hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Disallow PostUpdateNode as LocalSourceNode

Browse Source 
Previously, in cases like

```python
def foo(x):
    x.bar()
    x.baz()
    x.quux()
```

we would have flow from the first `x` to each use _and_ flow from the
post-update node for each method call to each subsequent use, and all
of these would be `LocalSourceNode`s. For large functions with the above
pattern, this would lead to a quadratic blowup in `hasLocalSource`.

With this commit, only the first of these will count as a
`LocalSourceNode`, and the blowup disappears.
This commit is contained in:
Taus
2021-04-15 17:56:14 +00:00
committed by GitHub
parent 591ac38c31
commit c9c8259ed0
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/src/semmle/python/dataflow/new/internal/LocalSources.qll
View File

@@ -26,7 +26,8 @@ class LocalSourceNode extends Node {
cached
LocalSourceNode() {
not comes_from_cfgnode(this) and
not this instanceof ModuleVariableNode
not this instanceof ModuleVariableNode and
not this instanceof PostUpdateNode
or
this = any(ModuleVariableNode mvn).getARead()
}