hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-24 22:27:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0c12d920ab1d8a16031aab5736070e8465ced063
codeql/python/ql/src/Statements/IterableStringOrSequence.ql
Copilot 717ff62d70 Python: deprecate AstNode.getAFlowNode() and rewrite internal callers 
Preparatory refactor for the shared-CFG dataflow migration.

Deprecates the AstNode.getAFlowNode() cached predicate on the public
Python QL API and rewrites all ~140 internal callers across lib/, src/,
test/, and tools/ from `expr.getAFlowNode() = cfgNode` to
`cfgNode.getNode() = expr`, using ControlFlowNode.getNode() which
already exists in Flow.qll.

The predicate itself is preserved (with a deprecation note pointing at
the new pattern) so external users do not experience churn — they can
migrate at their own pace and the AST/CFG hierarchies still get the
intended untangling once the deprecation eventually elapses.

Semantic noop verified by:
- All 361 lib/ + src/ queries compile clean.
- All 122 ControlFlow + PointsTo library-tests pass.
- All 64 dataflow library-tests pass.
- All 113 Variables/Exceptions/Expressions/Statements/Functions/Imports/
  Security/CWE-798/ModificationOfParameterWithDefault query-tests pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-22 14:55:19 +02:00

40 lines
1.2 KiB
Plaintext
Raw Blame History

/**
* @name Iterable can be either a string or a sequence
* @description Iteration over either a string or a sequence in the same loop can cause errors that are hard to find.
* @kind problem
* @tags quality
* reliability
* correctness
* @problem.severity error
* @sub-severity low
* @precision high
* @id py/iteration-string-and-sequence
*/
import python
private import LegacyPointsTo
import semmle.python.filters.Tests
predicate has_string_type(Value v) {
v.getClass() = ClassValue::str()
or
v.getClass() = ClassValue::unicode() and major_version() = 2
}
from
For loop, ControlFlowNodeWithPointsTo iter, Value str, Value seq, ControlFlowNode seq_origin,
ControlFlowNode str_origin
where
iter.getNode() = loop.getIter() and
iter.pointsTo(str, str_origin) and
iter.pointsTo(seq, seq_origin) and
has_string_type(str) and
seq.getClass().isIterable() and
not has_string_type(seq) and
// suppress occurrences from tests
not seq_origin.getScope().getScope*() instanceof TestScope and
not str_origin.getScope().getScope*() instanceof TestScope
select loop,
"Iteration over $@, of class " + seq.getClass().getName() + ", may also iterate over $@.",
seq_origin, "sequence", str_origin, "string"
Reference in New Issue View Git Blame Copy Permalink