mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
Python: Autoformat everything using qlformat.
Will need subsequent PRs fixing up test failures (due to deprecated methods moving around), but other than that everything should be straight-forward.
This commit is contained in:
Taus Brock-Nannestad
@@ -11,7 +11,8 @@ class RedundantComparison extends Compare {
|
||||
)
|
||||
}
|
||||
|
||||
/** Holds if this comparison could be redundant due to a missing `self.`, for example
|
||||
/**
|
||||
* Holds if this comparison could be redundant due to a missing `self.`, for example
|
||||
* ```python
|
||||
* foo == foo
|
||||
* ```
|
||||
|
||||
@@ -22,9 +22,10 @@ where
|
||||
too_few_args(call, func, limit) and too = "too few arguments" and should = "no fewer than "
|
||||
) and
|
||||
not isAbstract(func) and
|
||||
not exists(FunctionValue overridden | func.overrides(overridden) and correct_args_if_called_as_method(call, overridden))
|
||||
not exists(FunctionValue overridden |
|
||||
func.overrides(overridden) and correct_args_if_called_as_method(call, overridden)
|
||||
) and
|
||||
/* The semantics of `__new__` can be a bit subtle, so we simply exclude `__new__` methods */
|
||||
and not func.getName() = "__new__"
|
||||
|
||||
select call, "Call to $@ with " + too + "; should be " + should + limit.toString() + ".", func, func.descriptiveString()
|
||||
|
||||
not func.getName() = "__new__"
|
||||
select call, "Call to $@ with " + too + "; should be " + should + limit.toString() + ".", func,
|
||||
func.descriptiveString()
|
||||
|
||||
@@ -24,7 +24,8 @@ class RangeFunction extends Function {
|
||||
*/
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) { super.getLocation().hasLocationInfo(filepath, startline, startcolumn, _, _) and
|
||||
) {
|
||||
super.getLocation().hasLocationInfo(filepath, startline, startcolumn, _, _) and
|
||||
this.getBody().getLastItem().getLocation().hasLocationInfo(filepath, _, _, endline, endcolumn)
|
||||
}
|
||||
}
|
||||
@@ -43,7 +44,8 @@ class RangeClass extends Class {
|
||||
*/
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) { super.getLocation().hasLocationInfo(filepath, startline, startcolumn, _, _) and
|
||||
) {
|
||||
super.getLocation().hasLocationInfo(filepath, startline, startcolumn, _, _) and
|
||||
this.getBody().getLastItem().getLocation().hasLocationInfo(filepath, _, _, endline, endcolumn)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -51,8 +51,7 @@ predicate mutates_globals(ModuleValue m) {
|
||||
// analysis doesn't handle that well enough. So we need a special case for this
|
||||
not exists(Value enum_convert | enum_convert = enum_class.attr("_convert")) and
|
||||
exists(CallNode call | call.getScope() = m.getScope() |
|
||||
call.getFunction().(AttrNode).getObject(["_convert", "_convert_"]).pointsTo() =
|
||||
enum_class
|
||||
call.getFunction().(AttrNode).getObject(["_convert", "_convert_"]).pointsTo() = enum_class
|
||||
)
|
||||
)
|
||||
)
|
||||
|
||||
@@ -470,6 +470,7 @@ Definition getUniqueDefinition(Expr use) {
|
||||
class NiceLocationExpr extends @py_expr {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString() { result = this.(Expr).toString() }
|
||||
|
||||
/**
|
||||
* Holds if this element is at the specified location.
|
||||
* The location spans column `bc` of line `bl` to
|
||||
|
||||
@@ -13,7 +13,8 @@ import DefinitionTracking
|
||||
external string selectedSourceFile();
|
||||
|
||||
from NiceLocationExpr use, Definition defn, string kind, string f
|
||||
where defn = definitionOf(use, kind)
|
||||
and use.hasLocationInfo(f, _, _, _, _)
|
||||
and getEncodedFile(selectedSourceFile()).getAbsolutePath() = f
|
||||
where
|
||||
defn = definitionOf(use, kind) and
|
||||
use.hasLocationInfo(f, _, _, _, _) and
|
||||
getEncodedFile(selectedSourceFile()).getAbsolutePath() = f
|
||||
select use, defn, kind
|
||||
@@ -13,6 +13,7 @@ import DefinitionTracking
|
||||
external string selectedSourceFile();
|
||||
|
||||
from NiceLocationExpr use, Definition defn, string kind
|
||||
where defn = definitionOf(use, kind)
|
||||
and defn.getLocation().getFile() = getEncodedFile(selectedSourceFile())
|
||||
where
|
||||
defn = definitionOf(use, kind) and
|
||||
defn.getLocation().getFile() = getEncodedFile(selectedSourceFile())
|
||||
select use, defn, kind
|
||||
@@ -6,13 +6,11 @@
|
||||
private import python
|
||||
private import TaintTrackingPrivate
|
||||
private import experimental.dataflow.DataFlow
|
||||
|
||||
// /**
|
||||
// * Holds if taint propagates from `source` to `sink` in zero or more local
|
||||
// * (intra-procedural) steps.
|
||||
// */
|
||||
// predicate localTaint(DataFlow::Node source, DataFlow::Node sink) { localTaintStep*(source, sink) }
|
||||
|
||||
// // /**
|
||||
// // * Holds if taint can flow from `e1` to `e2` in zero or more
|
||||
// // * local (intra-procedural) steps.
|
||||
@@ -20,10 +18,8 @@ private import experimental.dataflow.DataFlow
|
||||
// // predicate localExprTaint(Expr e1, Expr e2) {
|
||||
// // localTaint(DataFlow::exprNode(e1), DataFlow::exprNode(e2))
|
||||
// // }
|
||||
|
||||
// // /** A member (property or field) that is tainted if its containing object is tainted. */
|
||||
// // abstract class TaintedMember extends AssignableMember { }
|
||||
|
||||
// /**
|
||||
// * Holds if taint propagates from `nodeFrom` to `nodeTo` in exactly one local
|
||||
// * (intra-procedural) step.
|
||||
|
||||
8
python/ql/src/external/Thrift.qll
vendored
8
python/ql/src/external/Thrift.qll
vendored
@@ -71,7 +71,9 @@ abstract class ThriftNamedElement extends ThriftElement {
|
||||
not exists(this.getName()) and result = this.getKind() + " ???"
|
||||
}
|
||||
|
||||
override predicate hasLocationInfo(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
|
||||
override predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) {
|
||||
exists(ThriftElement first |
|
||||
first = this.getChild(min(int l | exists(this.getChild(l)))) and
|
||||
first.hasLocationInfo(filepath, startline, startcolumn, _, _) and
|
||||
@@ -151,7 +153,9 @@ class ThriftFunction extends ThriftNamedElement {
|
||||
|
||||
ThriftType getReturnType() { result = this.getChild(1).getChild(0) }
|
||||
|
||||
override predicate hasLocationInfo(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
|
||||
override predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) {
|
||||
this.getChild(1).hasLocationInfo(filepath, startline, startcolumn, _, _) and
|
||||
this.getChild(2).hasLocationInfo(filepath, _, _, endline, endcolumn)
|
||||
}
|
||||
|
||||
4
python/ql/src/external/VCS.qll
vendored
4
python/ql/src/external/VCS.qll
vendored
@@ -24,7 +24,9 @@ class Commit extends @svnentry {
|
||||
string getMessage() { svnentrymsg(this, result) }
|
||||
|
||||
string getAnAffectedFilePath(string action) {
|
||||
exists(File rawFile | svnaffectedfiles(this, rawFile, action) | result = rawFile.getAbsolutePath())
|
||||
exists(File rawFile | svnaffectedfiles(this, rawFile, action) |
|
||||
result = rawFile.getAbsolutePath()
|
||||
)
|
||||
}
|
||||
|
||||
string getAnAffectedFilePath() { result = getAnAffectedFilePath(_) }
|
||||
|
||||
@@ -71,8 +71,11 @@ class CommentBlock extends @py_comment {
|
||||
*/
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) { this.(Comment).getLocation().hasLocationInfo(filepath, startline, startcolumn, _, _) and
|
||||
exists(Comment end | end = this.last() | end.getLocation().hasLocationInfo(_, _, _, endline, endcolumn))
|
||||
) {
|
||||
this.(Comment).getLocation().hasLocationInfo(filepath, startline, startcolumn, _, _) and
|
||||
exists(Comment end | end = this.last() |
|
||||
end.getLocation().hasLocationInfo(_, _, _, endline, endcolumn)
|
||||
)
|
||||
}
|
||||
|
||||
/** Holds if this comment block contains `c`. */
|
||||
|
||||
@@ -407,10 +407,13 @@ class Location extends @location {
|
||||
*/
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) { exists(File f | f.getAbsolutePath() = filepath |
|
||||
) {
|
||||
exists(File f | f.getAbsolutePath() = filepath |
|
||||
locations_default(this, f, startline, startcolumn, endline, endcolumn)
|
||||
or
|
||||
exists(Module m | m.getFile() = f | locations_ast(this, m, startline, startcolumn, endline, endcolumn))
|
||||
exists(Module m | m.getFile() = f |
|
||||
locations_ast(this, m, startline, startcolumn, endline, endcolumn)
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -426,7 +429,8 @@ class Line extends @py_line {
|
||||
*/
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) { exists(Module m |
|
||||
) {
|
||||
exists(Module m |
|
||||
m.getFile().getAbsolutePath() = filepath and
|
||||
endline = startline and
|
||||
startcolumn = 1 and
|
||||
|
||||
@@ -1090,7 +1090,8 @@ class BasicBlock extends @py_flow_node {
|
||||
*/
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) { this.startLocationInfo(filepath, startline, startcolumn) and
|
||||
) {
|
||||
this.startLocationInfo(filepath, startline, startcolumn) and
|
||||
this.endLocationInfo(endline, endcolumn)
|
||||
}
|
||||
|
||||
|
||||
@@ -344,7 +344,6 @@ class Lambda extends Lambda_, CallableExpr {
|
||||
* that is generally only used for type hints today (PEP 484).
|
||||
*/
|
||||
class Arguments extends Arguments_ {
|
||||
|
||||
Expr getASubExpression() {
|
||||
result = this.getADefault() or
|
||||
result = this.getAKwDefault() or
|
||||
@@ -357,7 +356,6 @@ class Arguments extends Arguments_ {
|
||||
|
||||
// The following 4 methods are overwritten to provide better QLdoc. Since the
|
||||
// Arguments_ is auto-generated, we can't change the poor auto-generated docs there :(
|
||||
|
||||
/** Gets the default value for the `index`'th positional parameter. */
|
||||
override Expr getDefault(int index) { result = super.getDefault(index) }
|
||||
|
||||
|
||||
@@ -388,7 +388,8 @@ abstract class TaintSource extends @py_flow_node {
|
||||
*/
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) { this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
) {
|
||||
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
}
|
||||
|
||||
/** Gets a TaintedNode for this taint source */
|
||||
@@ -501,7 +502,8 @@ abstract class TaintSink extends @py_flow_node {
|
||||
*/
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) { this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
) {
|
||||
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -428,7 +428,6 @@ predicate missing_imported_module(ControlFlowNode imp, Context ctx, string name)
|
||||
* Helper for missing modules to determine if name `x.y` is a module `x.y` or
|
||||
* an attribute `y` of module `x`. This list should be added to as required.
|
||||
*/
|
||||
|
||||
predicate common_module_name(string name) {
|
||||
name = "zope.interface"
|
||||
or
|
||||
|
||||
@@ -132,9 +132,7 @@ abstract class RegexString extends Expr {
|
||||
this.getChar(start + 2) = "{" and
|
||||
this.getChar(end - 1) = "}" and
|
||||
end > start and
|
||||
not exists(int i | start + 2 < i and i < end - 1 |
|
||||
this.getChar(i) = "}"
|
||||
)
|
||||
not exists(int i | start + 2 < i and i < end - 1 | this.getChar(i) = "}")
|
||||
}
|
||||
|
||||
private predicate escapedCharacter(int start, int end) {
|
||||
|
||||
@@ -73,7 +73,12 @@ class Object extends @py_object {
|
||||
*/
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) { this.hasOrigin() and this.getOrigin().getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
) {
|
||||
this.hasOrigin() and
|
||||
this
|
||||
.getOrigin()
|
||||
.getLocation()
|
||||
.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
or
|
||||
not this.hasOrigin() and
|
||||
filepath = ":Compiled Code" and
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
* Specifically, we model `HttpRequestTaintSource`s from instances of `BaseHTTPRequestHandler`
|
||||
* (or subclasses) and form parsing using `cgi.FieldStorage`.
|
||||
*/
|
||||
|
||||
import python
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import semmle.python.web.Http
|
||||
@@ -81,6 +82,7 @@ class CgiFieldStorageFormKind extends TaintKind {
|
||||
* nested forms as `form['nested_form']['myfield']`. However, since HTML forms can't be nested
|
||||
* we ignore that detail since it allows for a more clean modeling.
|
||||
*/
|
||||
|
||||
CgiFieldStorageFormKind() { this = "CgiFieldStorageFormKind" }
|
||||
|
||||
override TaintKind getTaintOfAttribute(string name) {
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
import callGraphConfig
|
||||
|
||||
from
|
||||
DataFlow::Node source,
|
||||
DataFlow::Node sink
|
||||
where
|
||||
exists(CallGraphConfig cfg | cfg.hasFlow(source, sink))
|
||||
select
|
||||
source, sink
|
||||
from DataFlow::Node source, DataFlow::Node sink
|
||||
where exists(CallGraphConfig cfg | cfg.hasFlow(source, sink))
|
||||
select source, sink
|
||||
|
||||
@@ -1,10 +1,7 @@
|
||||
import allFlowsConfig
|
||||
|
||||
from
|
||||
DataFlow::Node source,
|
||||
DataFlow::Node sink
|
||||
from DataFlow::Node source, DataFlow::Node sink
|
||||
where
|
||||
source != sink and
|
||||
exists(AllFlowsConfig cfg | cfg.hasFlow(source, sink))
|
||||
select
|
||||
source, sink
|
||||
select source, sink
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
import allFlowsConfig
|
||||
|
||||
from
|
||||
DataFlow::PathNode fromNode,
|
||||
DataFlow::PathNode toNode
|
||||
where
|
||||
toNode = fromNode.getASuccessor()
|
||||
select
|
||||
fromNode, toNode
|
||||
from DataFlow::PathNode fromNode, DataFlow::PathNode toNode
|
||||
where toNode = fromNode.getASuccessor()
|
||||
select fromNode, toNode
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
import experimental.dataflow.DataFlow
|
||||
|
||||
from
|
||||
DataFlow::Node fromNode,
|
||||
DataFlow::Node toNode
|
||||
where
|
||||
DataFlow::localFlow(fromNode, toNode)
|
||||
select
|
||||
fromNode, toNode
|
||||
from DataFlow::Node fromNode, DataFlow::Node toNode
|
||||
where DataFlow::localFlow(fromNode, toNode)
|
||||
select fromNode, toNode
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
import experimental.dataflow.DataFlow
|
||||
|
||||
from
|
||||
DataFlow::Node fromNode,
|
||||
DataFlow::Node toNode
|
||||
where
|
||||
DataFlow::localFlowStep(fromNode, toNode)
|
||||
select
|
||||
fromNode, toNode
|
||||
from DataFlow::Node fromNode, DataFlow::Node toNode
|
||||
where DataFlow::localFlowStep(fromNode, toNode)
|
||||
select fromNode, toNode
|
||||
|
||||
@@ -1,10 +1,7 @@
|
||||
import maximalFlowsConfig
|
||||
|
||||
from
|
||||
DataFlow::Node source,
|
||||
DataFlow::Node sink
|
||||
from DataFlow::Node source, DataFlow::Node sink
|
||||
where
|
||||
source != sink and
|
||||
exists(MaximalFlowsConfig cfg | cfg.hasFlow(source, sink))
|
||||
select
|
||||
source, sink
|
||||
select source, sink
|
||||
|
||||
@@ -11,9 +11,7 @@ class MaximalFlowsConfig extends DataFlow::Configuration {
|
||||
node instanceof DataFlow::ParameterNode
|
||||
or
|
||||
node instanceof DataFlow::EssaNode and
|
||||
not exists(DataFlow::EssaNode pred |
|
||||
DataFlow::localFlowStep(pred, node)
|
||||
)
|
||||
not exists(DataFlow::EssaNode pred | DataFlow::localFlowStep(pred, node))
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node node) {
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
import experimental.dataflow.testConfig
|
||||
|
||||
from
|
||||
DataFlow::Node source,
|
||||
DataFlow::Node sink
|
||||
where
|
||||
exists(TestConfiguration cfg | cfg.hasFlow(source, sink))
|
||||
select
|
||||
source, sink
|
||||
from DataFlow::Node source, DataFlow::Node sink
|
||||
where exists(TestConfiguration cfg | cfg.hasFlow(source, sink))
|
||||
select source, sink
|
||||
|
||||
@@ -7,10 +7,6 @@
|
||||
|
||||
import experimental.dataflow.testConfig
|
||||
|
||||
from
|
||||
DataFlow::Node source,
|
||||
DataFlow::Node sink
|
||||
where
|
||||
exists(TestConfiguration cfg | cfg.hasFlow(source, sink))
|
||||
select
|
||||
source, sink
|
||||
from DataFlow::Node source, DataFlow::Node sink
|
||||
where exists(TestConfiguration cfg | cfg.hasFlow(source, sink))
|
||||
select source, sink
|
||||
|
||||
@@ -2,7 +2,6 @@ import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
import Taint
|
||||
|
||||
from
|
||||
|
||||
@@ -116,13 +116,13 @@ class FunctionExpr_ extends @py_FunctionExpr, CallableExprAdjusted, Expr_ {
|
||||
override string toString() { result = "FunctionExpr" }
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* This upgrade changes the *layout* of the default values for parameters, by
|
||||
* making `Argument.getKwDefault(i)` return the default value for keyword-only parameter `i`
|
||||
* (instead of the i'th default for a keyword-only parameter). `Argument.getDefault` is
|
||||
* changed in the same manner to keep consistency.
|
||||
*/
|
||||
|
||||
from Expr_ expr, int kind, ExprParent_ parent, int oldidx, int newidx
|
||||
where
|
||||
py_exprs(expr, kind, parent, oldidx) and
|
||||
|
||||
Reference in New Issue
Block a user