hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Resolve all meth = obj.meth; meth() TODOs

Browse Source 
It would probably have been easier to do this as the _first_ thing...
but that's too late now 😓
This commit is contained in:
Rasmus Wriedt Larsen
2021-07-21 13:25:53 +02:00
parent 6f63c03558
commit be1cad864b
9 changed files with 81 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
python/.vscode/ql.code-snippets vendored
View File

@@ -201,24 +201,17 @@
" */",
" private class AdditionalTaintStep extends TaintTracking::AdditionalTaintStep {",
" override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {",
" // Methods",
" //",
" // TODO: When we have tools that make it easy, model these properly to handle",
" // `meth = obj.meth; meth()`. Until then, we'll use this more syntactic approach",
" // (since it allows us to at least capture the most common cases).",
" // normal (non-async) methods",
" nodeFrom = instance() and",
" exists(DataFlow::AttrRead attr | attr.getObject() = nodeFrom |",
" // normal (non-async) methods",
" attr.getAttributeName() in [\"TODO\"] and",
" nodeTo.(DataFlow::CallCfgNode).getFunction() = attr",
" or",
" // async methods",
" exists(Await await, DataFlow::CallCfgNode call |",
" attr.getAttributeName() in [\"TODO\"] and",
" call.getFunction() = attr and",
" await.getValue() = call.asExpr() and",
" nodeTo.asExpr() = await",
" )",
" nodeTo.(DataFlow::MethodCallNode).calls(nodeFrom, [\"TODO\"])",
" or",
" // async methods",
" exists(DataFlow::MethodCallNode call, Await await |",
" nodeTo.asExpr() = await and",
" nodeFrom = instance()",
" |",
" await.getValue() = any(DataFlow::Node awaitable | call.flowsTo(awaitable)).asExpr() and",
" call.calls(nodeFrom, [\"TODO\"])",
" )",
" or",
" // Attributes",