Merge pull request #15776 from RasmusWL/tt-consistency

Python: Add type-tracking consistency query
2026-04-25 16:55:19 +02:00 · 2024-03-13 11:11:07 +01:00
parent 4085c8ec8f 800351c7b7
commit b5c0fbb827
2 changed files with 48 additions and 0 deletions
--- a/python/ql/consistency-queries/TypeTrackingConsistency.ql
+++ b/python/ql/consistency-queries/TypeTrackingConsistency.ql
@@ -0,0 +1,42 @@
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate
+private import semmle.python.dataflow.new.internal.TypeTrackingImpl
+
+private module ConsistencyChecksInput implements ConsistencyChecksInputSig {
+  predicate unreachableNodeExclude(DataFlow::Node n) {
+    n instanceof DataFlowPrivate::SyntheticPostUpdateNode
+    or
+    n instanceof DataFlowPrivate::SyntheticPreUpdateNode
+    or
+    // TODO: when adding support for proper content, handle **kwargs passing better!
+    n instanceof DataFlowPrivate::SynthDictSplatArgumentNode
+    or
+    // TODO: when adding support for proper content, handle unpacking tuples in match
+    // cases better, such as
+    //
+    // match (NONSOURCE, SOURCE):
+    //   case (x, y): ...
+    exists(DataFlow::Node m |
+      m.asCfgNode().getNode() instanceof MatchCapturePattern
+      or
+      m.asCfgNode().getNode() instanceof MatchAsPattern
+      or
+      m.asCfgNode().getNode() instanceof MatchOrPattern
+    |
+      TypeTrackingInput::simpleLocalSmallStep*(m, n)
+    )
+    or
+    // TODO: when adding support for proper content, handle iterable unpacking better
+    // such as `for k,v in items:`, or `a, (b,c) = ...`
+    n instanceof DataFlow::IterableSequenceNode
+    or
+    // We have missing use-use flow in
+    // https://github.com/python/cpython/blob/0fb18b02c8ad56299d6a2910be0bab8ad601ef24/Lib/socketserver.py#L276-L303
+    // which I couldn't just fix. We ignore the problems here, and instead rely on the
+    // test-case added in https://github.com/github/codeql/pull/15841
+    n.getLocation().getFile().getAbsolutePath().matches("%/socketserver.py")
+  }
+}
+
+import ConsistencyChecks<ConsistencyChecksInput>
--- a/python/ql/test/library-tests/essa/ssa-compute/CONSISTENCY/TypeTrackingConsistency.expected
+++ b/python/ql/test/library-tests/essa/ssa-compute/CONSISTENCY/TypeTrackingConsistency.expected
@@ -0,0 +1,6 @@
+unreachableNode
+| test2.py:16:17:16:17 | ControlFlowNode for y | Unreachable node in step of kind load bar. |
+| test2.py:25:23:25:23 | ControlFlowNode for x | Unreachable node in step of kind load attribute. |
+| test2.py:25:23:25:23 | ControlFlowNode for x | Unreachable node in step of kind simpleLocalSmallStep. |
+| test2.py:26:17:26:17 | ControlFlowNode for y | Unreachable node in step of kind load bar. |
+| test2.py:27:23:27:23 | ControlFlowNode for x | Unreachable node in step of kind simpleLocalSmallStep. |