hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-05 21:47:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
4aee0b3c87114d1655c16d65821e2200282e0dbc
codeql/python/ql/src/Exceptions/CatchingBaseException.ql
Copilot db1e5035b4 Python: deprecate AstNode.getAFlowNode() and rewrite internal callers 
Preparatory refactor for the shared-CFG dataflow migration.

Deprecates the AstNode.getAFlowNode() cached predicate on the public
Python QL API and rewrites all ~140 internal callers across lib/, src/,
test/, and tools/ from `expr.getAFlowNode() = cfgNode` to
`cfgNode.getNode() = expr`, using ControlFlowNode.getNode() which
already exists in Flow.qll.

The predicate itself is preserved (with a deprecation note pointing at
the new pattern) so external users do not experience churn — they can
migrate at their own pace and the AST/CFG hierarchies still get the
intended untangling once the deprecation eventually elapses.

Semantic noop verified by:
- All 361 lib/ + src/ queries compile clean.
- All 122 ControlFlow + PointsTo library-tests pass.
- All 64 dataflow library-tests pass.
- All 113 Variables/Exceptions/Expressions/Statements/Functions/Imports/
  Security/CWE-798/ModificationOfParameterWithDefault query-tests pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-05 07:57:42 +00:00

33 lines
879 B
Plaintext
Raw Blame History

/**
* @name Except block handles 'BaseException'
* @description Handling 'BaseException' means that system exits and keyboard interrupts may be mis-handled.
* @kind problem
* @tags quality
* reliability
* error-handling
* external/cwe/cwe-396
* @problem.severity recommendation
* @sub-severity high
* @precision very-high
* @id py/catch-base-exception
*/
import python
import semmle.python.ApiGraphs
predicate doesnt_reraise(ExceptStmt ex) {
exists(ControlFlowNode exCfg | exCfg.getNode() = ex | exCfg.getBasicBlock().reachesExit())
}
predicate catches_base_exception(ExceptStmt ex) {
ex.getType() = API::builtin("BaseException").getAValueReachableFromSource().asExpr()
or
not exists(ex.getType())
}
from ExceptStmt ex
where
catches_base_exception(ex) and
doesnt_reraise(ex)
select ex, "Except block directly handles BaseException."
Reference in New Issue View Git Blame Copy Permalink