mirror of
https://github.com/github/codeql.git
synced 2025-12-25 13:16:33 +01:00
f07a7bf8cf
Will need subsequent PRs fixing up test failures (due to deprecated methods moving around), but other than that everything should be straight-forward.
27 lines
737 B
Plaintext
27 lines
737 B
Plaintext
/**
|
|
* @name Formatted object is not a mapping
|
|
* @description The formatted object must be a mapping when the format includes a named specifier; otherwise a TypeError will be raised."
|
|
* @kind problem
|
|
* @tags reliability
|
|
* correctness
|
|
* @problem.severity error
|
|
* @sub-severity low
|
|
* @precision high
|
|
* @id py/percent-format/not-mapping
|
|
*/
|
|
|
|
import python
|
|
import semmle.python.strings
|
|
|
|
from Expr e, ClassValue t
|
|
where
|
|
exists(BinaryExpr b |
|
|
b.getOp() instanceof Mod and
|
|
format_string(b.getLeft()) and
|
|
e = b.getRight() and
|
|
mapping_format(b.getLeft()) and
|
|
e.pointsTo().getClass() = t and
|
|
not t.isMapping()
|
|
)
|
|
select e, "Right hand side of a % operator must be a mapping, not class $@.", t, t.getName()
|