Python: Fix false negative

I'm slightly suspicious of this fix -- it seems to work, but it makes me wonder if we're potentially missing other kinds of flow, by not handling other kinds of definitions. Also, I feel like this should really be attached to an appropriate post-update node of the given argument. As it is written now, the flow will go from the argument _before_ the call, which obviously misses a step if the argument is modified by the call. In practice, I would expect this to be rather rare.
2025-12-20 02:44:30 +01:00 · 2020-10-20 13:16:54 +02:00
parent 860cafed4d
commit a21c29507c
2 changed files with 5 additions and 2 deletions
--- a/python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll
+++ b/python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll
@@ -521,8 +521,11 @@ predicate jumpStep(Node nodeFrom, Node nodeTo) {
 private predicate module_export(Module m, string name, CfgNode defn) {
  exists(EssaVariable v |
    v.getName() = name and
-    v.getAUse() = m.getANormalExit() and
+    v.getAUse() = m.getANormalExit()
+  |
    defn.getNode() = v.getDefinition().(AssignmentDefinition).getValue()
+    or
+    defn.getNode() = v.getDefinition().(ArgumentRefinement).getArgument()
  )
 }