hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python points-to. If __all__ is overly complex, treat all 'public' symbols as exported.

Browse Source
This commit is contained in:
Mark Shannon
2019-06-05 14:46:51 +01:00
parent 8b58b80e5f
commit bbf25f3a23
4 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
python/ql/src/semmle/python/pointsto/PointsTo.qll
View File

@@ -726,10 +726,12 @@ private module InterModulePointsTo {
|
src.declaredInAll(name) and result = true
or
src.declaredInAll(_) and not src.declaredInAll(name) and
declared_all_is_simple(src) and
not src.declaredInAll(name) and
ofInterestInExports(mod, name) and result = false
or
not src.declaredInAll(_) and
(not src.declaredInAll(name) and not declared_all_is_simple(src))
and
exists(ObjectInternal val |
ModuleAttributes::pointsToAtExit(src, name, val, _) |
val = ObjectInternal::undefined() and result = false
@@ -739,6 +741,17 @@ private module InterModulePointsTo {
)
}
/** Holds if __all__ is declared and not mutated */
private predicate declared_all_is_simple(Module m) {
exists(AssignStmt a, GlobalVariable all |
a.defines(all) and a.getScope() = m and
all.getId() = "__all__" and
not exists(Attribute attr |
all.getALoad() = attr.getObject()
)
)
}
private boolean packageExportsBoolean(PackageObjectInternal mod, string name) {
exists(Folder folder |
folder = mod.getFolder() |