mirror of
https://github.com/github/codeql.git
synced 2025-12-16 08:43:11 +01:00
Python: purge old references
This commit is contained in:
Rasmus Lerchedahl Petersen
3
.vscode/settings.json
vendored
3
.vscode/settings.json
vendored
@@ -1,3 +1,4 @@
|
||||
{
|
||||
"omnisharp.autoStart": false
|
||||
"omnisharp.autoStart": false,
|
||||
"restructuredtext.confPath": "${workspaceFolder}/docs/codeql"
|
||||
}
|
||||
@@ -20,7 +20,6 @@ The CodeQL library for Python incorporates a large number of classes. Each class
|
||||
|
||||
- **Syntactic** - classes that represent entities in the Python source code.
|
||||
- **Control flow** - classes that represent entities from the control flow graphs.
|
||||
- **Type inference** - classes that represent the inferred values and types of entities in the Python source code.
|
||||
|
||||
Syntactic classes
|
||||
-----------------
|
||||
@@ -290,40 +289,6 @@ The classes in the control-flow part of the library are:
|
||||
- `BasicBlock <https://codeql.github.com/codeql-standard-libraries/python/semmle/python/Flow.qll/type.Flow$BasicBlock.html>`__ – A non branching list of control-flow nodes.
|
||||
|
||||
|
||||
Type-inference classes
|
||||
----------------------
|
||||
|
||||
The CodeQL library for Python also supplies some classes for accessing the inferred types of values. The classes ``Value`` and ``ClassValue`` allow you to query the possible classes that an expression may have at runtime.
|
||||
|
||||
Example
|
||||
^^^^^^^
|
||||
|
||||
For example, which ``ClassValue``\ s are iterable can be determined using the query:
|
||||
|
||||
**Find iterable "ClassValue"s**
|
||||
|
||||
.. code-block:: ql
|
||||
|
||||
import python
|
||||
|
||||
from ClassValue cls
|
||||
where cls.hasAttribute("__iter__")
|
||||
select cls
|
||||
|
||||
➤ `See this in the query console on LGTM.com <https://lgtm.com/query/5151030165280978402/>`__ This query returns a list of classes for the projects analyzed. If you want to include the results for ``builtin`` classes, which do not have any Python source code, show the non-source results. For more information, see `builtin classes <https://docs.python.org/3/library/stdtypes.html>`__ in the Python documentation.
|
||||
|
||||
Summary
|
||||
^^^^^^^
|
||||
|
||||
- `Value <https://codeql.github.com/codeql-standard-libraries/python/semmle/python/objects/ObjectAPI.qll/type.ObjectAPI$Value.html>`__
|
||||
|
||||
- ``ClassValue``
|
||||
- ``CallableValue``
|
||||
- ``ModuleValue``
|
||||
|
||||
For more information about these classes, see ":doc:`Pointer analysis and type inference in Python <pointer-analysis-and-type-inference-in-python>`."
|
||||
|
||||
|
||||
Further reading
|
||||
---------------
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
About data flow analysis
|
||||
########################
|
||||
|
||||
Data flow analysis is used to compute the possible values that a variable can hold at various points in a program, determining how those values propagate through the program and where they are used.
|
||||
Data flow analysis is used to compute the possible values that a variable can hold at various points in a program, determining how those values propagate through the program and where they are used.
|
||||
|
||||
Overview
|
||||
********
|
||||
@@ -20,13 +20,13 @@ See the following tutorials for more information about analyzing data flow in sp
|
||||
- ":ref:`Analyzing data flow in C# <analyzing-data-flow-in-csharp>`"
|
||||
- ":ref:`Analyzing data flow in Java <analyzing-data-flow-in-java>`"
|
||||
- ":ref:`Analyzing data flow in JavaScript/TypeScript <analyzing-data-flow-in-javascript-and-typescript>`"
|
||||
- ":ref:`Analyzing data flow and tracking tainted data in Python <analyzing-data-flow-and-tracking-tainted-data-in-python>`"
|
||||
- ":ref:`Analyzing data flow in Python <analyzing-data-flow-in-python>`"
|
||||
|
||||
.. pull-quote::
|
||||
|
||||
Note
|
||||
|
||||
Data flow analysis is used extensively in path queries. To learn more about path queries, see ":doc:`Creating path queries <creating-path-queries>`."
|
||||
Data flow analysis is used extensively in path queries. To learn more about path queries, see ":doc:`Creating path queries <creating-path-queries>`."
|
||||
|
||||
.. _data-flow-graph:
|
||||
|
||||
@@ -78,11 +78,10 @@ The normal data flow libraries are used to analyze the information flow in which
|
||||
For example, if you are tracking an insecure object ``x`` (which might be some untrusted or potentially malicious data), a step in the program may 'change' its value. So, in a simple process such as ``y = x + 1``, a normal data flow analysis will highlight the use of ``x``, but not ``y``.
|
||||
However, since ``y`` is derived from ``x``, it is influenced by the untrusted or 'tainted' information, and therefore it is also tainted. Analyzing the flow of the taint from ``x`` to ``y`` is known as taint tracking.
|
||||
|
||||
In QL, taint tracking extends data flow analysis by including steps in which the data values are not necessarily preserved, but the potentially insecure object is still propagated.
|
||||
In QL, taint tracking extends data flow analysis by including steps in which the data values are not necessarily preserved, but the potentially insecure object is still propagated.
|
||||
These flow steps are modeled in the taint-tracking library using predicates that hold if taint is propagated between nodes.
|
||||
|
||||
Further reading
|
||||
***************
|
||||
|
||||
- ":ref:`Exploring data flow with path queries <exploring-data-flow-with-path-queries>`"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user