hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Improve field-flow by removing import *

Browse Source 
Since that apparently impacts call graph resolution with points-to :O

Also interesting that global flow was only not working for those cases
because of the tricky ifs... still need to 100% figure out how those ifs
are messing up the analysis :|
This commit is contained in:
Rasmus Wriedt Larsen
2022-02-25 16:01:08 +01:00
parent 999af15bd5
commit f988e1f0d8
1 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
python/ql/test/experimental/dataflow/fieldflow/test.py
View File

@@ -2,7 +2,7 @@ import sys
import os
sys.path.append(os.path.dirname(os.path.dirname((__file__)))) # $ unresolved_call=os.path.dirname(..) unresolved_call=sys.path.append(..)
from testlib import *
from testlib import expects
# These are defined so that we can evaluate the test code.
NONSOURCE = "not a source"
@@ -53,8 +53,8 @@ def test_indirect_assign():
def test_indirect_assign_method():
myobj = MyObj("OK")
myobj.setFoo(SOURCE) # $ unresolved_call=myobj.setFoo(..)
SINK(myobj.foo) # $ MISSING: flow
myobj.setFoo(SOURCE)
SINK(myobj.foo) # $ flow="SOURCE, l:-1 -> myobj.foo"
def test_direct_assign():
@@ -157,8 +157,8 @@ def test_nested_obj():
def test_nested_obj_method():
x = SOURCE
a = NestedObj()
a.getObj().foo = x # $ unresolved_call=a.getObj()
SINK(a.obj.foo) # $ MISSING: flow
a.getObj().foo = x
SINK(a.obj.foo) # $ flow="SOURCE, l:-3 -> a.obj.foo"
# ------------------------------------------------------------------------------
# Global scope
@@ -184,6 +184,22 @@ def test_global_scope():
# Global flow cases that doesn't work in this file, but works in test_global.py
# ------------------------------------------------------------------------------
# --------------------------------------
# method calls _before_ those ifs
# --------------------------------------
# def test_indirect_assign_method():
myobj2 = MyObj("OK")
myobj2.setFoo(SOURCE)
SINK(myobj2.foo) # $ flow="SOURCE, l:-1 -> myobj2.foo"
# def test_nested_obj_method():
x2 = SOURCE
a2 = NestedObj()
a2.getObj().foo = x2
SINK(a2.obj.foo) # $ flow="SOURCE, l:-3 -> a2.obj.foo"
# --------------------------------------
# using constructor
# --------------------------------------
@@ -218,7 +234,7 @@ SINK(obj3.foo) # $ unresolved_call=SINK(..) MISSING: flow="SOURCE, l:-1 -> obj3.
SINK(fields_with_local_flow(SOURCE)) # $ unresolved_call=fields_with_local_flow(..) unresolved_call=SINK(..) MISSING: flow="SOURCE -> fields_with_local_flow(..)"
# --------------------------------------
# method calls
# method calls _after_ those ifs
# --------------------------------------
# def test_indirect_assign_method():