Merge pull request #2932 from RasmusWL/python-re.compile-missing-points-to

Python: Add example of re.compile missing points-to
2025-12-20 18:56:32 +01:00 · 2020-03-10 11:55:23 +01:00
parent 28a9baba36 ee4190e0d9
commit e3160f966f
7 changed files with 47 additions and 0 deletions
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.expected
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.expected
@@ -0,0 +1,3 @@
+| test.py:5:7:5:9 | ControlFlowNode for foo | int 42 |
+| test.py:11:11:11:13 | ControlFlowNode for foo | int 1 |
+| test.py:17:11:17:13 | ControlFlowNode for foo | <MISSING pointsTo()> |
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.ql
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.ql
@@ -0,0 +1,10 @@
+import python
+
+from NameNode name, CallNode call, string debug
+where
+    call.getAnArg() = name and
+    call.getFunction().(NameNode).getId() = "check" and
+    if exists(name.pointsTo())
+    then debug = name.pointsTo().toString()
+    else debug = "<MISSING pointsTo()>"
+select name, debug
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/options
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/options
@@ -0,0 +1 @@
+semmle-extractor-options: --max-import-depth=1 --lang=3
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/test.py
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/test.py
@@ -0,0 +1,17 @@
+# Only a problem in Python 3
+from urllib.parse import urlsplit
+
+foo = 42
+check(foo)
+
+def func(url):
+    parts = urlsplit(url)
+
+    foo = 1
+    check(foo)
+
+    if parts.path: # using `urlsplit(url).path` here is equivalent
+        return # using `pass` here instead makes points-to work
+
+    foo = 2
+    check(foo) # no points-to information
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.expected
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.expected
@@ -0,0 +1 @@
+| test.py:5:7:5:13 | ControlFlowNode for PATTERN | <MISSING pointsTo()> |
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.ql
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.ql
@@ -0,0 +1,10 @@
+import python
+
+from NameNode name, CallNode call, string debug
+where
+    call.getAnArg() = name and
+    call.getFunction().(NameNode).getId() = "check" and
+    if exists(name.pointsTo())
+    then debug = name.pointsTo().toString()
+    else debug = "<MISSING pointsTo()>"
+select name, debug
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/test.py
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/test.py
@@ -0,0 +1,5 @@
+import re
+
+PATTERN = re.compile("a|b")
+
+check(PATTERN)
				`@@ -0,0 +1 @@`
				`semmle-extractor-options: --max-import-depth=1 --lang=3`
				`@@ -0,0 +1 @@`
				`\| test.py:5:7:5:13 \| ControlFlowNode for PATTERN \| <MISSING pointsTo()> \|`