diff --git a/python/change-notes/2021-10-08-add-dataflow-for-boolean-expressions.md b/python/change-notes/2021-10-08-add-dataflow-for-boolean-expressions.md new file mode 100644 index 00000000000..ba90b6ec9f2 --- /dev/null +++ b/python/change-notes/2021-10-08-add-dataflow-for-boolean-expressions.md @@ -0,0 +1,3 @@ +lgtm,codescanning +* Added data-flow from `x` in both `x or y` and `x and y`, as described in the + [Python Language Reference](https://docs.python.org/3/reference/expressions.html#boolean-operations). diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll index 44c64234b75..7c90bc1189a 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll @@ -200,6 +200,9 @@ module EssaFlow { // If expressions nodeFrom.asCfgNode() = nodeTo.asCfgNode().(IfExprNode).getAnOperand() or + // boolean inline expressions such as `x or y` or `x and y` + nodeFrom.asCfgNode() = nodeTo.asCfgNode().(BoolExprNode).getAnOperand() + or // Flow inside an unpacking assignment iterableUnpackingFlowStep(nodeFrom, nodeTo) or diff --git a/python/ql/test/experimental/dataflow/coverage/test.py b/python/ql/test/experimental/dataflow/coverage/test.py index 43820495276..751adde20d8 100644 --- a/python/ql/test/experimental/dataflow/coverage/test.py +++ b/python/ql/test/experimental/dataflow/coverage/test.py @@ -426,12 +426,12 @@ def test_call_extra_keyword_flow(): def test_or(x = False): # if we don't know the value of the lhs, we should always add flow - SINK(x or SOURCE) #$ MISSING: flow="SOURCE -> BoolExp" + SINK(x or SOURCE) #$ flow="SOURCE -> BoolExpr" def test_and(x = True): # if we don't know the value of the lhs, we should always add flow - SINK(x and SOURCE) #$ MISSING: flow="SOURCE -> BoolExp" + SINK(x and SOURCE) #$ flow="SOURCE -> BoolExpr" # 6.12. Assignment expressions