From f19b672656c6e68217638d9dba91597fdec0e98e Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Thu, 28 Sep 2023 15:36:28 +0200 Subject: [PATCH] Python: Also capture alias with new name --- .../semmle/python/frameworks/internal/SubclassFinder.qll | 7 ++++--- .../experimental/library-tests/FindSubclass/Find.expected | 1 + .../library-tests/FindSubclass/find_subclass_test.py | 3 +++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll b/python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll index 93f2231b0be..beef01ec6df 100644 --- a/python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll +++ b/python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll @@ -190,11 +190,12 @@ module NotExposed { string relevantName, Location loc ) { loc = mod.getLocation() and - exists(API::Node relevantClass, ClassExpr classExpr | + exists(API::Node relevantClass, Expr value | relevantClass = newOrExistingModeling(spec).getASubclass*() and ImportResolution::module_export(mod, relevantName, def) and - classExpr = relevantClass.asSource().asExpr() and - classExpr = def.asVar().getDefinition().(AssignmentDefinition).getValue().getNode() + value = relevantClass.getAValueReachableFromSource().asExpr() and + value = def.asVar().getDefinition().(AssignmentDefinition).getValue().getNode() + // value could be a ClassExpr if a new class is defined, or a Name if defining an alias ) and ( mod.isPackageInit() and diff --git a/python/ql/test/experimental/library-tests/FindSubclass/Find.expected b/python/ql/test/experimental/library-tests/FindSubclass/Find.expected index 48813c67931..eb0696c61ca 100644 --- a/python/ql/test/experimental/library-tests/FindSubclass/Find.expected +++ b/python/ql/test/experimental/library-tests/FindSubclass/Find.expected @@ -1,3 +1,4 @@ | flask.View~Subclass | find_subclass_test | Member[A] | | flask.View~Subclass | find_subclass_test | Member[B] | +| flask.View~Subclass | find_subclass_test | Member[ViewAlias] | | flask.View~Subclass | find_subclass_test | Member[View] | diff --git a/python/ql/test/experimental/library-tests/FindSubclass/find_subclass_test.py b/python/ql/test/experimental/library-tests/FindSubclass/find_subclass_test.py index 541d7973844..3f4f7dbf8b8 100644 --- a/python/ql/test/experimental/library-tests/FindSubclass/find_subclass_test.py +++ b/python/ql/test/experimental/library-tests/FindSubclass/find_subclass_test.py @@ -5,3 +5,6 @@ class A(View): class B(A): pass + + +ViewAlias = View