hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: do not stake out too much territory

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2022-09-14 10:28:11 +02:00
parent 58cfac27d2
commit f83158ff8b
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatchPointsTo.qll
View File

@@ -617,6 +617,18 @@ class SpecialCall extends DataFlowSourceCall, TSpecialCall {
* and not be available for a summary. * and not be available for a summary.
*/ */
class LibraryCall extends NormalCall { class LibraryCall extends NormalCall {
LibraryCall() {
// TODO: share this with `resolvedCall`
not (
call = any(DataFlowCallableValue cv).getACall()
or
call = any(DataFlowLambda l).getACall()
or
// TODO: this should be covered by `DataFlowCallableValue`, but a `ClassValue` is not a `CallableValue`.
call = any(ClassValue c).getACall()
)
}
// TODO: Implement Python calling convention? // TODO: Implement Python calling convention?
override Node getArg(int n) { result = TCfgNode(call.getArg(n)) } override Node getArg(int n) { result = TCfgNode(call.getArg(n)) }

2
python/ql/test/experimental/dataflow/calls/test.py
View File

@@ -32,6 +32,6 @@ try:
# ignored. # ignored.
import mypkg import mypkg
mypkg.foo(42) # $ call=mypkg.foo(..) qlclass=NormalCall mypkg.foo(42) # $ call=mypkg.foo(..) qlclass=NormalCall
mypkg.subpkg.bar(43) # $ call=mypkg.subpkg.bar(..) qlclass=NormalCall mypkg.subpkg.bar(43) # $ call=mypkg.subpkg.bar(..) qlclass=LibraryCall arg_0=43
except: except:
pass pass