mirror of
https://github.com/github/codeql.git
synced 2026-02-15 22:43:43 +01:00
fef08afff9
Moves the existing points-to predicates to the newly added class `ControlFlowNodeWithPointsTo` which resides in the `LegacyPointsTo` module. (Existing code that uses these predicates should import this module, and references to `ControlFlowNode` should be changed to `ControlFlowNodeWithPointsTo`.) Also updates all existing points-to based code to do just this.
36 lines
1.4 KiB
Plaintext
36 lines
1.4 KiB
Plaintext
/**
|
|
* @name Importing value of mutable attribute
|
|
* @description Importing the value of a mutable attribute directly means that changes in global state will not be observed locally.
|
|
* @kind problem
|
|
* @tags quality
|
|
* reliability
|
|
* correctness
|
|
* @problem.severity warning
|
|
* @sub-severity high
|
|
* @precision medium
|
|
* @id py/import-of-mutable-attribute
|
|
*/
|
|
|
|
import python
|
|
private import LegacyPointsTo
|
|
import semmle.python.filters.Tests
|
|
|
|
from ImportMember im, ModuleValue m, AttrNode store_attr, string name
|
|
where
|
|
m.importedAs(im.getModule().(ImportExpr).getImportedModuleName()) and
|
|
im.getName() = name and
|
|
/* Modification must be in a function, so it can occur during lifetime of the import value */
|
|
store_attr.getScope() instanceof Function and
|
|
/* variable resulting from import must have a long lifetime */
|
|
not im.getScope() instanceof Function and
|
|
store_attr.isStore() and
|
|
store_attr.getObject(name).(ControlFlowNodeWithPointsTo).pointsTo(m) and
|
|
/* Import not in same module as modification. */
|
|
not im.getEnclosingModule() = store_attr.getScope().getEnclosingModule() and
|
|
/* Modification is not in a test */
|
|
not store_attr.getScope().getScope*() instanceof TestScope
|
|
select im,
|
|
"Importing the value of '" + name +
|
|
"' from $@ means that any change made to $@ will be not be observed locally.", m,
|
|
"module " + m.getName(), store_attr, m.getName() + "." + store_attr.getName()
|