mirror of
https://github.com/github/codeql.git
synced 2026-06-23 05:37:02 +02:00
717ff62d70
Preparatory refactor for the shared-CFG dataflow migration. Deprecates the AstNode.getAFlowNode() cached predicate on the public Python QL API and rewrites all ~140 internal callers across lib/, src/, test/, and tools/ from `expr.getAFlowNode() = cfgNode` to `cfgNode.getNode() = expr`, using ControlFlowNode.getNode() which already exists in Flow.qll. The predicate itself is preserved (with a deprecation note pointing at the new pattern) so external users do not experience churn — they can migrate at their own pace and the AST/CFG hierarchies still get the intended untangling once the deprecation eventually elapses. Semantic noop verified by: - All 361 lib/ + src/ queries compile clean. - All 122 ControlFlow + PointsTo library-tests pass. - All 64 dataflow library-tests pass. - All 113 Variables/Exceptions/Expressions/Statements/Functions/Imports/ Security/CWE-798/ModificationOfParameterWithDefault query-tests pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
54 lines
1.5 KiB
Plaintext
54 lines
1.5 KiB
Plaintext
/** Provides commonly used BarrierGuards. */
|
|
|
|
private import python
|
|
private import semmle.python.dataflow.new.DataFlow
|
|
|
|
private predicate constCompare(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) {
|
|
exists(CompareNode cn | cn = g |
|
|
exists(ImmutableLiteral const, Cmpop op, ControlFlowNode c |
|
|
c.getNode() = const and
|
|
(
|
|
op = any(Eq eq) and branch = true
|
|
or
|
|
op = any(NotEq ne) and branch = false
|
|
)
|
|
|
|
|
cn.operands(c, op, node)
|
|
or
|
|
cn.operands(node, op, c)
|
|
)
|
|
or
|
|
exists(NameConstant const, Cmpop op, ControlFlowNode c |
|
|
c.getNode() = const and
|
|
(
|
|
op = any(Is is_) and branch = true
|
|
or
|
|
op = any(IsNot isn) and branch = false
|
|
)
|
|
|
|
|
cn.operands(c, op, node)
|
|
or
|
|
cn.operands(node, op, c)
|
|
)
|
|
or
|
|
exists(IterableNode const_iterable, Cmpop op |
|
|
op = any(In in_) and branch = true
|
|
or
|
|
op = any(NotIn ni) and branch = false
|
|
|
|
|
forall(ControlFlowNode elem | elem = const_iterable.getAnElement() |
|
|
elem.getNode() instanceof ImmutableLiteral
|
|
) and
|
|
cn.operands(node, op, const_iterable)
|
|
)
|
|
)
|
|
}
|
|
|
|
/** A validation of unknown node by comparing with a constant value. */
|
|
class ConstCompareBarrier extends DataFlow::Node {
|
|
ConstCompareBarrier() { this = DataFlow::BarrierGuard<constCompare/3>::getABarrierNode() }
|
|
}
|
|
|
|
/** DEPRECATED: Use ConstCompareBarrier instead. */
|
|
deprecated class StringConstCompareBarrier = ConstCompareBarrier;
|