hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 20:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Repair flow from pre-update nodes

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2020-09-09 13:51:24 +02:00
parent ce7f82ddc6
commit 9e59d79a72
5 changed files with 52 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll
View File

@@ -154,7 +154,7 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) {
/**
* If a node `n` has a post-update node `pun(n)`, we want forward flow to go from
* `pun(n)` rather than from `n`.
* `pun(n)` as well as from `n`.
*/
private Node update(Node node) {
exists(PostUpdateNode pun |
@@ -162,7 +162,6 @@ private Node update(Node node) {
result = pun
)
or
not exists(PostUpdateNode pun | node = pun.getPreUpdateNode()) and
result = node
}

3
python/ql/test/experimental/dataflow/coverage/dataflow.expected
View File

@@ -77,6 +77,7 @@ edges
| test.py:335:12:335:17 | ControlFlowNode for SOURCE | test.py:335:10:335:18 | ControlFlowNode for f() |
| test.py:339:28:339:33 | ControlFlowNode for SOURCE | test.py:339:10:339:34 | ControlFlowNode for second() |
| test.py:372:9:372:14 | ControlFlowNode for SOURCE | test.py:374:10:374:10 | ControlFlowNode for a |
| test.py:372:9:372:14 | ControlFlowNode for SOURCE | test.py:379:10:379:10 | ControlFlowNode for b |
nodes
| datamodel.py:13:1:13:6 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
@@ -181,6 +182,7 @@ nodes
| test.py:339:28:339:33 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:372:9:372:14 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:374:10:374:10 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
| test.py:379:10:379:10 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
#select
| datamodel.py:38:6:38:17 | ControlFlowNode for f() | datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:38:6:38:17 | ControlFlowNode for f() | <message> |
| datamodel.py:38:6:38:17 | ControlFlowNode for f() | datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:38:6:38:17 | ControlFlowNode for f() | <message> |
@@ -216,3 +218,4 @@ nodes
| test.py:335:10:335:18 | ControlFlowNode for f() | test.py:335:12:335:17 | ControlFlowNode for SOURCE | test.py:335:10:335:18 | ControlFlowNode for f() | <message> |
| test.py:339:10:339:34 | ControlFlowNode for second() | test.py:339:28:339:33 | ControlFlowNode for SOURCE | test.py:339:10:339:34 | ControlFlowNode for second() | <message> |
| test.py:374:10:374:10 | ControlFlowNode for a | test.py:372:9:372:14 | ControlFlowNode for SOURCE | test.py:374:10:374:10 | ControlFlowNode for a | <message> |
| test.py:379:10:379:10 | ControlFlowNode for b | test.py:372:9:372:14 | ControlFlowNode for SOURCE | test.py:379:10:379:10 | ControlFlowNode for b | <message> |

2
python/ql/test/experimental/dataflow/regression/dataflow.expected
View File

@@ -15,3 +15,5 @@
| test.py:178:9:178:14 | ControlFlowNode for SOURCE | test.py:182:16:182:16 | ControlFlowNode for t |
| test.py:178:9:178:14 | ControlFlowNode for SOURCE | test.py:184:16:184:16 | ControlFlowNode for t |
| test.py:178:9:178:14 | ControlFlowNode for SOURCE | test.py:186:14:186:14 | ControlFlowNode for t |
| test.py:195:9:195:14 | ControlFlowNode for SOURCE | test.py:197:14:197:14 | ControlFlowNode for t |
| test.py:195:9:195:14 | ControlFlowNode for SOURCE | test.py:199:14:199:14 | ControlFlowNode for t |

6
python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/TestTaint.expected
View File

@@ -1,9 +1,9 @@
| test_collections.py:16 | ok | test_access | tainted_list.copy() |
| test_collections.py:24 | ok | list_clear | tainted_list |
| test_collections.py:27 | ok | list_clear | tainted_list |
| test_collections.py:27 | fail | list_clear | tainted_list |
| test_string.py:17 | ok | str_methods | ts.casefold() |
| test_string.py:19 | fail | str_methods | ts.format_map(..) |
| test_string.py:20 | fail | str_methods | "{unsafe}".format_map(..) |
| test_string.py:19 | ok | str_methods | ts.format_map(..) |
| test_string.py:20 | ok | str_methods | "{unsafe}".format_map(..) |
| test_string.py:31 | fail | binary_decode_encode | base64.a85encode(..) |
| test_string.py:32 | fail | binary_decode_encode | base64.a85decode(..) |
| test_string.py:35 | fail | binary_decode_encode | base64.b85encode(..) |

86
python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/TestTaint.expected
View File

@@ -7,7 +7,7 @@
| test_collections.py:32 | ok | test_construction | list(..) |
| test_collections.py:33 | ok | test_construction | list(..) |
| test_collections.py:34 | ok | test_construction | list(..) |
| test_collections.py:35 | fail | test_construction | list(..) |
| test_collections.py:35 | ok | test_construction | list(..) |
| test_collections.py:37 | ok | test_construction | tuple(..) |
| test_collections.py:38 | ok | test_construction | set(..) |
| test_collections.py:39 | ok | test_construction | frozenset(..) |
@@ -25,10 +25,10 @@
| test_collections.py:63 | ok | test_access | i |
| test_collections.py:70 | ok | test_dict_access | tainted_dict["name"] |
| test_collections.py:71 | ok | test_dict_access | tainted_dict.get(..) |
| test_collections.py:72 | fail | test_dict_access | tainted_dict[x] |
| test_collections.py:73 | fail | test_dict_access | tainted_dict.copy() |
| test_collections.py:77 | fail | test_dict_access | v |
| test_collections.py:79 | fail | test_dict_access | v |
| test_collections.py:72 | ok | test_dict_access | tainted_dict[x] |
| test_collections.py:73 | ok | test_dict_access | tainted_dict.copy() |
| test_collections.py:77 | ok | test_dict_access | v |
| test_collections.py:79 | ok | test_dict_access | v |
| test_collections.py:87 | fail | test_named_tuple | point[0] |
| test_collections.py:88 | fail | test_named_tuple | point.x |
| test_collections.py:92 | ok | test_named_tuple | point[1] |
@@ -65,7 +65,7 @@
| test_collections.py:227 | ok | set_add | my_set |
| test_collections.py:230 | fail | set_add | my_set |
| test_json.py:26 | ok | test | json.dumps(..) |
| test_json.py:27 | fail | test | json.loads(..) |
| test_json.py:27 | ok | test | json.loads(..) |
| test_json.py:34 | fail | test | tainted_filelike |
| test_json.py:35 | fail | test | json.load(..) |
| test_json.py:48 | fail | non_syntacical | dumps(..) |
@@ -76,53 +76,53 @@
| test_string.py:25 | ok | str_operations | ts |
| test_string.py:26 | ok | str_operations | BinaryExpr |
| test_string.py:27 | ok | str_operations | BinaryExpr |
| test_string.py:28 | fail | str_operations | BinaryExpr |
| test_string.py:29 | fail | str_operations | ts[Slice] |
| test_string.py:30 | fail | str_operations | ts[Slice] |
| test_string.py:31 | fail | str_operations | ts[Slice] |
| test_string.py:32 | fail | str_operations | ts[0] |
| test_string.py:33 | fail | str_operations | str(..) |
| test_string.py:28 | ok | str_operations | BinaryExpr |
| test_string.py:29 | ok | str_operations | ts[Slice] |
| test_string.py:30 | ok | str_operations | ts[Slice] |
| test_string.py:31 | ok | str_operations | ts[Slice] |
| test_string.py:32 | ok | str_operations | ts[0] |
| test_string.py:33 | ok | str_operations | str(..) |
| test_string.py:34 | ok | str_operations | bytes(..) |
| test_string.py:35 | fail | str_operations | unicode(..) |
| test_string.py:35 | ok | str_operations | unicode(..) |
| test_string.py:39 | ok | str_operations | aug_assignment |
| test_string.py:41 | ok | str_operations | aug_assignment |
| test_string.py:49 | ok | str_methods | ts.capitalize() |
| test_string.py:50 | fail | str_methods | ts.center(..) |
| test_string.py:51 | fail | str_methods | ts.expandtabs() |
| test_string.py:53 | fail | str_methods | ts.format() |
| test_string.py:54 | fail | str_methods | "{}".format(..) |
| test_string.py:55 | fail | str_methods | "{unsafe}".format(..) |
| test_string.py:57 | fail | str_methods | ts.join(..) |
| test_string.py:58 | fail | str_methods | "".join(..) |
| test_string.py:60 | fail | str_methods | ts.ljust(..) |
| test_string.py:61 | fail | str_methods | ts.lstrip() |
| test_string.py:62 | fail | str_methods | ts.lower() |
| test_string.py:64 | fail | str_methods | ts.replace(..) |
| test_string.py:65 | fail | str_methods | "safe".replace(..) |
| test_string.py:67 | fail | str_methods | ts.rjust(..) |
| test_string.py:68 | fail | str_methods | ts.rstrip() |
| test_string.py:69 | fail | str_methods | ts.strip() |
| test_string.py:70 | fail | str_methods | ts.swapcase() |
| test_string.py:71 | fail | str_methods | ts.title() |
| test_string.py:72 | fail | str_methods | ts.upper() |
| test_string.py:73 | fail | str_methods | ts.zfill(..) |
| test_string.py:75 | fail | str_methods | ts.encode(..) |
| test_string.py:76 | fail | str_methods | ts.encode(..).decode(..) |
| test_string.py:50 | ok | str_methods | ts.center(..) |
| test_string.py:51 | ok | str_methods | ts.expandtabs() |
| test_string.py:53 | ok | str_methods | ts.format() |
| test_string.py:54 | ok | str_methods | "{}".format(..) |
| test_string.py:55 | ok | str_methods | "{unsafe}".format(..) |
| test_string.py:57 | ok | str_methods | ts.join(..) |
| test_string.py:58 | ok | str_methods | "".join(..) |
| test_string.py:60 | ok | str_methods | ts.ljust(..) |
| test_string.py:61 | ok | str_methods | ts.lstrip() |
| test_string.py:62 | ok | str_methods | ts.lower() |
| test_string.py:64 | ok | str_methods | ts.replace(..) |
| test_string.py:65 | ok | str_methods | "safe".replace(..) |
| test_string.py:67 | ok | str_methods | ts.rjust(..) |
| test_string.py:68 | ok | str_methods | ts.rstrip() |
| test_string.py:69 | ok | str_methods | ts.strip() |
| test_string.py:70 | ok | str_methods | ts.swapcase() |
| test_string.py:71 | ok | str_methods | ts.title() |
| test_string.py:72 | ok | str_methods | ts.upper() |
| test_string.py:73 | ok | str_methods | ts.zfill(..) |
| test_string.py:75 | ok | str_methods | ts.encode(..) |
| test_string.py:76 | ok | str_methods | ts.encode(..).decode(..) |
| test_string.py:78 | ok | str_methods | tb.decode(..) |
| test_string.py:79 | fail | str_methods | tb.decode(..).encode(..) |
| test_string.py:82 | fail | str_methods | ts.partition(..) |
| test_string.py:83 | fail | str_methods | ts.rpartition(..) |
| test_string.py:84 | fail | str_methods | ts.rsplit(..) |
| test_string.py:85 | fail | str_methods | ts.split(..) |
| test_string.py:86 | fail | str_methods | ts.splitlines() |
| test_string.py:79 | ok | str_methods | tb.decode(..).encode(..) |
| test_string.py:82 | ok | str_methods | ts.partition(..) |
| test_string.py:83 | ok | str_methods | ts.rpartition(..) |
| test_string.py:84 | ok | str_methods | ts.rsplit(..) |
| test_string.py:85 | ok | str_methods | ts.split(..) |
| test_string.py:86 | ok | str_methods | ts.splitlines() |
| test_string.py:91 | ok | str_methods | "safe".replace(..) |
| test_string.py:93 | ok | str_methods | ts.join(..) |
| test_string.py:94 | ok | str_methods | ts.join(..) |
| test_string.py:93 | fail | str_methods | ts.join(..) |
| test_string.py:94 | fail | str_methods | ts.join(..) |
| test_string.py:104 | fail | non_syntactic | meth() |
| test_string.py:105 | fail | non_syntactic | _str(..) |
| test_string.py:114 | ok | percent_fmt | BinaryExpr |
| test_string.py:115 | ok | percent_fmt | BinaryExpr |
| test_string.py:116 | fail | percent_fmt | BinaryExpr |
| test_string.py:116 | ok | percent_fmt | BinaryExpr |
| test_string.py:126 | fail | binary_decode_encode | base64.b64encode(..) |
| test_string.py:127 | fail | binary_decode_encode | base64.b64decode(..) |
| test_string.py:129 | fail | binary_decode_encode | base64.standard_b64encode(..) |