Merge pull request #6640 from yoff/python-add-parameter-default-value-flow-step

Python: add parameter default value flow step
2026-05-11 17:59:29 +02:00 · 2021-09-13 17:05:48 +02:00
parent 7b764aec92 5d137ce9c5
commit b51ce1d2b3
11 changed files with 69 additions and 8 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
@@ -869,6 +869,9 @@ predicate jumpStep(Node nodeFrom, Node nodeTo) {
    module_export(mv.getScope(), r.getAttributeName(), nodeFrom) and
    nodeTo = r
  )
+  or
+  // Default value for parameter flows to that parameter
+  defaultValueFlowStep(nodeFrom, nodeTo)
 }

 /**
@@ -1033,6 +1036,19 @@ predicate kwOverflowStoreStep(CfgNode nodeFrom, DictionaryElementContent c, Node
  )
 }

+predicate defaultValueFlowStep(CfgNode nodeFrom, CfgNode nodeTo) {
+  exists(Function f, Parameter p, ParameterDefinition def |
+    // `getArgByName` supports, unlike `getAnArg`, keyword-only parameters
+    p = f.getArgByName(_) and
+    nodeFrom.asExpr() = p.getDefault() and
+    // The following expresses
+    // nodeTo.(ParameterNode).getParameter() = p
+    // without non-monotonic recursion
+    def.getParameter() = p and
+    nodeTo.getNode() = def.getDefiningNode()
+  )
+}
+
 /**
 * Holds if data can flow from `nodeFrom` to `nodeTo` via a read of content `c`.
 */