DataFlow::localFlowStep(nodeFrom, nodeTo) and
nodeFrom.getEnclosingCallable().getName().matches("%\\_with\\_local\\_flow")
select nodeFrom, nodeTo

80
python/ql/test/experimental/dataflow/fieldflow/postupdates.expected Normal file
View File

@@ -0,0 +1,80 @@
| examples.py:8:9:8:12 | [post store] ControlFlowNode for self | examples.py:8:9:8:12 | ControlFlowNode for self |
| examples.py:13:9:13:12 | [post store] ControlFlowNode for self | examples.py:13:9:13:12 | ControlFlowNode for self |
| examples.py:13:20:13:30 | ControlFlowNode for MyObj() | examples.py:13:20:13:30 | [pre objCreate] ControlFlowNode for MyObj() |
| examples.py:13:26:13:29 | [post arg] ControlFlowNode for Str | examples.py:13:26:13:29 | ControlFlowNode for Str |
| examples.py:16:16:16:19 | [post read] ControlFlowNode for self | examples.py:16:16:16:19 | ControlFlowNode for self |
| examples.py:21:12:21:14 | [post read] ControlFlowNode for obj | examples.py:21:12:21:14 | ControlFlowNode for obj |
| examples.py:22:5:22:7 | [post store] ControlFlowNode for obj | examples.py:22:5:22:7 | ControlFlowNode for obj |
| examples.py:25:9:25:19 | ControlFlowNode for MyObj() | examples.py:25:9:25:19 | [pre objCreate] ControlFlowNode for MyObj() |
| examples.py:25:15:25:18 | [post arg] ControlFlowNode for Str | examples.py:25:15:25:18 | ControlFlowNode for Str |
| examples.py:27:8:27:12 | [post arg] ControlFlowNode for myobj | examples.py:27:8:27:12 | ControlFlowNode for myobj |
| examples.py:27:15:27:20 | [post arg] ControlFlowNode for SOURCE | examples.py:27:15:27:20 | ControlFlowNode for SOURCE |
| examples.py:28:6:28:10 | [post read] ControlFlowNode for myobj | examples.py:28:6:28:10 | ControlFlowNode for myobj |
| examples.py:33:5:33:15 | ControlFlowNode for NestedObj() | examples.py:33:5:33:15 | [pre objCreate] ControlFlowNode for NestedObj() |
| examples.py:35:1:35:1 | [post read] ControlFlowNode for a | examples.py:35:1:35:1 | ControlFlowNode for a |
| examples.py:35:1:35:5 | [post store] ControlFlowNode for Attribute | examples.py:35:1:35:5 | ControlFlowNode for Attribute |
| examples.py:37:6:37:6 | [post read] ControlFlowNode for a | examples.py:37:6:37:6 | ControlFlowNode for a |
| examples.py:37:6:37:10 | [post read] ControlFlowNode for Attribute | examples.py:37:6:37:10 | ControlFlowNode for Attribute |
| examples.py:42:5:42:15 | ControlFlowNode for NestedObj() | examples.py:42:5:42:15 | [pre objCreate] ControlFlowNode for NestedObj() |
| examples.py:44:1:44:1 | [post read] ControlFlowNode for a | examples.py:44:1:44:1 | ControlFlowNode for a |
| examples.py:44:1:44:10 | [post store] ControlFlowNode for Attribute() | examples.py:44:1:44:10 | ControlFlowNode for Attribute() |
| examples.py:46:6:46:6 | [post read] ControlFlowNode for a | examples.py:46:6:46:6 | ControlFlowNode for a |
| examples.py:46:6:46:10 | [post read] ControlFlowNode for Attribute | examples.py:46:6:46:10 | ControlFlowNode for Attribute |
| examples.py:49:7:49:19 | ControlFlowNode for MyObj() | examples.py:49:7:49:19 | [pre objCreate] ControlFlowNode for MyObj() |
| examples.py:49:13:49:18 | [post arg] ControlFlowNode for SOURCE | examples.py:49:13:49:18 | ControlFlowNode for SOURCE |
| examples.py:50:6:50:8 | [post read] ControlFlowNode for obj | examples.py:50:6:50:8 | ControlFlowNode for obj |
| examples.py:54:11:54:18 | ControlFlowNode for MyObj() | examples.py:54:11:54:18 | [pre objCreate] ControlFlowNode for MyObj() |
| examples.py:54:17:54:17 | [post arg] ControlFlowNode for x | examples.py:54:17:54:17 | ControlFlowNode for x |
| examples.py:55:9:55:11 | [post read] ControlFlowNode for obj | examples.py:55:9:55:11 | ControlFlowNode for obj |
| examples.py:59:29:59:34 | [post arg] ControlFlowNode for SOURCE | examples.py:59:29:59:34 | ControlFlowNode for SOURCE |
| test.py:11:18:11:18 | [post arg] ControlFlowNode for x | test.py:11:18:11:18 | ControlFlowNode for x |
| test.py:18:18:18:18 | [post arg] ControlFlowNode for x | test.py:18:18:18:18 | ControlFlowNode for x |
| test.py:19:15:19:31 | [post arg] ControlFlowNode for Str | test.py:19:15:19:31 | ControlFlowNode for Str |
| test.py:19:34:19:34 | [post arg] ControlFlowNode for x | test.py:19:34:19:34 | ControlFlowNode for x |
| test.py:21:15:21:18 | [post arg] ControlFlowNode for Str | test.py:21:15:21:18 | ControlFlowNode for Str |
| test.py:27:9:27:12 | [post store] ControlFlowNode for self | test.py:27:9:27:12 | ControlFlowNode for self |
| test.py:30:9:30:12 | [post store] ControlFlowNode for self | test.py:30:9:30:12 | ControlFlowNode for self |
| test.py:35:9:35:12 | [post store] ControlFlowNode for self | test.py:35:9:35:12 | ControlFlowNode for self |
| test.py:35:20:35:30 | ControlFlowNode for MyObj() | test.py:35:20:35:30 | [pre objCreate] ControlFlowNode for MyObj() |
| test.py:35:26:35:29 | [post arg] ControlFlowNode for Str | test.py:35:26:35:29 | ControlFlowNode for Str |
| test.py:38:16:38:19 | [post read] ControlFlowNode for self | test.py:38:16:38:19 | ControlFlowNode for self |
| test.py:42:12:42:14 | [post read] ControlFlowNode for obj | test.py:42:12:42:14 | ControlFlowNode for obj |
| test.py:42:12:42:18 | [post arg] ControlFlowNode for Attribute | test.py:42:12:42:18 | ControlFlowNode for Attribute |
| test.py:43:5:43:7 | [post store] ControlFlowNode for obj | test.py:43:5:43:7 | ControlFlowNode for obj |
| test.py:47:13:47:23 | ControlFlowNode for MyObj() | test.py:47:13:47:23 | [pre objCreate] ControlFlowNode for MyObj() |
| test.py:47:19:47:22 | [post arg] ControlFlowNode for Str | test.py:47:19:47:22 | ControlFlowNode for Str |
| test.py:49:12:49:16 | [post arg] ControlFlowNode for myobj | test.py:49:12:49:16 | ControlFlowNode for myobj |
| test.py:49:19:49:24 | [post arg] ControlFlowNode for SOURCE | test.py:49:19:49:24 | ControlFlowNode for SOURCE |
| test.py:50:10:50:14 | [post read] ControlFlowNode for myobj | test.py:50:10:50:14 | ControlFlowNode for myobj |
| test.py:50:10:50:18 | [post arg] ControlFlowNode for Attribute | test.py:50:10:50:18 | ControlFlowNode for Attribute |
| test.py:54:13:54:23 | ControlFlowNode for MyObj() | test.py:54:13:54:23 | [pre objCreate] ControlFlowNode for MyObj() |
| test.py:54:19:54:22 | [post arg] ControlFlowNode for Str | test.py:54:19:54:22 | ControlFlowNode for Str |
| test.py:56:5:56:9 | [post read] ControlFlowNode for myobj | test.py:56:5:56:9 | ControlFlowNode for myobj |
| test.py:56:18:56:23 | [post arg] ControlFlowNode for SOURCE | test.py:56:18:56:23 | ControlFlowNode for SOURCE |
| test.py:57:10:57:14 | [post read] ControlFlowNode for myobj | test.py:57:10:57:14 | ControlFlowNode for myobj |
| test.py:57:10:57:18 | [post arg] ControlFlowNode for Attribute | test.py:57:10:57:18 | ControlFlowNode for Attribute |
| test.py:63:9:63:19 | ControlFlowNode for NestedObj() | test.py:63:9:63:19 | [pre objCreate] ControlFlowNode for NestedObj() |
| test.py:65:5:65:5 | [post read] ControlFlowNode for a | test.py:65:5:65:5 | ControlFlowNode for a |
| test.py:65:5:65:9 | [post store] ControlFlowNode for Attribute | test.py:65:5:65:9 | ControlFlowNode for Attribute |
| test.py:67:10:67:10 | [post read] ControlFlowNode for a | test.py:67:10:67:10 | ControlFlowNode for a |
| test.py:67:10:67:14 | [post read] ControlFlowNode for Attribute | test.py:67:10:67:14 | ControlFlowNode for Attribute |
| test.py:67:10:67:18 | [post arg] ControlFlowNode for Attribute | test.py:67:10:67:18 | ControlFlowNode for Attribute |
| test.py:73:9:73:19 | ControlFlowNode for NestedObj() | test.py:73:9:73:19 | [pre objCreate] ControlFlowNode for NestedObj() |
| test.py:75:5:75:5 | [post read] ControlFlowNode for a | test.py:75:5:75:5 | ControlFlowNode for a |
| test.py:75:5:75:14 | [post store] ControlFlowNode for Attribute() | test.py:75:5:75:14 | ControlFlowNode for Attribute() |
| test.py:77:10:77:10 | [post read] ControlFlowNode for a | test.py:77:10:77:10 | ControlFlowNode for a |
| test.py:77:10:77:14 | [post read] ControlFlowNode for Attribute | test.py:77:10:77:14 | ControlFlowNode for Attribute |
| test.py:77:10:77:18 | [post arg] ControlFlowNode for Attribute | test.py:77:10:77:18 | ControlFlowNode for Attribute |
| test.py:81:11:81:23 | ControlFlowNode for MyObj() | test.py:81:11:81:23 | [pre objCreate] ControlFlowNode for MyObj() |
| test.py:81:17:81:22 | [post arg] ControlFlowNode for SOURCE | test.py:81:17:81:22 | ControlFlowNode for SOURCE |
| test.py:82:10:82:12 | [post read] ControlFlowNode for obj | test.py:82:10:82:12 | ControlFlowNode for obj |
| test.py:82:10:82:16 | [post arg] ControlFlowNode for Attribute | test.py:82:10:82:16 | ControlFlowNode for Attribute |
| test.py:86:11:86:27 | ControlFlowNode for MyObj() | test.py:86:11:86:27 | [pre objCreate] ControlFlowNode for MyObj() |
| test.py:86:21:86:26 | [post arg] ControlFlowNode for SOURCE | test.py:86:21:86:26 | ControlFlowNode for SOURCE |
| test.py:87:10:87:12 | [post read] ControlFlowNode for obj | test.py:87:10:87:12 | ControlFlowNode for obj |
| test.py:87:10:87:16 | [post arg] ControlFlowNode for Attribute | test.py:87:10:87:16 | ControlFlowNode for Attribute |
| test.py:91:11:91:18 | ControlFlowNode for MyObj() | test.py:91:11:91:18 | [pre objCreate] ControlFlowNode for MyObj() |
| test.py:91:17:91:17 | [post arg] ControlFlowNode for x | test.py:91:17:91:17 | ControlFlowNode for x |
| test.py:92:9:92:11 | [post read] ControlFlowNode for obj | test.py:92:9:92:11 | ControlFlowNode for obj |
| test.py:97:10:97:39 | [post arg] ControlFlowNode for fields_with_local_flow() | test.py:97:10:97:39 | ControlFlowNode for fields_with_local_flow() |
| test.py:97:33:97:38 | [post arg] ControlFlowNode for SOURCE | test.py:97:33:97:38 | ControlFlowNode for SOURCE |

4
python/ql/test/experimental/dataflow/fieldflow/postupdates.ql Normal file
View File

@@ -0,0 +1,4 @@
import experimental.dataflow.testConfig
from DataFlow::PostUpdateNode pun
select pun, pun.getPreUpdateNode()

97
python/ql/test/experimental/dataflow/fieldflow/test.py Normal file
View File

@@ -0,0 +1,97 @@
# These are defined so that we can evaluate the test code.
NONSOURCE = "not a source"
SOURCE = "source"
def is_source(x):
return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
def SINK(x):
if is_source(x):
print("OK")
else:
print("Unexpected flow", x)
def SINK_F(x):
if is_source(x):
print("Unexpected flow", x)
else:
print("OK")
# Preamble
class MyObj(object):
def __init__(self, foo):
self.foo = foo
def setFoo(self, foo):
self.foo = foo
class NestedObj(object):
def __init__(self):
self.obj = MyObj("OK")
def getObj(self):
return self.obj
def setFoo(obj, x):
SINK_F(obj.foo)
obj.foo = x
def test_example1():
myobj = MyObj("OK")
setFoo(myobj, SOURCE)
SINK(myobj.foo)
def test_example1_method():
myobj = MyObj("OK")
myobj.setFoo(SOURCE)
SINK(myobj.foo)
def test_example2():
x = SOURCE
a = NestedObj()
a.obj.foo = x
SINK(a.obj.foo)
def test_example2_method():
x = SOURCE
a = NestedObj()
a.getObj().foo = x
SINK(a.obj.foo)
def test_example3():
obj = MyObj(SOURCE)
SINK(obj.foo)
def test_example3_kw():
obj = MyObj(foo=SOURCE)
SINK(obj.foo)
def fields_with_local_flow(x):
obj = MyObj(x)
a = obj.foo
return a
def test_fields():
SINK(fields_with_local_flow(SOURCE))

0
python/ql/test/experimental/dataflow/global-flow/accesses.expected Normal file
View File

36
python/ql/test/experimental/dataflow/global-flow/accesses.ql Normal file
View File

@@ -0,0 +1,36 @@
import python
import semmle.python.dataflow.new.DataFlow
import TestUtilities.InlineExpectationsTest
class GlobalReadTest extends InlineExpectationsTest {
GlobalReadTest() { this = "GlobalReadTest" }
override string getARelevantTag() { result = "reads" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(DataFlow::ModuleVariableNode n, DataFlow::Node read |
read = n.getARead() and
value = n.getVariable().getId() and
value != "print" and
tag = "reads" and
location = read.getLocation() and
element = read.toString()
)
}
}
class GlobalWriteTest extends InlineExpectationsTest {
GlobalWriteTest() { this = "GlobalWriteTest" }
override string getARelevantTag() { result = "writes" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(DataFlow::ModuleVariableNode n, DataFlow::Node read |
read = n.getAWrite() and
value = n.getVariable().getId() and
tag = "writes" and
location = read.getLocation() and
element = read.toString()
)
}
}

1
python/ql/test/experimental/dataflow/global-flow/known.py Normal file
View File

@@ -0,0 +1 @@
known_attr = [1000]

121
python/ql/test/experimental/dataflow/global-flow/test.py Normal file
View File

@@ -0,0 +1,121 @@
### Tests of global flow
# Simple assignment
g = [5] # $writes=g
# Multiple assignment
g1, g2 = [6], [7] # $writes=g1 writes=g2
# Assignment that's only referenced in this scope. This one will not give rise to a `ModuleVariableNode`.
unreferenced_g = [8]
print(unreferenced_g)
# Testing modifications of globals
# Modification by reassignment
g_mod = []
# This assignment does not produce any flow, since `g_mod` is immediately reassigned.
# The following assignment should not be a `ModuleVariableNode`,
# but currently our analysis thinks `g_mod` might be used in the `print` call
g_mod = [10] # $ SPURIOUS: writes=g_mod
print("foo")
g_mod = [100] # $writes=g_mod
# Modification by mutation
g_ins = [50] # $writes=g_ins
print(g_ins)
g_ins.append(75)
# A global with multiple potential definitions
import unknown_module
if unknown_module.attr:
g_mult = [200] # $writes=g_mult
else:
g_mult = [300] # $writes=g_mult
# A global variable that may be redefined depending on some unknown value
g_redef = [400] # $writes=g_redef
if unknown_module.attr:
g_redef = [500] # $writes=g_redef
def global_access():
l = 5
print(g) # $reads=g
print(g1) # $reads=g1
print(g2) # $reads=g2
print(g_mod) # $reads=g_mod
print(g_ins) # $reads=g_ins
print(g_mult) # $reads=g_mult
print(g_redef) # $reads=g_redef
def print_g_mod(): # $writes=print_g_mod
print(g_mod) # $reads=g_mod
def global_mod():
global g_mod
g_mod += [150] # $reads,writes=g_mod
print_g_mod() # $reads=print_g_mod
def global_inside_local_function():
def local_function():
print(g) # $reads=g
local_function()
## Imports
# Direct imports
import foo_module # $writes=foo_module
def use_foo():
print(foo_module.attr) # $reads=foo_module
# Partial imports
from bar import baz_attr, quux_attr # $writes=baz_attr writes=quux_attr
def use_partial_import():
print(baz_attr, quux_attr) # $reads=baz_attr reads=quux_attr
# Aliased imports
from spam_module import ham_attr as eggs_attr # $writes=eggs_attr
def use_aliased_import():
print(eggs_attr) # $reads=eggs_attr
# Import star (unlikely to work unless we happen to extract/model the referenced module)
# Unknown modules
from unknown import *
def secretly_use_unknown():
print(unknown_attr) # $reads=unknown_attr
# Known modules
from known import *
def secretly_use_known():
print(known_attr) # $reads=known_attr
# Local import in function
def imports_locally():
import mod1
# Global import hidden in function
def imports_stuff():
global mod2
import mod2 # $writes=mod2

27
python/ql/test/experimental/dataflow/import-helper/ImportHelper.expected Normal file
View File

@@ -0,0 +1,27 @@
| test1.py:1:8:1:12 | ControlFlowNode for ImportExpr | mypkg |
| test1.py:1:8:1:12 | GSSA Variable mypkg | mypkg |
| test2.py:1:6:1:10 | ControlFlowNode for ImportExpr | mypkg |
| test2.py:1:6:1:10 | ControlFlowNode for ImportExpr | mypkg |
| test2.py:1:19:1:21 | GSSA Variable foo | mypkg.foo |
| test2.py:1:24:1:26 | GSSA Variable bar | mypkg.bar |
| test3.py:1:8:1:16 | ControlFlowNode for ImportExpr | mypkg.foo |
| test3.py:2:8:2:16 | ControlFlowNode for ImportExpr | mypkg.bar |
| test3.py:2:8:2:16 | GSSA Variable mypkg | mypkg |
| test4.py:1:8:1:16 | ControlFlowNode for ImportExpr | mypkg.foo |
| test4.py:1:21:1:24 | GSSA Variable _foo | mypkg.foo |
| test4.py:2:8:2:16 | ControlFlowNode for ImportExpr | mypkg.bar |
| test4.py:2:21:2:24 | GSSA Variable _bar | mypkg.bar |
| test5.py:1:8:1:12 | ControlFlowNode for ImportExpr | mypkg |
| test5.py:1:8:1:12 | GSSA Variable mypkg | mypkg |
| test5.py:9:6:9:10 | ControlFlowNode for ImportExpr | mypkg |
| test5.py:9:26:9:29 | GSSA Variable _bar | mypkg.bar |
| test6.py:1:8:1:12 | ControlFlowNode for ImportExpr | mypkg |
| test6.py:1:8:1:12 | GSSA Variable mypkg | mypkg |
| test6.py:5:8:5:16 | ControlFlowNode for ImportExpr | mypkg.foo |
| test6.py:5:8:5:16 | GSSA Variable mypkg | mypkg |
| test7.py:1:6:1:10 | ControlFlowNode for ImportExpr | mypkg |
| test7.py:1:19:1:21 | GSSA Variable foo | mypkg.foo |
| test7.py:5:8:5:16 | ControlFlowNode for ImportExpr | mypkg.foo |
| test7.py:5:8:5:16 | GSSA Variable mypkg | mypkg |
| test7.py:9:6:9:10 | ControlFlowNode for ImportExpr | mypkg |
| test7.py:9:19:9:21 | GSSA Variable foo | mypkg.foo |

4
python/ql/test/experimental/dataflow/import-helper/ImportHelper.ql Normal file
View File

@@ -0,0 +1,4 @@
import python
import semmle.python.dataflow.new.DataFlow
query predicate importNode(DataFlow::Node res, string name) { res = DataFlow::importNode(name) }

1
python/ql/test/experimental/dataflow/import-helper/README.md Normal file
View File

@@ -0,0 +1 @@
Small tests that explore difference between `import mypkg.foo` and `from mypkg import foo`.

1
python/ql/test/experimental/dataflow/import-helper/mypkg/__init__.py Normal file
View File

@@ -0,0 +1 @@
foo = 42

1
python/ql/test/experimental/dataflow/import-helper/mypkg/bar.py Normal file
View File

@@ -0,0 +1 @@
pass

1
python/ql/test/experimental/dataflow/import-helper/mypkg/foo.py Normal file
View File

@@ -0,0 +1 @@
pass

6
python/ql/test/experimental/dataflow/import-helper/test1.py Normal file
View File

@@ -0,0 +1,6 @@
import mypkg
print(mypkg.foo) # 42
try:
print(mypkg.bar)
except AttributeError as e:
print(e) # module 'mypkg' has no attribute 'bar'

3
python/ql/test/experimental/dataflow/import-helper/test2.py Normal file
View File

@@ -0,0 +1,3 @@
from mypkg import foo, bar
print(foo)
print(bar)

4
python/ql/test/experimental/dataflow/import-helper/test3.py Normal file
View File

@@ -0,0 +1,4 @@
import mypkg.foo
import mypkg.bar
print(mypkg.foo) # <module 'mypkg.foo' ...
print(mypkg.bar) # <module 'mypkg.bar' ...

4
python/ql/test/experimental/dataflow/import-helper/test4.py Normal file
View File

@@ -0,0 +1,4 @@
import mypkg.foo as _foo
import mypkg.bar as _bar
print(_foo) # <module 'mypkg.bar' ...
print(_bar) # <module 'mypkg.bar' ...

10
python/ql/test/experimental/dataflow/import-helper/test5.py Normal file
View File

@@ -0,0 +1,10 @@
import mypkg
print(mypkg.foo) # 42
try:
print(mypkg.bar)
except AttributeError as e:
print(e) # module 'mypkg' has no attribute 'bar'
from mypkg import bar as _bar
print(mypkg.bar) # <module 'mypkg.bar' ...

6
python/ql/test/experimental/dataflow/import-helper/test6.py Normal file
View File

@@ -0,0 +1,6 @@
import mypkg
print(mypkg.foo) # 42
import mypkg.foo
print(mypkg.foo) # <module 'mypkg.foo' ...

10
python/ql/test/experimental/dataflow/import-helper/test7.py Normal file
View File

@@ -0,0 +1,10 @@
from mypkg import foo
print(foo) # 42
import mypkg.foo
print(foo) # 42
print(mypkg.foo) # <module 'mypkg.bar' ...
from mypkg import foo
print(foo) # <module 'mypkg.bar' ...

1
python/ql/test/experimental/dataflow/pep_328/__init__.py Normal file
View File

@@ -0,0 +1 @@
pass

1
python/ql/test/experimental/dataflow/pep_328/package/__init__.py Normal file
View File

@@ -0,0 +1 @@
bar = "bar"

1
python/ql/test/experimental/dataflow/pep_328/package/moduleA.py Normal file
View File

@@ -0,0 +1 @@
foo = "foo"

16
python/ql/test/experimental/dataflow/pep_328/package/subpackage1/__init__.py Normal file
View File

@@ -0,0 +1,16 @@
from .moduleY import spam
from .moduleY import spam as ham
from . import moduleY
from ..subpackage1 import moduleY
from ..subpackage2.moduleZ import eggs
from ..moduleA import foo
try:
from ...package import bar
except Exception as e:
print(e)
try:
from ...sys import path
except Exception as e:
print(e)

16
python/ql/test/experimental/dataflow/pep_328/package/subpackage1/moduleX.py Normal file
View File

@@ -0,0 +1,16 @@
from .moduleY import spam
from .moduleY import spam as ham
from . import moduleY
from ..subpackage1 import moduleY
from ..subpackage2.moduleZ import eggs
from ..moduleA import foo
try:
from ...package import bar
except Exception as e:
print(e)
try:
from ...sys import path
except Exception as e:
print(e)

1
python/ql/test/experimental/dataflow/pep_328/package/subpackage1/moduleY.py Normal file
View File

@@ -0,0 +1 @@
spam = "spam"

1
python/ql/test/experimental/dataflow/pep_328/package/subpackage2/__init__.py Normal file
View File

@@ -0,0 +1 @@
pass

1
python/ql/test/experimental/dataflow/pep_328/package/subpackage2/moduleZ.py Normal file
View File

@@ -0,0 +1 @@
eggs = "eggs"

1
python/ql/test/experimental/dataflow/pep_328/start.py Normal file
View File

@@ -0,0 +1 @@
import package.subpackage1.moduleX

1
python/ql/test/experimental/dataflow/regression/custom_dataflow.expected Normal file
View File

@@ -0,0 +1 @@
| test.py:126:13:126:25 | ControlFlowNode for CUSTOM_SOURCE | test.py:130:21:130:21 | ControlFlowNode for t |

30
python/ql/test/experimental/dataflow/regression/custom_dataflow.ql Normal file
View File

@@ -0,0 +1,30 @@
/**
* This query is meant to catch the flows from `CUSTOM_SOURCE` to `CUSTOM_SINK`.
*
* This should be compared to
* python/ql/test/library-tests/taint/dataflow/Dataflow.ql
* A first goal is to have identical results; after that we
* hope to remove the false positive.
*/
import python
import semmle.python.dataflow.new.DataFlow
class CustomTestConfiguration extends DataFlow::Configuration {
CustomTestConfiguration() { this = "CustomTestConfiguration" }
override predicate isSource(DataFlow::Node node) {
node.asCfgNode().(NameNode).getId() = "CUSTOM_SOURCE"
}
override predicate isSink(DataFlow::Node node) {
exists(CallNode call |
call.getFunction().(NameNode).getId() in ["CUSTOM_SINK", "CUSTOM_SINK_F"] and
node.asCfgNode() = call.getAnArg()
)
}
}
from DataFlow::Node source, DataFlow::Node sink
where exists(CustomTestConfiguration cfg | cfg.hasFlow(source, sink))
select source, sink

21
python/ql/test/experimental/dataflow/regression/dataflow.expected
View File

@@ -1,3 +1,8 @@
| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:89:10:89:10 | ControlFlowNode for t |
| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:106:10:106:14 | ControlFlowNode for Attribute |
| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:111:10:111:12 | ControlFlowNode for Attribute |
| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:156:6:156:11 | ControlFlowNode for unsafe |
| module.py:6:12:6:17 | ControlFlowNode for SOURCE | test.py:101:10:101:10 | ControlFlowNode for t |
| test.py:3:10:3:15 | ControlFlowNode for SOURCE | test.py:3:10:3:15 | ControlFlowNode for SOURCE |
| test.py:6:9:6:14 | ControlFlowNode for SOURCE | test.py:7:10:7:10 | ControlFlowNode for s |
| test.py:10:12:10:17 | ControlFlowNode for SOURCE | test.py:13:10:13:12 | ControlFlowNode for arg |
@@ -7,10 +12,12 @@
| test.py:62:13:62:18 | ControlFlowNode for SOURCE | test.py:13:10:13:12 | ControlFlowNode for arg |
| test.py:67:13:67:18 | ControlFlowNode for SOURCE | test.py:13:10:13:12 | ControlFlowNode for arg |
| test.py:76:9:76:14 | ControlFlowNode for SOURCE | test.py:78:10:78:10 | ControlFlowNode for t |
| test.py:108:13:108:18 | ControlFlowNode for SOURCE | test.py:112:14:112:14 | ControlFlowNode for t |
| test.py:139:10:139:15 | ControlFlowNode for SOURCE | test.py:140:14:140:14 | ControlFlowNode for t |
| test.py:143:9:143:14 | ControlFlowNode for SOURCE | test.py:145:10:145:10 | ControlFlowNode for s |
| test.py:158:9:158:14 | ControlFlowNode for SOURCE | test.py:160:14:160:14 | ControlFlowNode for t |
| test.py:158:9:158:14 | ControlFlowNode for SOURCE | test.py:162:14:162:14 | ControlFlowNode for t |
| test.py:158:9:158:14 | ControlFlowNode for SOURCE | test.py:164:14:164:14 | ControlFlowNode for t |
| test.py:158:9:158:14 | ControlFlowNode for SOURCE | test.py:166:14:166:14 | ControlFlowNode for t |
| test.py:128:13:128:18 | ControlFlowNode for SOURCE | test.py:132:14:132:14 | ControlFlowNode for t |
| test.py:159:10:159:15 | ControlFlowNode for SOURCE | test.py:160:14:160:14 | ControlFlowNode for t |
| test.py:163:9:163:14 | ControlFlowNode for SOURCE | test.py:165:12:165:12 | ControlFlowNode for s |
| test.py:178:9:178:14 | ControlFlowNode for SOURCE | test.py:180:14:180:14 | ControlFlowNode for t |
| test.py:178:9:178:14 | ControlFlowNode for SOURCE | test.py:182:16:182:16 | ControlFlowNode for t |
| test.py:178:9:178:14 | ControlFlowNode for SOURCE | test.py:184:16:184:16 | ControlFlowNode for t |
| test.py:178:9:178:14 | ControlFlowNode for SOURCE | test.py:186:14:186:14 | ControlFlowNode for t |
| test.py:195:9:195:14 | ControlFlowNode for SOURCE | test.py:197:14:197:14 | ControlFlowNode for t |
| test.py:195:9:195:14 | ControlFlowNode for SOURCE | test.py:199:14:199:14 | ControlFlowNode for t |

10
python/ql/test/experimental/dataflow/regression/module.py Normal file
View File

@@ -0,0 +1,10 @@
dangerous = SOURCE
safe = "safe"
def dangerous_func():
return SOURCE
safe2 = SOURCE
safe2 = "safe"

79
python/ql/test/experimental/dataflow/regression/test.py
View File

@@ -30,7 +30,7 @@ def test6(cond):
else:
t = SOURCE
if cond:
SINK(t)
SINK_F(t)
def test7(cond):
if cond:
@@ -40,8 +40,8 @@ def test7(cond):
if cond:
SINK(t)
def source2(arg):
return source(arg)
def source2():
return source()
def sink2(arg):
sink(arg)
@@ -50,7 +50,7 @@ def sink3(cond, arg):
if cond:
sink(arg)
def test8(cond):
def test8(cond): # This test currently adds nothing, as we only track SOURCE -> SINK, and previous tests already add flow from line 10 to line 13
t = source2()
sink2(t)
@@ -80,7 +80,7 @@ def test11():
def test12():
t = "safe"
t = hub(t)
SINK(t)
SINK_F(t)
import module
@@ -90,16 +90,36 @@ def test13():
def test14():
t = module.safe
SINK(t)
SINK_F(t)
def test15():
t = module.safe2
SINK(t)
SINK_F(t)
def test16():
t = module.dangerous_func()
SINK(t)
class C(object): pass
def x_sink(arg):
SINK(arg.x)
def test17():
t = C()
t.x = module.dangerous
SINK(t.x)
def test18():
t = C()
t.x = module.dangerous
t = hub(t)
x_sink(t)
def test19():
t = CUSTOM_SOURCE
t = hub(TAINT_FROM_ARG(t))
CUSTOM_SINK(t)
def test20(cond):
if cond:
@@ -117,16 +137,16 @@ def test21(cond):
else:
t = SOURCE
if not cond:
CUSTOM_SINK(t)
CUSTOM_SINK_F(t)
else:
SINK(t)
SINK_F(t)
def test22(cond):
if cond:
t = CUSTOM_SOURCE
else:
t = SOURCE
t = TAINT_FROM_ARG(t)
t = TAINT_FROM_ARG(t) # Blocks data flow
if cond:
CUSTOM_SINK(t)
else:
@@ -141,16 +161,16 @@ def test23():
def test24():
s = SOURCE
SANITIZE(s)
SINK(s)
SANITIZE(s) # Does not block data flow
SINK_F(s)
def test_update_extend(x, y):
l = [SOURCE]
d = {"key" : SOURCE}
x.extend(l)
y.update(d)
SINK(x[0])
SINK(y["key"])
SINK(x[0]) # Flow not found
SINK(y["key"]) # Flow not found
l2 = list(l)
d2 = dict(d)
@@ -159,9 +179,36 @@ def test_truth():
if t:
SINK(t)
else:
SINK(t) # Regression: FP here
SINK_F(t) # False positive
if not t:
SINK(t) # Regression: FP here
SINK_F(t) # False positive
else:
SINK(t)
def test_early_exit():
t = FALSEY
if not t:
return
t
def flow_through_type_test_if_no_class():
t = SOURCE
if isinstance(t, str):
SINK(t) # Flows's both here..
else:
SINK(t) # ..and here
def flow_in_iteration():
t = [SOURCE]
for i in t:
SINK(i) # Flow not found
SINK(i) # Flow not found
def flow_in_generator():
seq = [SOURCE]
for i in seq:
yield i
def flow_from_generator():
for x in flow_in_generator():
SINK(x) # Flow not found

11
python/ql/test/experimental/dataflow/strange-essaflow/test.py Normal file
View File

@@ -0,0 +1,11 @@
import os
from flask import Flask, request
app = Flask(__name__)
@app.route("/command1")
def command_injection1():
files = request.args.get('files', '')
# Don't let files be `; rm -rf /`
os.system("ls " + files)

6
python/ql/test/experimental/dataflow/strange-essaflow/testFlow.expected Normal file
View File

@@ -0,0 +1,6 @@
os_import
| test.py:2:8:2:9 | GSSA Variable os |
flowstep
jumpStep
| test.py:2:8:2:9 | GSSA Variable os | test.py:0:0:0:0 | ModuleVariableNode for Global Variable os in Module test |
essaFlowStep

37
python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql Normal file
View File

@@ -0,0 +1,37 @@
import python
import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate
/** Gets the EssaNode that holds the module imported by the fully qualified module name `name` */
DataFlow::EssaNode module_import(string name) {
exists(Variable var, Import imp, Alias alias |
alias = imp.getAName() and
alias.getAsname() = var.getAStore() and
(
name = alias.getValue().(ImportMember).getImportedModuleName()
or
name = alias.getValue().(ImportExpr).getImportedModuleName()
) and
result.getVar().(AssignmentDefinition).getSourceVariable() = var
)
}
query predicate os_import(DataFlow::Node node) {
node = module_import("os") and
exists(node.getLocation().getFile().getRelativePath())
}
query predicate flowstep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
os_import(nodeFrom) and
DataFlow::localFlowStep(nodeFrom, nodeTo)
}
query predicate jumpStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
os_import(nodeFrom) and
DataFlowPrivate::jumpStep(nodeFrom, nodeTo)
}
query predicate essaFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
os_import(nodeFrom) and
DataFlowPrivate::EssaFlow::essaFlowStep(nodeFrom, nodeTo)
}

14
python/ql/test/experimental/dataflow/tainttracking/TestTaintLib.qll
View File

@@ -1,12 +1,13 @@
import python
import experimental.dataflow.TaintTracking
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.TaintTracking
import semmle.python.dataflow.new.DataFlow
class TestTaintTrackingConfiguration extends TaintTracking::Configuration {
TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" }
override predicate isSource(DataFlow::Node source) {
source.(DataFlow::CfgNode).getNode().(NameNode).getId() in ["TAINTED_STRING", "TAINTED_BYTES"]
source.(DataFlow::CfgNode).getNode().(NameNode).getId() in ["TAINTED_STRING", "TAINTED_BYTES",
"TAINTED_LIST", "TAINTED_DICT"]
}
override predicate isSink(DataFlow::Node sink) {
@@ -42,9 +43,10 @@ private string repr(Expr e) {
result = repr(e.(Attribute).getObject()) + "." + e.(Attribute).getName()
}
query predicate test_taint(string arg_location, string test_res, string function_name, string repr) {
query predicate test_taint(string arg_location, string test_res, string scope_name, string repr) {
exists(Call call, Expr arg, boolean expected_taint, boolean has_taint |
call.getLocation().getFile().getShortName() = "test.py" and
// only consider files that are extracted as part of the test
exists(call.getLocation().getFile().getRelativePath()) and
(
call.getFunc().(Name).getId() = "ensure_tainted" and
expected_taint = true
@@ -66,7 +68,7 @@ query predicate test_taint(string arg_location, string test_res, string function
// select
arg_location = arg.getLocation().toString() and
test_res = test_res and
function_name = call.getScope().(Function).getName() and
scope_name = call.getScope().getName() and
repr = repr(arg)
)
}

4
python/ql/test/experimental/dataflow/tainttracking/basic/GlobalTaintTracking.ql
View File

@@ -1,6 +1,6 @@
import python
import experimental.dataflow.TaintTracking
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.TaintTracking
import semmle.python.dataflow.new.DataFlow
class TestTaintTrackingConfiguration extends TaintTracking::Configuration {
TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" }

4
python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected
View File

@@ -1,3 +1,5 @@
| test.py:7:5:7:16 | SSA variable also_tainted | test.py:8:5:8:22 | SSA variable also_tainted |
| test.py:3:1:3:7 | GSSA Variable tainted | test.py:4:6:4:12 | ControlFlowNode for tainted |
| test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:3:1:3:7 | GSSA Variable tainted |
| test.py:6:1:6:11 | ControlFlowNode for FunctionExpr | test.py:6:5:6:8 | GSSA Variable func |
| test.py:7:5:7:16 | SSA variable also_tainted | test.py:8:10:8:21 | ControlFlowNode for also_tainted |
| test.py:7:20:7:25 | ControlFlowNode for SOURCE | test.py:7:5:7:16 | SSA variable also_tainted |

4
python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.ql
View File

@@ -1,6 +1,6 @@
import python
import experimental.dataflow.TaintTracking
import experimental.dataflow.DataFlow
import semmle.python.dataflow.new.TaintTracking
import semmle.python.dataflow.new.DataFlow
from DataFlow::Node nodeFrom, DataFlow::Node nodeTo
where TaintTracking::localTaintStep(nodeFrom, nodeTo)

11
python/ql/test/experimental/dataflow/tainttracking/customSanitizer/TestTaint.expected Normal file
View File

@@ -0,0 +1,11 @@
test_taint
| test.py:22 | ok | test_custom_sanitizer | s |
| test.py:36 | ok | test_custom_sanitizer_guard | s |
| test.py:38 | ok | test_custom_sanitizer_guard | s |
| test.py:40 | ok | test_custom_sanitizer_guard | s |
| test.py:51 | ok | test_escape | s2 |
isSanitizer
| TestTaintTrackingConfiguration | test.py:21:39:21:39 | ControlFlowNode for s |
| TestTaintTrackingConfiguration | test.py:50:10:50:29 | ControlFlowNode for emulated_escaping() |
isSanitizerGuard
| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() |

33
python/ql/test/experimental/dataflow/tainttracking/customSanitizer/TestTaint.ql Normal file
View File

@@ -0,0 +1,33 @@
import experimental.dataflow.tainttracking.TestTaintLib
class IsSafeCheck extends DataFlow::BarrierGuard {
IsSafeCheck() { this.(CallNode).getNode().getFunc().(Name).getId() = "emulated_is_safe" }
override predicate checks(ControlFlowNode node, boolean branch) {
node = this.(CallNode).getAnArg() and
branch = true
}
}
class CustomSanitizerOverrides extends TestTaintTrackingConfiguration {
override predicate isSanitizer(DataFlow::Node node) {
exists(Call call |
call.getFunc().(Name).getId() = "emulated_authentication_check" and
call.getArg(0) = node.asExpr()
)
or
node.asExpr().(Call).getFunc().(Name).getId() = "emulated_escaping"
}
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { guard instanceof IsSafeCheck }
}
query predicate isSanitizer(TestTaintTrackingConfiguration conf, DataFlow::Node node) {
exists(node.getLocation().getFile().getRelativePath()) and
conf.isSanitizer(node)
}
query predicate isSanitizerGuard(TestTaintTrackingConfiguration conf, DataFlow::BarrierGuard guard) {
exists(guard.getLocation().getFile().getRelativePath()) and
conf.isSanitizerGuard(guard)
}

Some files were not shown because too many files have changed in this diff Show More