mirror of
https://github.com/github/codeql.git
synced 2025-12-17 17:23:36 +01:00
2318752c14
type tracking and the API graph.
- In `TypeTrackerSpecific.qll` we add a jump step
- to every scope entry definition
- from the value of any defining `DefinitionNode`
(In our example, the definition is the class name, `Users`,
while the assigned value is the class definition, and it is
the latter which receives flow in this case.)
- In `LocalSources.qll` we allow scope entry definitions as local sources.
- This feels natural enough, as they are a local source for the value, they represent.
It is perhaps a bit funne to see an Ssa variable here,
rather than a control flow node.
- This is necessary in order for type tracking to see the local flow
from the scope entry definition.
- In `ApiGraphs.qll` we no longer restrict the result of `trackUseNode`
to be an `ExprNode`. To keep the positive formulation, we do not
prohibit module variable nodes. Instead we restrict to the new
`LocalSourceNodeNotModule` which avoids those cases.
15 lines
477 B
Python
15 lines
477 B
Python
from html import escape
|
|
|
|
def p(x):
|
|
return escape(x) #$ use=moduleImport("html").getMember("escape").getReturn()
|
|
|
|
def p_list(l):
|
|
return ", ".join(p(x) for x in l) #$ use=moduleImport("html").getMember("escape").getReturn()
|
|
|
|
def pp_list(l):
|
|
def pp(x):
|
|
return escape(x) #$ use=moduleImport("html").getMember("escape").getReturn()
|
|
|
|
def pp_list_inner(l):
|
|
return ", ".join(pp(x) for x in l) #$ use=moduleImport("html").getMember("escape").getReturn()
|