Merge pull request #20217 from joefarebrother/python-qual-signature-mismatch

Python: Modernize the Signature Mismatch query
2026-04-30 19:26:02 +02:00 · 2025-09-17 13:29:33 +01:00
parent c653d939d9 f9e094de61
commit f3802ec60f
10 changed files with 366 additions and 48 deletions
--- a/python/ql/test/query-tests/Functions/general/SignatureOverriddenMethod.expected
+++ b/python/ql/test/query-tests/Functions/general/SignatureOverriddenMethod.expected
@@ -1,2 +1,2 @@
-| om_test.py:32:5:32:35 | Function Derived.grossly_wrong1 | Overriding method 'grossly_wrong1' has signature mismatch with $@. | om_test.py:12:5:12:41 | Function Base.grossly_wrong1 | overridden method |
-| om_test.py:35:5:35:47 | Function Derived.grossly_wrong2 | Overriding method 'grossly_wrong2' has signature mismatch with $@. | om_test.py:15:5:15:41 | Function Base.grossly_wrong2 | overridden method |
+| om_test.py:32:5:32:35 | Function grossly_wrong1 | This method requires 2 positional arguments, whereas overridden $@ requires 3. | om_test.py:12:5:12:41 | Function grossly_wrong1 | Base.grossly_wrong1 | file://:0:0:0:0 | (none) | This call |
+| om_test.py:35:5:35:47 | Function grossly_wrong2 | This method requires 4 positional arguments, whereas overridden $@ requires 3. | om_test.py:15:5:15:41 | Function grossly_wrong2 | Base.grossly_wrong2 | file://:0:0:0:0 | (none) | This call |
--- a/python/ql/test/query-tests/Functions/overriding/SignatureOverriddenMethod.expected
+++ b/python/ql/test/query-tests/Functions/overriding/SignatureOverriddenMethod.expected
@@ -1 +1,13 @@
-| test.py:30:5:30:26 | Function Derived.meth3 | Overriding method 'meth3' has signature mismatch with $@. | test.py:11:5:11:20 | Function Base.meth3 | overridden method |
+| test.py:24:5:24:26 | Function meth1 | This method requires 2 positional arguments, whereas overridden $@ requires 1. $@ correctly calls the base method, but does not match the signature of the overriding method. | test.py:5:5:5:20 | Function meth1 | Base.meth1 | test.py:15:9:15:20 | Attribute() | This call |
+| test.py:27:5:27:20 | Function meth2 | This method requires 1 positional argument, whereas overridden $@ requires 2. $@ correctly calls the base method, but does not match the signature of the overriding method. | test.py:8:5:8:26 | Function meth2 | Base.meth2 | test.py:18:9:18:21 | Attribute() | This call |
+| test.py:30:5:30:26 | Function meth3 | This method requires 2 positional arguments, whereas overridden $@ requires 1. | test.py:11:5:11:20 | Function meth3 | Base.meth3 | file://:0:0:0:0 | (none) | This call |
+| test.py:69:5:69:24 | Function meth | This method requires 2 positional arguments, whereas overridden $@ requires 1. | test.py:64:5:64:19 | Function meth | BlameBase.meth | file://:0:0:0:0 | (none) | This call |
+| test.py:74:5:74:24 | Function meth | This method requires 2 positional arguments, whereas overridden $@ requires 1. | test.py:64:5:64:19 | Function meth | BlameBase.meth | file://:0:0:0:0 | (none) | This call |
+| test.py:125:5:125:20 | Function meth1 | This method requires 1 positional argument, whereas overridden $@ may be called with 2. $@ correctly calls the base method, but does not match the signature of the overriding method. | test.py:82:5:82:25 | Function meth1 | Base2.meth1 | test.py:110:9:110:23 | Attribute() | This call |
+| test.py:131:5:131:31 | Function meth4 | This method requires at least 3 positional arguments, whereas overridden $@ requires at most 2. | test.py:88:5:88:25 | Function meth4 | Base2.meth4 | file://:0:0:0:0 | (none) | This call |
+| test.py:133:5:133:28 | Function meth5 | This method requires at most 3 positional arguments, whereas overridden $@ requires at least 4. | test.py:90:5:90:34 | Function meth5 | Base2.meth5 | file://:0:0:0:0 | (none) | This call |
+| test.py:135:5:135:23 | Function meth6 | This method requires 2 positional arguments, whereas overridden $@ may be called with arbitrarily many. $@ correctly calls the base method, but does not match the signature of the overriding method. | test.py:92:5:92:28 | Function meth6 | Base2.meth6 | test.py:113:9:113:27 | Attribute() | This call |
+| test.py:137:5:137:28 | Function meth7 | This method requires at least 2 positional arguments, whereas overridden $@ may be called with 1. $@ correctly calls the base method, but does not match the signature of the overriding method. | test.py:94:5:94:25 | Function meth7 | Base2.meth7 | test.py:114:9:114:20 | Attribute() | This call |
+| test.py:139:5:139:26 | Function meth8 | This method does not accept keyword argument `y`, which overridden $@ does. $@ correctly calls the base method, but does not match the signature of the overriding method. | test.py:96:5:96:26 | Function meth8 | Base2.meth8 | test.py:115:9:115:25 | Attribute() | This call |
+| test.py:147:5:147:21 | Function meth12 | This method does not accept arbitrary keyword arguments, which overridden $@ does. $@ correctly calls the base method, but does not match the signature of the overriding method. | test.py:104:5:104:31 | Function meth12 | Base2.meth12 | test.py:119:9:119:24 | Attribute() | This call |
+| test.py:149:5:149:27 | Function meth13 | This method does not accept keyword argument `x`, which overridden $@ does. $@ correctly calls the base method, but does not match the signature of the overriding method. | test.py:106:5:106:27 | Function meth13 | Base2.meth13 | test.py:120:9:120:24 | Attribute() | This call |
--- a/python/ql/test/query-tests/Functions/overriding/SignatureOverriddenMethod.qlref
+++ b/python/ql/test/query-tests/Functions/overriding/SignatureOverriddenMethod.qlref
@@ -1 +1,2 @@
-Functions/SignatureOverriddenMethod.ql
+query: Functions/SignatureOverriddenMethod.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/python/ql/test/query-tests/Functions/overriding/WrongNameForArgumentInCall.expected
+++ b/python/ql/test/query-tests/Functions/overriding/WrongNameForArgumentInCall.expected
@@ -1 +1,2 @@
 | test.py:19:9:19:31 | Attribute() | Keyword argument 'spam' is not a supported parameter name of $@. | test.py:5:5:5:20 | Function meth1 | method Base.meth1 |
+| test.py:112:9:112:23 | Attribute() | Keyword argument 'x' is not a supported parameter name of $@. | test.py:86:5:86:20 | Function meth3 | method Base2.meth3 |
--- a/python/ql/test/query-tests/Functions/overriding/test.py
+++ b/python/ql/test/query-tests/Functions/overriding/test.py
@@ -21,13 +21,13 @@ class Base(object):

 class Derived(Base):

-    def meth1(self, spam):
+    def meth1(self, spam): # $Alert[py/inheritance/signature-mismatch] # Has 1 more arg, base called in Base.foo
        pass

-    def meth2(self):
+    def meth2(self): # $Alert[py/inheritance/signature-mismatch] # Has 1 fewer arg, base called in Base.foo
        pass

-    def meth3(self, eggs): #Incorrectly overridden and not called. 
+    def meth3(self, eggs): # $Alert[py/inheritance/signature-mismatch] # Has 1 more arg. Method is not called.
        pass

    def bar(self):
@@ -66,13 +66,84 @@ class BlameBase(object):

 class Correct1(BlameBase):

-    def meth(self, arg):
+    def meth(self, arg): # $Alert[py/inheritance/signature-mismatch] # Has 1 more arg. The incorrect-overridden-method query would alert for the base method in this case.
        pass

 class Correct2(BlameBase):

-    def meth(self, arg):
+    def meth(self, arg): # $Alert[py/inheritance/signature-mismatch] # Has 1 more arg
        pass

 c = Correct2()
 c.meth("hi")
+
+class Base2:
+
+    def meth1(self, x=1): pass
+
+    def meth2(self, x=1): pass
+
+    def meth3(self): pass
+
+    def meth4(self, x=1): pass
+
+    def meth5(self, x, y, z, w=1): pass
+
+    def meth6(self, x, *ys): pass
+
+    def meth7(self, *ys): pass
+
+    def meth8(self, x, y): pass
+
+    def meth9(self, x, y): pass
+
+    def meth10(self, x, *, y=3): pass
+
+    def meth11(self, x, y): pass
+
+    def meth12(self, **kwargs): pass
+
+    def meth13(self, /, x): pass
+
+    def call_some(self):
+        self.meth1()
+        self.meth1(x=2)
+        self.meth3()
+        self.meth3(x=2)
+        self.meth6(2, 3, 4)
+        self.meth7()
+        self.meth8(1,y=3)
+        self.meth9(1,2)
+        self.meth10(1,y=3)
+        self.meth11(1,y=3)
+        self.meth12(x=2)
+        self.meth13(x=2)
+
+
+class Derrived2(Base2):
+
+    def meth1(self): pass # $Alert[py/inheritance/signature-mismatch] # Weak mismatch (base may be called with 2 args. only alert if mismatching call exists)
+
+    def meth2(self): pass # No alert (weak mismatch, but not called)
+
+    def meth3(self, x=1): pass # No alert (no mismatch - all base calls are valid for sub)
+
+    def meth4(self, x, y, z=1): pass # $Alert[py/inheritance/signature-mismatch] # sub min > base max (strong mismatch)
+
+    def meth5(self, x, y=1): pass # $Alert[py/inheritance/signature-mismatch]
+
+    def meth6(self, x): pass # $Alert[py/inheritance/signature-mismatch] # weak mismatch (base may be called with 3+ args)
+
+    def meth7(self, x, *ys): pass # $Alert[py/inheritance/signature-mismatch] # weak mismatch (base may be called with 1 arg only)
+
+    def meth8(self, x, z): pass # $Alert[py/inheritance/signature-mismatch] # weak mismatch (base may be called with arg named y)
+
+    def meth9(self, x, z): pass # No alert (never called with wrong keyword arg)
+
+    def meth10(self, x, **kwargs): pass # No alert (y is kw-only arg in base, calls that use it are valid for sub)
+
+    def meth11(self, x, z, **kwargs): pass # $MISSING:Alert[py/inheritance/signature-mismatch] # call using y kw-arg is invalid due to not specifying z, but this is not detected. Likely a fairly niche situation.
+
+    def meth12(self): pass # $Alert[py/inheritance/signature-mismatch] # call including extra kwarg invalid
+
+    def meth13(self, /, y): pass # $Alert[py/inheritance/signature-mismatch] # weak mismatch (base may be called with arg named x), however meth13 is incorrectly detected as having 2 minimum positional arguments, whereas x is kw-only; resulting in the witness call not being detected as a valid call to Base2.meth13.