hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19136 from github/tausbn/python-modernise-mixed-tuple-returns-query

Browse Source 
Python: Modernize `py/mixed-tuple-returns`
This commit is contained in:
Taus
2025-04-01 17:31:56 +02:00
committed by GitHub
parent ffb25b7aac 6674288fd2
commit aacdc70a73
4 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
python/ql/src/Functions/ReturnConsistentTupleSizes.ql
View File

@@ -4,6 +4,7 @@
* @kind problem * @kind problem
* @tags reliability * @tags reliability
* maintainability * maintainability
* quality
* @problem.severity recommendation * @problem.severity recommendation
* @sub-severity high * @sub-severity high
* @precision high * @precision high
@@ -11,13 +12,15 @@
*/ */
import python import python
import semmle.python.ApiGraphs
predicate returns_tuple_of_size(Function func, int size, AstNode origin) { predicate returns_tuple_of_size(Function func, int size, Tuple tuple) {
exists(Return return, TupleValue val | exists(Return return, DataFlow::Node value |
value.asExpr() = return.getValue() and
return.getScope() = func and return.getScope() = func and
return.getValue().pointsTo(val, origin) any(DataFlow::LocalSourceNode n | n.asExpr() = tuple).flowsTo(value)
| |
size = val.length() size = count(int n | exists(tuple.getElt(n)))
) )
} }
@@ -25,6 +28,8 @@ from Function func, int s1, int s2, AstNode t1, AstNode t2
where where
returns_tuple_of_size(func, s1, t1) and returns_tuple_of_size(func, s1, t1) and
returns_tuple_of_size(func, s2, t2) and returns_tuple_of_size(func, s2, t2) and
s1 < s2 s1 < s2 and
// Don't report on functions that have a return type annotation
not exists(func.getDefinition().(FunctionExpr).getReturns())
select func, func.getQualifiedName() + " returns $@ and $@.", t1, "tuple of size " + s1, t2, select func, func.getQualifiedName() + " returns $@ and $@.", t1, "tuple of size " + s1, t2,
"tuple of size " + s2 "tuple of size " + s2

5
python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
---
- The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this led to too many false positives.

1
python/ql/test/query-tests/Functions/return_values/ReturnConsistentTupleSizes.expected
View File

@@ -1,2 +1 @@
| functions_test.py:306:1:306:39 | Function returning_different_tuple_sizes | returning_different_tuple_sizes returns $@ and $@. | functions_test.py:308:16:308:18 | Tuple | tuple of size 2 | functions_test.py:310:16:310:20 | Tuple | tuple of size 3 | | functions_test.py:306:1:306:39 | Function returning_different_tuple_sizes | returning_different_tuple_sizes returns $@ and $@. | functions_test.py:308:16:308:18 | Tuple | tuple of size 2 | functions_test.py:310:16:310:20 | Tuple | tuple of size 3 |
| functions_test.py:324:1:324:50 | Function indirectly_returning_different_tuple_sizes | indirectly_returning_different_tuple_sizes returns $@ and $@. | functions_test.py:319:12:319:14 | Tuple | tuple of size 2 | functions_test.py:322:12:322:16 | Tuple | tuple of size 3 |

8
python/ql/test/query-tests/Functions/return_values/functions_test.py
View File

@@ -321,7 +321,7 @@ def function_returning_2_tuple():
def function_returning_3_tuple(): def function_returning_3_tuple():
return 1,2,3 return 1,2,3
def indirectly_returning_different_tuple_sizes(x): def indirectly_returning_different_tuple_sizes(x): # OK, since we only look at local tuple returns
if x: if x:
return function_returning_2_tuple() return function_returning_2_tuple()
else: else:
@@ -347,3 +347,9 @@ def ok_match2(x): # FP
return 0 return 0
case _: case _:
return 1 return 1
def ok_tuple_returns_captured_in_type(x: bool) -> tuple[int, ...]: # OK because there is a type annotation present
if x:
return 1, 2
else:
return 1, 2, 3