hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/main' into igfoo/mb

Browse Source
This commit is contained in:
Ian Lynagh
2026-01-13 01:01:35 +00:00
parent 70cc153cf5 c666fc71ca
commit dcd0a69759
1891 changed files with 180230 additions and 116717 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/src/Classes/ClassAttributes.qll
View File

@@ -1,5 +1,5 @@
import python
private import semmle.python.pointsto.PointsTo
private import LegacyPointsTo
/** A helper class for UndefinedClassAttribute.ql and MaybeUndefinedClassAttribute.ql */
class CheckClass extends ClassObject {

1
python/ql/src/Classes/ConflictingAttributesInBaseClasses.ql
View File

@@ -12,6 +12,7 @@
*/
import python
private import LegacyPointsTo
predicate does_nothing(PyFunctionObject f) {
not exists(Stmt s | s.getScope() = f.getFunction() |

1
python/ql/src/Classes/DefineEqualsWhenAddingAttributes.ql
View File

@@ -13,6 +13,7 @@
import python
import Equality
private import LegacyPointsTo
predicate class_stores_to_attribute(ClassValue cls, SelfAttributeStore store, string name) {
exists(FunctionValue f |

1
python/ql/src/Classes/InconsistentMRO.ql
View File

@@ -12,6 +12,7 @@
*/
import python
private import LegacyPointsTo
ClassObject left_base(ClassObject type, ClassObject base) {
exists(int i | i > 0 and type.getBaseType(i) = base and result = type.getBaseType(i - 1))

1
python/ql/src/Classes/MaybeUndefinedClassAttribute.ql
View File

@@ -12,6 +12,7 @@
import python
import ClassAttributes
private import LegacyPointsTo
predicate guarded_by_other_attribute(SelfAttributeRead a, CheckClass c) {
c.sometimesDefines(a.getName()) and

1
python/ql/src/Classes/MutatingDescriptor.ql
View File

@@ -12,6 +12,7 @@
*/
import python
private import LegacyPointsTo
predicate mutates_descriptor(ClassObject cls, SelfAttributeStore s) {
cls.isDescriptorType() and

1
python/ql/src/Classes/OverwritingAttributeInSuperClass.ql
View File

@@ -12,6 +12,7 @@
*/
import python
private import LegacyPointsTo
class InitCallStmt extends ExprStmt {
InitCallStmt() {

1
python/ql/src/Classes/PropertyInOldStyleClass.ql
View File

@@ -11,6 +11,7 @@
*/
import python
private import LegacyPointsTo
from PropertyObject prop, ClassObject cls
where cls.declaredAttribute(_) = prop and not cls.failedInference() and not cls.isNewStyle()

1
python/ql/src/Classes/ShouldBeContextManager.ql
View File

@@ -14,6 +14,7 @@
*/
import python
private import LegacyPointsTo
from ClassValue c
where not c.isBuiltin() and not c.isContextManager() and exists(c.declaredAttribute("__del__"))

1
python/ql/src/Classes/SlotsInOldStyleClass.ql
View File

@@ -12,6 +12,7 @@
*/
import python
private import LegacyPointsTo
from ClassObject c
where not c.isNewStyle() and c.declaresAttribute("__slots__") and not c.failedInference()

1
python/ql/src/Classes/SuperInOldStyleClass.ql
View File

@@ -11,6 +11,7 @@
*/
import python
private import LegacyPointsTo
predicate uses_of_super_in_old_style_class(Call s) {
exists(Function f, ClassObject c |

1
python/ql/src/Classes/UndefinedClassAttribute.ql
View File

@@ -12,6 +12,7 @@
import python
import ClassAttributes
private import LegacyPointsTo
predicate undefined_class_attribute(SelfAttributeRead a, CheckClass c, int line, string name) {
name = a.getName() and

1
python/ql/src/Classes/UselessClass.ql
View File

@@ -13,6 +13,7 @@
*/
import python
private import LegacyPointsTo
predicate fewer_than_two_public_methods(Class cls, int methods) {
(methods = 0 or methods = 1) and

1
python/ql/src/Classes/WrongNameForArgumentInClassInstantiation.ql
View File

@@ -16,6 +16,7 @@
import python
import Expressions.CallArgs
private import LegacyPointsTo
from Call call, ClassValue cls, string name, FunctionValue init
where

1
python/ql/src/Classes/WrongNumberArgumentsInClassInstantiation.ql
View File

@@ -15,6 +15,7 @@
import python
import Expressions.CallArgs
private import LegacyPointsTo
from Call call, ClassValue cls, string too, string should, int limit, FunctionValue init
where

3
python/ql/src/Exceptions/IllegalExceptionHandlerType.ql
View File

@@ -12,8 +12,9 @@
*/
import python
private import LegacyPointsTo
from ExceptFlowNode ex, Value t, ClassValue c, ControlFlowNode origin, string what
from ExceptFlowNodeWithPointsTo ex, Value t, ClassValue c, ControlFlowNode origin, string what
where
ex.handledException(t, c, origin) and
(

1
python/ql/src/Exceptions/IllegalRaise.ql
View File

@@ -14,6 +14,7 @@
import python
import Raising
import Exceptions.NotImplemented
private import LegacyPointsTo
from Raise r, ClassValue t
where

1
python/ql/src/Expressions/ContainsNonContainer.ql
View File

@@ -13,7 +13,6 @@
import python
private import LegacyPointsTo
import semmle.python.pointsto.PointsTo
predicate rhs_in_expr(ControlFlowNode rhs, Compare cmp) {
exists(Cmpop op, int i | cmp.getOp(i) = op and cmp.getComparator(i) = rhs.getNode() |

1
python/ql/src/Expressions/IsComparisons.qll
View File

@@ -2,7 +2,6 @@
import python
private import LegacyPointsTo
private import semmle.python.objects.ObjectInternal
/** Holds if the comparison `comp` uses `is` or `is not` (represented as `op`) to compare its `left` and `right` arguments. */
predicate comparison_using_is(Compare comp, ControlFlowNode left, Cmpop op, ControlFlowNode right) {

1
python/ql/src/Expressions/NonPortableComparisonUsingIs.ql
View File

@@ -13,6 +13,7 @@
import python
import IsComparisons
private import LegacyPointsTo
from Compare comp, Cmpop op, ClassValue c
where

1
python/ql/src/Expressions/RedundantComparison.qll
View File

@@ -1,6 +1,7 @@
/** Helper functions for queries that test redundant comparisons. */
import python
private import LegacyPointsTo
/** A comparison where the left and right hand sides appear to be identical. */
class RedundantComparison extends Compare {

1
python/ql/src/Expressions/WrongNameForArgumentInCall.ql
View File

@@ -16,6 +16,7 @@
import python
import Expressions.CallArgs
private import LegacyPointsTo
from Call call, FunctionObject func, string name
where

1
python/ql/src/Expressions/WrongNumberArgumentsForFormat.ql
View File

@@ -15,7 +15,6 @@
import python
import LegacyPointsTo
import semmle.python.objects.ObjectInternal
import semmle.python.strings
predicate string_format(BinaryExpr operation, StringLiteral str, Value args, AstNode origin) {

1
python/ql/src/Expressions/WrongNumberArgumentsInCall.ql
View File

@@ -13,6 +13,7 @@
*/
import python
private import LegacyPointsTo
import CallArgs
from Call call, FunctionValue func, string too, string should, int limit

3
python/ql/src/Functions/ConsistentReturns.ql
View File

@@ -12,6 +12,7 @@
*/
import python
private import LegacyPointsTo
predicate explicitly_returns_non_none(Function func) {
exists(Return return |
@@ -21,7 +22,7 @@ predicate explicitly_returns_non_none(Function func) {
}
predicate has_implicit_return(Function func) {
exists(ControlFlowNode fallthru |
exists(ControlFlowNodeWithPointsTo fallthru |
fallthru = func.getFallthroughNode() and not fallthru.unlikelyReachable()
)
or

1
python/ql/src/Functions/DeprecatedSliceMethod.ql
View File

@@ -10,6 +10,7 @@
*/
import python
private import LegacyPointsTo
predicate slice_method_name(string name) {
name = "__getslice__" or name = "__setslice__" or name = "__delslice__"

1
python/ql/src/Functions/IncorrectlyOverriddenMethod.ql
View File

@@ -14,6 +14,7 @@
import python
import Expressions.CallArgs
private import LegacyPointsTo
from Call call, FunctionValue func, FunctionValue overridden, string problem
where

1
python/ql/src/Functions/IncorrectlySpecifiedOverriddenMethod.ql
View File

@@ -14,6 +14,7 @@
import python
import Expressions.CallArgs
private import LegacyPointsTo
from Call call, FunctionValue func, FunctionValue overriding, string problem
where

1
python/ql/src/Functions/IterReturnsNonIterator.ql
View File

@@ -12,6 +12,7 @@
*/
import python
private import LegacyPointsTo
from ClassValue iterable, FunctionValue iter, ClassValue iterator
where

3
python/ql/src/Functions/OverlyComplexDelMethod.ql
View File

@@ -12,11 +12,12 @@
*/
import python
private import LegacyPointsTo
from FunctionValue method
where
exists(ClassValue c |
c.declaredAttribute("__del__") = method and
method.getScope().getMetrics().getCyclomaticComplexity() > 3
method.getScope().(FunctionMetrics).getCyclomaticComplexity() > 3
)
select method, "Overly complex '__del__' method."

2
python/ql/src/Functions/ReturnValueIgnored.ql
View File

@@ -14,7 +14,7 @@
*/
import python
import semmle.python.objects.Callables
private import LegacyPointsTo
predicate meaningful_return_value(Expr val) {
val instanceof Name

1
python/ql/src/Imports/Cyclic.qll
View File

@@ -1,5 +1,6 @@
import python
private import LegacyPointsTo
private import semmle.python.types.ImportTime
predicate is_import_time(Stmt s) { not s.getScope+() instanceof Function }

1
python/ql/src/Imports/CyclicImport.ql
View File

@@ -13,6 +13,7 @@
import python
import Cyclic
private import LegacyPointsTo
from ModuleValue m1, ModuleValue m2, Stmt imp
where

1
python/ql/src/Imports/ModuleImportsItself.ql
View File

@@ -12,6 +12,7 @@
*/
import python
private import LegacyPointsTo
predicate modules_imports_itself(ImportingStmt i, ModuleValue m) {
i.getEnclosingModule() = m.getScope() and

1
python/ql/src/Imports/ModuleLevelCyclicImport.ql
View File

@@ -14,6 +14,7 @@
import python
import Cyclic
private import LegacyPointsTo
// This is a potentially crashing bug if
// 1. the imports in the whole cycle are lexically outside a def (and so executed at import time)

2
python/ql/src/Imports/UnintentionalImport.ql
View File

@@ -13,6 +13,8 @@
*/
import python
private import LegacyPointsTo
private import semmle.python.types.ImportTime
predicate import_star(ImportStar imp, ModuleValue exporter) {
exporter.importedAs(imp.getImportedModuleName())

5
python/ql/src/Metrics/CLinesOfCode.ql
View File

@@ -10,6 +10,7 @@
*/
import python
private import LegacyPointsTo
from Function f
select f, f.getMetrics().getNumberOfLinesOfCode() as n order by n desc
from FunctionMetrics f
select f, f.getNumberOfLinesOfCode() as n order by n desc

1
python/ql/src/Metrics/ClassAfferentCoupling.ql
View File

@@ -11,6 +11,7 @@
*/
import python
private import LegacyPointsTo
from ClassMetrics cls
select cls, cls.getAfferentCoupling() as n order by n desc

1
python/ql/src/Metrics/ClassEfferentCoupling.ql
View File

@@ -11,6 +11,7 @@
*/
import python
private import LegacyPointsTo
from ClassMetrics cls
select cls, cls.getEfferentCoupling() as n order by n desc

8
python/ql/src/Metrics/CommentRatio.ql
View File

@@ -12,8 +12,10 @@
*/
import python
private import LegacyPointsTo
from Module m, ModuleMetrics mm
where mm = m.getMetrics() and mm.getNumberOfLines() > 0
select m, 100.0 * (mm.getNumberOfLinesOfComments().(float) / mm.getNumberOfLines().(float)) as ratio
from ModuleMetrics mm
where mm.getNumberOfLines() > 0
select mm,
100.0 * (mm.getNumberOfLinesOfComments().(float) / mm.getNumberOfLines().(float)) as ratio
order by ratio desc

5
python/ql/src/Metrics/CyclomaticComplexity.ql
View File

@@ -13,7 +13,8 @@
*/
import python
private import LegacyPointsTo
from Function func, int complexity
where complexity = func.getMetrics().getCyclomaticComplexity()
from FunctionMetrics func, int complexity
where complexity = func.getCyclomaticComplexity()
select func, complexity order by complexity desc

1
python/ql/src/Metrics/Dependencies/ExternalDependenciesSourceLinks.ql
View File

@@ -8,6 +8,7 @@
import python
import semmle.python.dependencies.TechInventory
private import LegacyPointsTo
/*
* This query creates the source links for the ExternalDependencies.ql query.

1
python/ql/src/Metrics/DirectImports.ql
View File

@@ -11,6 +11,7 @@
*/
import python
private import LegacyPointsTo
from ModuleValue m, int n
where n = count(ModuleValue imp | imp = m.getAnImportedModule())

7
python/ql/src/Metrics/DocStringRatio.ql
View File

@@ -11,9 +11,10 @@
*/
import python
private import LegacyPointsTo
from Module m, ModuleMetrics mm
where mm = m.getMetrics() and mm.getNumberOfLines() > 0
select m,
from ModuleMetrics mm
where mm.getNumberOfLines() > 0
select mm,
100.0 * (mm.getNumberOfLinesOfDocStrings().(float) / mm.getNumberOfLines().(float)) as ratio
order by ratio desc

5
python/ql/src/Metrics/FLines.ql
View File

@@ -9,7 +9,8 @@
*/
import python
private import LegacyPointsTo
from Module m, int n
where n = m.getMetrics().getNumberOfLines()
from ModuleMetrics m, int n
where n = m.getNumberOfLines()
select m, n order by n desc

5
python/ql/src/Metrics/FLinesOfCode.ql
View File

@@ -11,7 +11,8 @@
*/
import python
private import LegacyPointsTo
from Module m, int n
where n = m.getMetrics().getNumberOfLinesOfCode()
from ModuleMetrics m, int n
where n = m.getNumberOfLinesOfCode()
select m, n order by n desc

6
python/ql/src/Metrics/FLinesOfComments.ql
View File

@@ -10,8 +10,8 @@
*/
import python
private import LegacyPointsTo
from Module m, int n
where
n = m.getMetrics().getNumberOfLinesOfComments() + m.getMetrics().getNumberOfLinesOfDocStrings()
from ModuleMetrics m, int n
where n = m.getNumberOfLinesOfComments() + m.getNumberOfLinesOfDocStrings()
select m, n order by n desc

1
python/ql/src/Metrics/FunctionNumberOfCalls.ql
View File

@@ -9,6 +9,7 @@
*/
import python
private import LegacyPointsTo
from FunctionMetrics func
select func, func.getNumberOfCalls() as n order by n desc

1
python/ql/src/Metrics/FunctionStatementNestingDepth.ql
View File

@@ -11,6 +11,7 @@
*/
import python
private import LegacyPointsTo
from FunctionMetrics func
select func, func.getStatementNestingDepth() as n order by n desc

5
python/ql/src/Metrics/History/HChurn.ql
View File

@@ -10,8 +10,9 @@
import python
import external.VCS
private import LegacyPointsTo
from Module m, int n
from ModuleMetrics m, int n
where
n =
sum(Commit entry, int churn |
@@ -19,5 +20,5 @@ where
|
churn
) and
exists(m.getMetrics().getNumberOfLinesOfCode())
exists(m.getNumberOfLinesOfCode())
select m, n order by n desc

5
python/ql/src/Metrics/History/HLinesAdded.ql
View File

@@ -10,8 +10,9 @@
import python
import external.VCS
private import LegacyPointsTo
from Module m, int n
from ModuleMetrics m, int n
where
n =
sum(Commit entry, int churn |
@@ -19,5 +20,5 @@ where
|
churn
) and
exists(m.getMetrics().getNumberOfLinesOfCode())
exists(m.getNumberOfLinesOfCode())
select m, n order by n desc

5
python/ql/src/Metrics/History/HLinesDeleted.ql
View File

@@ -10,8 +10,9 @@
import python
import external.VCS
private import LegacyPointsTo
from Module m, int n
from ModuleMetrics m, int n
where
n =
sum(Commit entry, int churn |
@@ -19,5 +20,5 @@ where
|
churn
) and
exists(m.getMetrics().getNumberOfLinesOfCode())
exists(m.getNumberOfLinesOfCode())
select m, n order by n desc

5
python/ql/src/Metrics/History/HNumberOfAuthors.ql
View File

@@ -10,7 +10,8 @@
import python
import external.VCS
private import LegacyPointsTo
from Module m
where exists(m.getMetrics().getNumberOfLinesOfCode())
from ModuleMetrics m
where exists(m.getNumberOfLinesOfCode())
select m, count(Author author | author.getAnEditedFile() = m.getFile())

5
python/ql/src/Metrics/History/HNumberOfCoCommits.ql
View File

@@ -10,11 +10,12 @@
import python
import external.VCS
private import LegacyPointsTo
int committedFiles(Commit commit) { result = count(commit.getAnAffectedFile()) }
from Module m
where exists(m.getMetrics().getNumberOfLinesOfCode())
from ModuleMetrics m
where exists(m.getNumberOfLinesOfCode())
select m,
avg(Commit commit, int toAvg |
commit.getAnAffectedFile() = m.getFile() and toAvg = committedFiles(commit) - 1

5
python/ql/src/Metrics/History/HNumberOfReCommits.ql
View File

@@ -10,6 +10,7 @@
import python
import external.VCS
private import LegacyPointsTo
predicate inRange(Commit first, Commit second) {
first.getAnAffectedFile() = second.getAnAffectedFile() and
@@ -29,6 +30,6 @@ int recommitsForFile(File f) {
)
}
from Module m
where exists(m.getMetrics().getNumberOfLinesOfCode())
from ModuleMetrics m
where exists(m.getNumberOfLinesOfCode())
select m, recommitsForFile(m.getFile())

5
python/ql/src/Metrics/History/HNumberOfRecentAuthors.ql
View File

@@ -10,9 +10,10 @@
import python
import external.VCS
private import LegacyPointsTo
from Module m
where exists(m.getMetrics().getNumberOfLinesOfCode())
from ModuleMetrics m
where exists(m.getNumberOfLinesOfCode())
select m,
count(Author author |
exists(Commit e |

5
python/ql/src/Metrics/History/HNumberOfRecentChangedFiles.ql
View File

@@ -10,11 +10,12 @@
import python
import external.VCS
private import LegacyPointsTo
from Module m
from ModuleMetrics m
where
exists(Commit e |
e.getAnAffectedFile() = m.getFile() and e.daysToNow() <= 180 and not artificialChange(e)
) and
exists(m.getMetrics().getNumberOfLinesOfCode())
exists(m.getNumberOfLinesOfCode())
select m, 1

1
python/ql/src/Metrics/LackofCohesionInMethodsCK.ql
View File

@@ -9,6 +9,7 @@
*/
import python
private import LegacyPointsTo
from ClassMetrics cls
select cls, cls.getLackOfCohesionCK() as n order by n desc

1
python/ql/src/Metrics/LackofCohesionInMethodsHM.ql
View File

@@ -9,6 +9,7 @@
*/
import python
private import LegacyPointsTo
from ClassMetrics cls
select cls, cls.getLackOfCohesionHM() as n order by n desc

1
python/ql/src/Metrics/ModuleAfferentCoupling.ql
View File

@@ -11,6 +11,7 @@
*/
import python
private import LegacyPointsTo
from ModuleMetrics m
select m, m.getAfferentCoupling() as n order by n desc

1
python/ql/src/Metrics/ModuleEfferentCoupling.ql
View File

@@ -11,6 +11,7 @@
*/
import python
private import LegacyPointsTo
from ModuleMetrics m
select m, m.getEfferentCoupling() as n order by n desc

1
python/ql/src/Metrics/NumberOfParametersWithoutDefault.ql
View File

@@ -11,6 +11,7 @@
*/
import python
private import LegacyPointsTo
from FunctionMetrics func
select func, func.getNumberOfParametersWithoutDefault() as n order by n desc

1
python/ql/src/Metrics/TransitiveImports.ql
View File

@@ -11,6 +11,7 @@
*/
import python
private import LegacyPointsTo
from ModuleValue m, int n
where n = count(ModuleValue imp | imp = m.getAnImportedModule+() and imp != m)

2
python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
View File

@@ -182,7 +182,7 @@ module UntrustedDataToExternalApiFlow = TaintTracking::Global<UntrustedDataToExt
/** A node representing untrusted data being passed to an external API. */
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
/** Gets a source of untrusted data which is passed to this external API data node. */
DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }

5
python/ql/src/Statements/DocStrings.ql
View File

@@ -17,6 +17,7 @@
*/
import python
private import LegacyPointsTo
predicate needs_docstring(Scope s) {
s.isPublic() and
@@ -27,12 +28,12 @@ predicate needs_docstring(Scope s) {
)
}
predicate function_needs_docstring(Function f) {
predicate function_needs_docstring(FunctionMetrics f) {
not exists(FunctionValue fo, FunctionValue base | fo.overrides(base) and fo.getScope() = f |
not function_needs_docstring(base.getScope())
) and
f.getName() != "lambda" and
(f.getMetrics().getNumberOfLinesOfCode() - count(f.getADecorator())) > 2 and
(f.getNumberOfLinesOfCode() - count(f.getADecorator())) > 2 and
not exists(PythonPropertyObject p |
p.getGetter().getFunction() = f or
p.getSetter().getFunction() = f

2
python/ql/src/Statements/RedundantAssignment.ql
View File

@@ -36,7 +36,7 @@ predicate same_value(Expr left, Expr right) {
}
predicate maybe_defined_in_outer_scope(Name n) {
exists(SsaVariable v | v.getAUse().getNode() = n | v.maybeUndefined())
exists(SsaVariableWithPointsTo v | v.getAUse().getNode() = n | v.maybeUndefined())
}
/*

1
python/ql/src/Statements/SideEffectInAssert.ql
View File

@@ -13,6 +13,7 @@
*/
import python
private import LegacyPointsTo
predicate func_with_side_effects(Expr e) {
exists(string name | name = e.(Attribute).getName() or name = e.(Name).getId() |

1
python/ql/src/Statements/TopLevelPrint.ql
View File

@@ -12,6 +12,7 @@
*/
import python
private import LegacyPointsTo
predicate main_eq_name(If i) {
exists(Name n, StringLiteral m, Compare c |

1
python/ql/src/Statements/UnnecessaryDelete.ql
View File

@@ -13,6 +13,7 @@
*/
import python
private import LegacyPointsTo
predicate isInsideLoop(AstNode node) {
node.getParentNode() instanceof While

3
python/ql/src/Summary/LinesOfCode.ql
View File

@@ -10,5 +10,6 @@
*/
import python
private import LegacyPointsTo
select sum(Module m | | m.getMetrics().getNumberOfLinesOfCode())
select sum(ModuleMetrics m | | m.getNumberOfLinesOfCode())

5
python/ql/src/Summary/LinesOfUserCode.ql
View File

@@ -14,10 +14,11 @@
import python
import semmle.python.filters.GeneratedCode
private import LegacyPointsTo
select sum(Module m |
select sum(ModuleMetrics m |
exists(m.getFile().getRelativePath()) and
not m.getFile() instanceof GeneratedFile
|
m.getMetrics().getNumberOfLinesOfCode()
m.getNumberOfLinesOfCode()
)

1
python/ql/src/Variables/Undefined.qll
View File

@@ -1,6 +1,7 @@
import python
import Loop
import semmle.python.dataflow.TaintTracking
private import LegacyPointsTo
/** A marker for "uninitialized". */
class Uninitialized extends TaintKind {

6
python/ql/src/Variables/UndefinedGlobal.ql
View File

@@ -12,9 +12,9 @@
import python
private import LegacyPointsTo
private import semmle.python.types.ImportTime
import Variables.MonkeyPatched
import Loop
import semmle.python.pointsto.PointsTo
predicate guarded_against_name_error(Name u) {
exists(Try t | t.getBody().getAnItem().contains(u) |
@@ -62,7 +62,7 @@ predicate undefined_use_in_function(Name u) {
not u.getEnclosingModule().(ImportTimeScope).definesName(u.getId()) and
not exists(ModuleValue m | m.getScope() = u.getEnclosingModule() | m.hasAttribute(u.getId())) and
not globallyDefinedName(u.getId()) and
not exists(SsaVariable var | var.getAUse().getNode() = u and not var.maybeUndefined()) and
not exists(SsaVariableWithPointsTo var | var.getAUse().getNode() = u and not var.maybeUndefined()) and
not guarded_against_name_error(u) and
not (u.getEnclosingModule().isPackageInit() and u.getId() = "__path__")
}
@@ -70,7 +70,7 @@ predicate undefined_use_in_function(Name u) {
predicate undefined_use_in_class_or_module(Name u) {
exists(GlobalVariable v | u.uses(v)) and
not u.getScope().getScope*() instanceof Function and
exists(SsaVariable var | var.getAUse().getNode() = u | var.maybeUndefined()) and
exists(SsaVariableWithPointsTo var | var.getAUse().getNode() = u | var.maybeUndefined()) and
not guarded_against_name_error(u) and
not exists(ModuleValue m | m.getScope() = u.getEnclosingModule() | m.hasAttribute(u.getId())) and
not (u.getEnclosingModule().isPackageInit() and u.getId() = "__path__") and

6
python/ql/src/Variables/UndefinedPlaceHolder.ql
View File

@@ -13,10 +13,14 @@
import python
import Variables.MonkeyPatched
private import LegacyPointsTo
private import semmle.python.types.ImportTime
/* Local variable part */
predicate initialized_as_local(PlaceHolder use) {
exists(SsaVariable l, Function f | f = use.getScope() and l.getAUse() = use.getAFlowNode() |
exists(SsaVariableWithPointsTo l, Function f |
f = use.getScope() and l.getAUse() = use.getAFlowNode()
|
l.getVariable() instanceof LocalVariable and
not l.maybeUndefined()
)

1
python/ql/src/Variables/UninitializedLocal.ql
View File

@@ -14,7 +14,6 @@
import python
private import LegacyPointsTo
import Undefined
import semmle.python.pointsto.PointsTo
predicate uninitialized_local(NameNode use) {
exists(FastLocalVariable local | use.uses(local) or use.deletes(local) |

1
python/ql/src/Variables/UnusedParameter.ql
View File

@@ -14,6 +14,7 @@
import python
import Definition
private import LegacyPointsTo
predicate unused_parameter(FunctionValue f, LocalVariable v) {
v.isParameter() and

3
python/ql/src/analysis/CallGraphEfficiency.ql
View File

@@ -4,8 +4,7 @@
*/
import python
import semmle.python.pointsto.PointsTo
import semmle.python.pointsto.PointsToContext
private import LegacyPointsTo
from int total_facts, int total_size, int depth, float efficiency
where

3
python/ql/src/analysis/CallGraphMarginalEfficiency.ql
View File

@@ -4,8 +4,7 @@
*/
import python
import semmle.python.pointsto.PointsTo
import semmle.python.pointsto.PointsToContext
private import LegacyPointsTo
from int total_facts, int total_size, int depth, float efficiency
where

3
python/ql/src/analysis/ContextEfficiency.ql
View File

@@ -4,8 +4,7 @@
*/
import python
import semmle.python.pointsto.PointsTo
import semmle.python.pointsto.PointsToContext
private import LegacyPointsTo
from int total_facts, int total_size, int depth, float efficiency
where

3
python/ql/src/analysis/ContextMarginalEfficiency.ql
View File

@@ -4,8 +4,7 @@
*/
import python
import semmle.python.pointsto.PointsTo
import semmle.python.pointsto.PointsToContext
private import LegacyPointsTo
int depth(ControlFlowNode f, Object value, ClassObject cls) {
exists(PointsToContext ctx |

2
python/ql/src/analysis/CrossProjectDefinitions.qll
View File

@@ -3,7 +3,7 @@
*/
import python
import semmle.python.pointsto.PointsTo
private import LegacyPointsTo
private newtype TSymbol =
TModule(Module m) or

2
python/ql/src/analysis/Efficiency.ql
View File

@@ -5,8 +5,6 @@
import python
private import LegacyPointsTo
import semmle.python.pointsto.PointsTo
import semmle.python.pointsto.PointsToContext
predicate trivial(ControlFlowNode f) {
f.getNode() instanceof Parameter

2
python/ql/src/analysis/FailedInference.ql
View File

@@ -1,5 +1,5 @@
import python
import semmle.python.pointsto.PointsTo
private import LegacyPointsTo
from ClassValue cls, string reason
where Types::failedInference(cls, reason)

1
python/ql/src/analysis/Summary.ql
View File

@@ -3,6 +3,7 @@
*/
import python
private import LegacyPointsTo
from string key, string value
where

1
python/ql/src/analysis/TypeHierarchyFailure.ql
View File

@@ -8,6 +8,7 @@
*/
import python
private import LegacyPointsTo
from Class cls, string reason
where exists(ClassObject c | c.getPyClass() = cls | c.failedInference(reason))

40
python/ql/src/experimental/semmle/python/security/DecompressionBomb.qll
View File

@@ -364,6 +364,46 @@ module Lzma {
}
}
/** Provides sinks and additional taint steps related to the `zstd` library in Python 3.14+. */
module Zstd {
private API::Node zstdInstance() {
result = API::moduleImport("compression").getMember("zstd").getMember(["ZstdFile", "open"])
}
/**
* The Decompression Sinks of `zstd` library
*
* `zstd.open(sink)`
* `zstd.ZstdFile(sink)`
*
* only read mode is sink
*/
class DecompressionSink extends DecompressionBomb::Sink {
DecompressionSink() {
exists(API::CallNode zstdCall | zstdCall = zstdInstance().getACall() |
this = zstdCall.getParameter(0, "file").asSink() and
(
not exists(
zstdCall
.getParameter(1, "mode")
.getAValueReachingSink()
.asExpr()
.(StringLiteral)
.getText()
) or
zstdCall
.getParameter(1, "mode")
.getAValueReachingSink()
.asExpr()
.(StringLiteral)
.getText()
.matches("%r%")
)
)
}
}
}
/**
* `io.TextIOWrapper(ip, encoding='utf-8')` like following:
* ```python

2
python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql
View File

@@ -38,5 +38,5 @@ module RemoteFlowSourceReachConfig implements DataFlow::ConfigSig {
module RemoteFlowSourceReachFlow = TaintTracking::Global<RemoteFlowSourceReachConfig>;
from DataFlow::Node reachable
where RemoteFlowSourceReachFlow::flow(_, reachable)
where RemoteFlowSourceReachFlow::flowTo(reachable)
select reachable, prettyNode(reachable)

1
python/ql/src/meta/analysis-quality/CallGraphQuality.qll
View File

@@ -5,6 +5,7 @@
import python
import meta.MetaMetrics
private import LegacyPointsTo
newtype TTarget =
TFunction(Function func) or

6
python/ql/src/meta/debug/DebugStats.ql
View File

@@ -1,15 +1,15 @@
import python
private import LegacyPointsTo
from string msg, int cnt, int sort
where
sort = 0 and
msg = "Lines of code in DB" and
cnt = sum(Module m | | m.getMetrics().getNumberOfLinesOfCode())
cnt = sum(ModuleMetrics m | | m.getNumberOfLinesOfCode())
or
sort = 1 and
msg = "Lines of code in repo" and
cnt =
sum(Module m | exists(m.getFile().getRelativePath()) | m.getMetrics().getNumberOfLinesOfCode())
cnt = sum(ModuleMetrics m | exists(m.getFile().getRelativePath()) | m.getNumberOfLinesOfCode())
or
sort = 2 and
msg = "Files" and