hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Also exclude class scope

Browse Source 
Changing the `locals()` dictionary actually _does_ change the attributes
of the class being defined, so we shouldn't alert in this case.
This commit is contained in:
Taus
2026-04-07 21:39:30 +00:00
parent 8d79248ea7
commit e3688444d7
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/src/Statements/ModificationOfLocals.ql
View File

@@ -37,5 +37,8 @@ where
// in module level scope `locals() == globals()` // in module level scope `locals() == globals()`
// see https://docs.python.org/3/library/functions.html#locals // see https://docs.python.org/3/library/functions.html#locals
// FP report in https://github.com/github/codeql/issues/6674 // FP report in https://github.com/github/codeql/issues/6674
not a.getScope() instanceof Module not a.getScope() instanceof Module and
// in class level scope `locals()` reflects the class namespace,
// so modifications do take effect.
not a.getScope() instanceof Class
select a, "Modification of the locals() dictionary will have no effect on the local variables." select a, "Modification of the locals() dictionary will have no effect on the local variables."

6
python/ql/test/query-tests/Statements/general/test.py
View File

@@ -174,3 +174,9 @@ def assert_ok(seq):
# False positive. ODASA-8042. Fixed in PR #2401. # False positive. ODASA-8042. Fixed in PR #2401.
class false_positive: class false_positive:
e = (x for x in []) e = (x for x in [])
# In class-level scope `locals()` reflects the class namespace,
# so modifications do take effect.
class MyClass:
locals()['x'] = 43 # OK
y = x