mirror of
https://github.com/github/codeql.git
synced 2026-03-28 10:18:17 +01:00
3fe715abb6
Without backticks, the text UNDERSCORE UNDERSCORE eq UNDERSCORE UNDERSCORE would be considered to make things bold in our markdown output, making the query info look strange. Example https://codeql.github.com/codeql-query-help/python/py-slots-in-old-style-class/
33 lines
1009 B
Plaintext
33 lines
1009 B
Plaintext
/**
|
|
* @name 'import *' may pollute namespace
|
|
* @description Importing a module using 'import *' may unintentionally pollute the global
|
|
* namespace if the module does not define `__all__`
|
|
* @kind problem
|
|
* @tags maintainability
|
|
* modularity
|
|
* @problem.severity recommendation
|
|
* @sub-severity high
|
|
* @precision very-high
|
|
* @id py/polluting-import
|
|
*/
|
|
|
|
import python
|
|
|
|
predicate import_star(ImportStar imp, ModuleValue exporter) {
|
|
exporter.importedAs(imp.getImportedModuleName())
|
|
}
|
|
|
|
predicate all_defined(ModuleValue exporter) {
|
|
exporter.isBuiltin()
|
|
or
|
|
exporter.getScope().(ImportTimeScope).definesName("__all__")
|
|
or
|
|
exporter.getScope().getInitModule().(ImportTimeScope).definesName("__all__")
|
|
}
|
|
|
|
from ImportStar imp, ModuleValue exporter
|
|
where import_star(imp, exporter) and not all_defined(exporter) and not exporter.isAbsent()
|
|
select imp,
|
|
"Import pollutes the enclosing namespace, as the imported module $@ does not define '__all__'.",
|
|
exporter, exporter.getName()
|