hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add barrier test to import resolution

Browse Source 
Just like the one added for `py/insecure-protocol` in fb425b7, but
instead added in the import-resolution tests, such that we don't have to
remember it's in a completely different directory.
This commit is contained in:
Rasmus Wriedt Larsen
2023-02-23 00:22:01 +01:00
parent 321a4b4ef2
commit bea0acb497
4 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/test/experimental/import-resolution/ModuleExport.expected
View File

@@ -11,6 +11,9 @@
| baz | __file__ | baz.py:2:7:2:14 | ControlFlowNode for __file__ |
| baz | __file__ | baz.py:6:6:6:13 | ControlFlowNode for __file__ |
| baz | baz_attr | baz.py:4:12:4:21 | ControlFlowNode for Str |
| block_flow_check | SOURCE | block_flow_check.py:4:1:4:21 | ControlFlowNode for ClassExpr |
| block_flow_check | __file__ | block_flow_check.py:2:7:2:14 | ControlFlowNode for __file__ |
| block_flow_check | __file__ | block_flow_check.py:14:6:14:13 | ControlFlowNode for __file__ |
| foo | __file__ | foo.py:2:7:2:14 | ControlFlowNode for __file__ |
| foo | __file__ | foo.py:14:6:14:13 | ControlFlowNode for __file__ |
| foo | __private_foo_attr | foo.py:8:22:8:41 | ControlFlowNode for Str |

14
python/ql/test/experimental/import-resolution/block_flow_check.py Normal file
View File

@@ -0,0 +1,14 @@
from trace import *
enter(__file__)
class SOURCE(object):
@staticmethod
def block_flow(): pass
check("SOURCE", SOURCE, SOURCE, globals()) #$ prints=SOURCE
SOURCE.block_flow()
check("SOURCE", SOURCE, SOURCE, globals())
exit(__file__)

4
python/ql/test/experimental/import-resolution/importflow.ql
View File

@@ -66,6 +66,10 @@ private class ImportConfiguration extends DataFlow::Configuration {
override predicate isSink(DataFlow::Node sink) {
sink = API::moduleImport("trace").getMember("check").getACall().getArg(1)
}
override predicate isBarrier(DataFlow::Node node) {
exists(DataFlow::MethodCallNode call | call.calls(node, "block_flow"))
}
}
class ResolutionTest extends InlineExpectationsTest {

4
python/ql/test/experimental/import-resolution/main.py
View File

@@ -146,6 +146,10 @@ import simplistic_reexport # $ imports=simplistic_reexport as=simplistic_reexpor
check("simplistic_reexport.bar_attr", simplistic_reexport.bar_attr, "overwritten", globals()) #$ prints=overwritten SPURIOUS: prints=bar_attr
check("simplistic_reexport.baz_attr", simplistic_reexport.baz_attr, "overwritten", globals()) #$ prints=overwritten SPURIOUS: prints=baz_attr
# check that we don't treat all assignments as being exports
import block_flow_check #$ imports=block_flow_check as=block_flow_check
check("block_flow_check.SOURCE", block_flow_check.SOURCE, block_flow_check.SOURCE, globals()) #$ SPURIOUS: prints=SOURCE
exit(__file__)
print()