Merge pull request #3640 from RasmusWL/python-handle-3.8-enum-convert

Approved by tausbn
2026-04-30 19:26:02 +02:00 · 2020-06-10 17:19:22 +01:00
parent 5b0d92d72b 721713b9e1
commit f7c6b1364b
4 changed files with 50 additions and 5 deletions
--- a/python/ql/src/Variables/UndefinedExport.ql
+++ b/python/ql/src/Variables/UndefinedExport.ql
@@ -33,12 +33,27 @@ predicate mutates_globals(ModuleValue m) {
        exists(SubscriptNode sub | sub.getObject() = globals and sub.isStore())
    )
    or
-    exists(Value enum_convert, ClassValue enum_class |
+    // Enum (added in 3.4) has method `_convert_` that alters globals
+    // This was called `_convert` until 3.8, but that name will be removed in 3.9
+    exists(ClassValue enum_class |
        enum_class.getASuperType() = Value::named("enum.Enum") and
-        enum_convert = enum_class.attr("_convert") and
-        exists(CallNode call | call.getScope() = m.getScope() |
-            enum_convert.getACall() = call or
-            call.getFunction().pointsTo(enum_convert)
+        (
+            // In Python < 3.8, Enum._convert can be found with points-to
+            exists(Value enum_convert |
+                enum_convert = enum_class.attr("_convert") and
+                exists(CallNode call | call.getScope() = m.getScope() |
+                    enum_convert.getACall() = call or
+                    call.getFunction().pointsTo(enum_convert)
+                )
+            )
+            or
+            // In Python 3.8, Enum._convert_ is implemented using a metaclass, and our points-to
+            // analysis doesn't handle that well enough. So we need a special case for this
+            not exists(Value enum_convert | enum_convert = enum_class.attr("_convert")) and
+            exists(CallNode call | call.getScope() = m.getScope() |
+                call.getFunction().(AttrNode).getObject(["_convert", "_convert_"]).pointsTo() =
+                    enum_class
+            )
        )
    )
 }
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/metaclass/getACall.expected
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/metaclass/getACall.expected
@@ -0,0 +1 @@
+| test.py:6:5:6:22 | Function Foo.foo | test.py:9:1:9:11 | ControlFlowNode for Attribute() |
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/metaclass/getACall.ql
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/metaclass/getACall.ql
@@ -0,0 +1,4 @@
+import python
+
+from PythonFunctionValue func
+select func, func.getACall()
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/metaclass/test.py
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/metaclass/test.py
@@ -0,0 +1,25 @@
+# Simple classmethod
+
+class Foo(object):
+
+    @classmethod
+    def foo(cls, arg):
+        print(cls, arg)
+
+Foo.foo(42)
+
+
+# classmethod defined by metaclass
+
+class BarMeta(type):
+
+    def bar(cls, arg):
+        print(cls, arg)
+
+class Bar(metaclass=BarMeta):
+    pass
+
+Bar.bar(42) # TODO: No points-to
+
+# If this is solved, please update python/ql/src/Variables/UndefinedExport.ql which has a
+# work-around for this behavior
				`@@ -0,0 +1 @@`
				`\| test.py:6:5:6:22 \| Function Foo.foo \| test.py:9:1:9:11 \| ControlFlowNode for Attribute() \|`