hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into python-model-django-sources

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-10-20 15:38:20 +02:00
parent 80adbdfbc1 17155b64f5
commit c8441dc4fb
299 changed files with 35592 additions and 8575 deletions
Download Patch File Download Diff File Expand all files Collapse all files

757
python/ql/src/experimental/dataflow/internal/DataFlowImpl.qll
View File

File diff suppressed because it is too large Load Diff

757
python/ql/src/experimental/dataflow/internal/DataFlowImpl2.qll
View File

File diff suppressed because it is too large Load Diff

24
python/ql/src/experimental/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -2,6 +2,30 @@ private import DataFlowImplSpecific::Private
private import DataFlowImplSpecific::Public
import Cached
/**
* The cost limits for the `AccessPathFront` to `AccessPathApprox` expansion.
*
* `apLimit` bounds the acceptable fan-out, and `tupleLimit` bounds the
* estimated per-`AccessPathFront` tuple cost. Access paths exceeding both of
* these limits are represented with lower precision during pruning.
*/
predicate accessPathApproxCostLimits(int apLimit, int tupleLimit) {
apLimit = 10 and
tupleLimit = 10000
}
/**
* The cost limits for the `AccessPathApprox` to `AccessPath` expansion.
*
* `apLimit` bounds the acceptable fan-out, and `tupleLimit` bounds the
* estimated per-`AccessPathApprox` tuple cost. Access paths exceeding both of
* these limits are represented with lower precision.
*/
predicate accessPathCostLimits(int apLimit, int tupleLimit) {
apLimit = 5 and
tupleLimit = 1000
}
cached
private module Cached {
/**

23
python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll
View File

@@ -798,6 +798,29 @@ predicate jumpStep(Node nodeFrom, Node nodeTo) {
or
// Module variable write
nodeFrom = nodeTo.(ModuleVariableNode).getAWrite()
or
// Read of module attribute:
exists(AttrRead r, ModuleValue mv |
r.getObject().asCfgNode().pointsTo(mv) and
module_export(mv.getScope(), r.getAttributeName(), nodeFrom) and
nodeTo = r
)
}
/**
* Holds if the module `m` defines a name `name` by assigning `defn` to it. This is an
* overapproximation, as `name` may not in fact be exported (e.g. by defining an `__all__` that does
* not include `name`).
*/
private predicate module_export(Module m, string name, CfgNode defn) {
exists(EssaVariable v |
v.getName() = name and
v.getAUse() = m.getANormalExit()
|
defn.getNode() = v.getDefinition().(AssignmentDefinition).getValue()
or
defn.getNode() = v.getDefinition().(ArgumentRefinement).getArgument()
)
}
//--------

18
python/ql/test/experimental/dataflow/coverage/dataflow.expected
View File

@@ -128,14 +128,14 @@ edges
| test.py:184:10:184:10 | ControlFlowNode for x [List element] | test.py:184:10:184:13 | ControlFlowNode for Subscript |
| test.py:188:9:188:68 | ControlFlowNode for ListComp [List element] | test.py:189:10:189:10 | ControlFlowNode for x [List element] |
| test.py:188:10:188:10 | ControlFlowNode for y | test.py:188:9:188:68 | ControlFlowNode for ListComp [List element] |
| test.py:188:16:188:16 | SSA variable v [List element, List element, ... (3)] | test.py:188:45:188:45 | ControlFlowNode for v [List element, List element, ... (3)] |
| test.py:188:21:188:34 | ControlFlowNode for List [List element, List element, ... (4)] | test.py:188:16:188:16 | SSA variable v [List element, List element, ... (3)] |
| test.py:188:22:188:33 | ControlFlowNode for List [List element, List element, ... (3)] | test.py:188:21:188:34 | ControlFlowNode for List [List element, List element, ... (4)] |
| test.py:188:23:188:32 | ControlFlowNode for List [List element, List element] | test.py:188:22:188:33 | ControlFlowNode for List [List element, List element, ... (3)] |
| test.py:188:16:188:16 | SSA variable v [List element, List element, List element] | test.py:188:45:188:45 | ControlFlowNode for v [List element, List element, List element] |
| test.py:188:21:188:34 | ControlFlowNode for List [List element, List element, List element, List element] | test.py:188:16:188:16 | SSA variable v [List element, List element, List element] |
| test.py:188:22:188:33 | ControlFlowNode for List [List element, List element, List element] | test.py:188:21:188:34 | ControlFlowNode for List [List element, List element, List element, List element] |
| test.py:188:23:188:32 | ControlFlowNode for List [List element, List element] | test.py:188:22:188:33 | ControlFlowNode for List [List element, List element, List element] |
| test.py:188:24:188:31 | ControlFlowNode for List [List element] | test.py:188:23:188:32 | ControlFlowNode for List [List element, List element] |
| test.py:188:25:188:30 | ControlFlowNode for SOURCE | test.py:188:24:188:31 | ControlFlowNode for List [List element] |
| test.py:188:40:188:40 | SSA variable u [List element, List element] | test.py:188:56:188:56 | ControlFlowNode for u [List element, List element] |
| test.py:188:45:188:45 | ControlFlowNode for v [List element, List element, ... (3)] | test.py:188:40:188:40 | SSA variable u [List element, List element] |
| test.py:188:45:188:45 | ControlFlowNode for v [List element, List element, List element] | test.py:188:40:188:40 | SSA variable u [List element, List element] |
| test.py:188:51:188:51 | SSA variable z [List element] | test.py:188:67:188:67 | ControlFlowNode for z [List element] |
| test.py:188:56:188:56 | ControlFlowNode for u [List element, List element] | test.py:188:51:188:51 | SSA variable z [List element] |
| test.py:188:62:188:62 | SSA variable y | test.py:188:10:188:10 | ControlFlowNode for y |
@@ -285,14 +285,14 @@ nodes
| test.py:184:10:184:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| test.py:188:9:188:68 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
| test.py:188:10:188:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
| test.py:188:16:188:16 | SSA variable v [List element, List element, ... (3)] | semmle.label | SSA variable v [List element, List element, ... (3)] |
| test.py:188:21:188:34 | ControlFlowNode for List [List element, List element, ... (4)] | semmle.label | ControlFlowNode for List [List element, List element, ... (4)] |
| test.py:188:22:188:33 | ControlFlowNode for List [List element, List element, ... (3)] | semmle.label | ControlFlowNode for List [List element, List element, ... (3)] |
| test.py:188:16:188:16 | SSA variable v [List element, List element, List element] | semmle.label | SSA variable v [List element, List element, List element] |
| test.py:188:21:188:34 | ControlFlowNode for List [List element, List element, List element, List element] | semmle.label | ControlFlowNode for List [List element, List element, List element, List element] |
| test.py:188:22:188:33 | ControlFlowNode for List [List element, List element, List element] | semmle.label | ControlFlowNode for List [List element, List element, List element] |
| test.py:188:23:188:32 | ControlFlowNode for List [List element, List element] | semmle.label | ControlFlowNode for List [List element, List element] |
| test.py:188:24:188:31 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
| test.py:188:25:188:30 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
| test.py:188:40:188:40 | SSA variable u [List element, List element] | semmle.label | SSA variable u [List element, List element] |
| test.py:188:45:188:45 | ControlFlowNode for v [List element, List element, ... (3)] | semmle.label | ControlFlowNode for v [List element, List element, ... (3)] |
| test.py:188:45:188:45 | ControlFlowNode for v [List element, List element, List element] | semmle.label | ControlFlowNode for v [List element, List element, List element] |
| test.py:188:51:188:51 | SSA variable z [List element] | semmle.label | SSA variable z [List element] |
| test.py:188:56:188:56 | ControlFlowNode for u [List element, List element] | semmle.label | ControlFlowNode for u [List element, List element] |
| test.py:188:62:188:62 | SSA variable y | semmle.label | SSA variable y |

1
python/ql/test/experimental/dataflow/pep_328/__init__.py Normal file
View File

@@ -0,0 +1 @@
pass

1
python/ql/test/experimental/dataflow/pep_328/package/__init__.py Normal file
View File

@@ -0,0 +1 @@
bar = "bar"

1
python/ql/test/experimental/dataflow/pep_328/package/moduleA.py Normal file
View File

@@ -0,0 +1 @@
foo = "foo"

16
python/ql/test/experimental/dataflow/pep_328/package/subpackage1/__init__.py Normal file
View File

@@ -0,0 +1,16 @@
from .moduleY import spam
from .moduleY import spam as ham
from . import moduleY
from ..subpackage1 import moduleY
from ..subpackage2.moduleZ import eggs
from ..moduleA import foo
try:
from ...package import bar
except Exception as e:
print(e)
try:
from ...sys import path
except Exception as e:
print(e)

16
python/ql/test/experimental/dataflow/pep_328/package/subpackage1/moduleX.py Normal file
View File

@@ -0,0 +1,16 @@
from .moduleY import spam
from .moduleY import spam as ham
from . import moduleY
from ..subpackage1 import moduleY
from ..subpackage2.moduleZ import eggs
from ..moduleA import foo
try:
from ...package import bar
except Exception as e:
print(e)
try:
from ...sys import path
except Exception as e:
print(e)

1
python/ql/test/experimental/dataflow/pep_328/package/subpackage1/moduleY.py Normal file
View File

@@ -0,0 +1 @@
spam = "spam"

1
python/ql/test/experimental/dataflow/pep_328/package/subpackage2/__init__.py Normal file
View File

@@ -0,0 +1 @@
pass

1
python/ql/test/experimental/dataflow/pep_328/package/subpackage2/moduleZ.py Normal file
View File

@@ -0,0 +1 @@
eggs = "eggs"

1
python/ql/test/experimental/dataflow/pep_328/start.py Normal file
View File

@@ -0,0 +1 @@
import package.subpackage1.moduleX

4
python/ql/test/experimental/dataflow/regression/dataflow.expected
View File

@@ -1,3 +1,7 @@
| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:89:10:89:10 | ControlFlowNode for t |
| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:106:10:106:14 | ControlFlowNode for Attribute |
| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:111:10:111:12 | ControlFlowNode for Attribute |
| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:156:6:156:11 | ControlFlowNode for unsafe |
| module.py:6:12:6:17 | ControlFlowNode for SOURCE | test.py:101:10:101:10 | ControlFlowNode for t |
| test.py:3:10:3:15 | ControlFlowNode for SOURCE | test.py:3:10:3:15 | ControlFlowNode for SOURCE |
| test.py:6:9:6:14 | ControlFlowNode for SOURCE | test.py:7:10:7:10 | ControlFlowNode for s |

8
python/ql/test/experimental/dataflow/regression/test.py
View File

@@ -86,7 +86,7 @@ import module
def test13():
t = module.dangerous
SINK(t) # Flow not found
SINK(t)
def test14():
t = module.safe
@@ -108,13 +108,13 @@ def x_sink(arg):
def test17():
t = C()
t.x = module.dangerous
SINK(t.x) # Flow not found
SINK(t.x)
def test18():
t = C()
t.x = module.dangerous
t = hub(t)
x_sink(t) # Flow not found
x_sink(t)
def test19():
t = CUSTOM_SOURCE
@@ -153,7 +153,7 @@ def test22(cond):
SINK(t)
from module import dangerous as unsafe
SINK(unsafe) # Flow not found
SINK(unsafe)
def test23():
with SOURCE as t:

3
python/ql/test/experimental/dataflow/typetracking/mymodule.py
View File

@@ -2,3 +2,6 @@ x = tracked # $tracked
def func():
return tracked # $tracked
z = tracked # $tracked
some_func(z) # $tracked

3
python/ql/test/experimental/dataflow/typetracking/test.py
View File

@@ -51,9 +51,10 @@ def global_var_write_test():
def test_import():
import mymodule
mymodule.x # $f-:tracked
mymodule.x # $tracked
y = mymodule.func() # $tracked
y # $tracked
mymodule.z # $tracked
# ------------------------------------------------------------------------------