hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 13:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Remove points-to to from ControlFlowNode

Browse Source 
Moves the existing points-to predicates to the newly added class
`ControlFlowNodeWithPointsTo` which resides in the `LegacyPointsTo`
module.

(Existing code that uses these predicates should import this module, and
references to `ControlFlowNode` should be changed to
`ControlFlowNodeWithPointsTo`.)

Also updates all existing points-to based code to do just this.
This commit is contained in:
Taus
2025-10-29 22:05:43 +00:00
parent 4461be180a
commit fef08afff9
75 changed files with 410 additions and 236 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
python/ql/lib/semmle/python/values/StringAttributes.qll
View File

@@ -1,6 +1,10 @@
import python
private import LegacyPointsTo
private import semmle.python.types.Object
private import semmle.python.types.ClassObject
private import semmle.python.types.FunctionObject
predicate string_attribute_all(ControlFlowNode n, string attr) {
predicate string_attribute_all(ControlFlowNodeWithPointsTo n, string attr) {
(n.getNode() instanceof Unicode or n.getNode() instanceof Bytes) and
attr = "const"
or
@@ -19,18 +23,27 @@ predicate tracked_object(ControlFlowNode obj, string attr) {
tracked_object_any(obj, attr)
}
predicate open_file(Object obj) { obj.(CallNode).getFunction().refersTo(Object::builtin("open")) }
predicate open_file(Object obj) {
obj.(CallNode).getFunction().(ControlFlowNodeWithPointsTo).refersTo(Object::builtin("open"))
}
predicate string_attribute_any(ControlFlowNode n, string attr) {
predicate string_attribute_any(ControlFlowNodeWithPointsTo n, string attr) {
attr = "user-input" and
exists(Object input | n.(CallNode).getFunction().refersTo(input) |
exists(Object input | n.(CallNode).getFunction().(ControlFlowNodeWithPointsTo).refersTo(input) |
if major_version() = 2
then input = Object::builtin("raw_input")
else input = Object::builtin("input")
)
or
attr = "file-input" and
exists(Object fd | n.(CallNode).getFunction().(AttrNode).getObject("read").refersTo(fd) |
exists(Object fd |
n.(CallNode)
.getFunction()
.(AttrNode)
.getObject("read")
.(ControlFlowNodeWithPointsTo)
.refersTo(fd)
|
open_file(fd)
)
or
@@ -65,7 +78,7 @@ ControlFlowNode sequence_for_iterator(ControlFlowNode f) {
}
pragma[noinline]
private predicate tracking_step(ControlFlowNode src, ControlFlowNode dest) {
private predicate tracking_step(ControlFlowNode src, ControlFlowNodeWithPointsTo dest) {
src = dest.(BinaryExprNode).getAnOperand()
or
src = dest.(UnaryExprNode).getOperand()