mirror of
https://github.com/github/codeql.git
synced 2026-01-02 09:16:34 +01:00
3fe715abb6
Without backticks, the text UNDERSCORE UNDERSCORE eq UNDERSCORE UNDERSCORE would be considered to make things bold in our markdown output, making the query info look strange. Example https://codeql.github.com/codeql-query-help/python/py-slots-in-old-style-class/
33 lines
1.0 KiB
Plaintext
33 lines
1.0 KiB
Plaintext
/**
|
|
* @name Mutation of descriptor in `__get__` or `__set__` method.
|
|
* @description Descriptor objects can be shared across many instances. Mutating them can cause strange side effects or race conditions.
|
|
* @kind problem
|
|
* @tags reliability
|
|
* correctness
|
|
* @problem.severity error
|
|
* @sub-severity low
|
|
* @precision very-high
|
|
* @id py/mutable-descriptor
|
|
*/
|
|
|
|
import python
|
|
|
|
predicate mutates_descriptor(ClassObject cls, SelfAttributeStore s) {
|
|
cls.isDescriptorType() and
|
|
exists(PyFunctionObject f, PyFunctionObject get_set |
|
|
exists(string name | cls.lookupAttribute(name) = get_set |
|
|
name = "__get__" or name = "__set__" or name = "__delete__"
|
|
) and
|
|
cls.lookupAttribute(_) = f and
|
|
get_set.getACallee*() = f and
|
|
not f.getName() = "__init__" and
|
|
s.getScope() = f.getFunction()
|
|
)
|
|
}
|
|
|
|
from ClassObject cls, SelfAttributeStore s
|
|
where mutates_descriptor(cls, s)
|
|
select s,
|
|
"Mutation of descriptor $@ object may lead to action-at-a-distance effects or race conditions for properties.",
|
|
cls, cls.getName()
|