hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5679 from tausbn/python-fix-bad-points-to-joins

Browse Source 
Python: Fix bad points-to joins
This commit is contained in:
yoff
2021-04-20 21:19:32 +02:00
committed by GitHub
parent 3eba5b0aac 897d12420b
commit ef0ea247c4
2 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
python/ql/src/semmle/python/pointsto/PointsTo.qll
View File

@@ -1853,8 +1853,10 @@ module Expressions {
private boolean isinstanceEvaluatesTo(
CallNode call, PointsToContext context, ControlFlowNode use, ObjectInternal val
) {
exists(ObjectInternal cls | isinstance_call(call, use, context, val, cls) |
result = Types::improperSubclass(val.getClass(), cls)
exists(ObjectInternal cls, ObjectInternal val_cls |
isinstance_call(call, use, context, val, val_cls, cls)
|
result = Types::improperSubclass(val_cls, cls)
or
val = ObjectInternal::unknown() and result = maybe()
or
@@ -1866,12 +1868,13 @@ module Expressions {
private predicate isinstance_call(
CallNode call, ControlFlowNode use, PointsToContext context, ObjectInternal val,
ObjectInternal cls
ObjectInternal val_cls, ObjectInternal cls
) {
exists(ControlFlowNode func, ControlFlowNode arg1 |
call2(call, func, use, arg1) and
points_to_isinstance(func, context) and
PointsToInternal::pointsTo(use, context, val, _) and
val_cls = val.getClass() and
PointsToInternal::pointsTo(arg1, context, cls, _)
)
}
@@ -1993,10 +1996,7 @@ module Expressions {
exists(ObjectInternal sup_or_tuple |
issubclass_call(_, _, _, sub, sup_or_tuple) and sub.isClass() = true
or
exists(ObjectInternal val |
isinstance_call(_, _, _, val, sup_or_tuple) and
sub = val.getClass()
)
exists(ObjectInternal val | isinstance_call(_, _, _, val, sub, sup_or_tuple))
|
sup = sup_or_tuple
or

8
python/ql/src/semmle/python/pointsto/PointsToContext.qll
View File

@@ -100,10 +100,14 @@ private int total_call_cost(CallNode call) {
if call_to_init_or_del(call) then result = 1 else result = call_cost(call) + splay_cost(call)
}
pragma[nomagic]
private int relevant_call_cost(PointsToContext ctx, CallNode call) {
ctx.appliesTo(call) and result = total_call_cost(call)
}
pragma[noinline]
private int total_cost(CallNode call, PointsToContext ctx) {
ctx.appliesTo(call) and
result = total_call_cost(call) + context_cost(ctx)
result = relevant_call_cost(ctx, call) + context_cost(ctx)
}
cached