mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
9c275c177a
This commit is a squash of 80 other commits. While developing, things changed majorly 2-3 times, and it just wasn't feasible to go back and write a really nice commit history. My apologies for this HUGE commit. Also, later on this is where I solved merge conflicts after flow-summaries PR was merged. For your amusement, I've included the original commit messages below. Python: Add proper argument/parameter positions Python: Handle normal function calls Python: Reduce dataflow-consistency warnings Previously there was a lot of failures for `uniqueEnclosingCallable` and `argHasPostUpdate` Removing the override of `getEnclosingCallable` in ParameterNode is probably the most controversial... although from my point of view it's a change for the better, since we're able to provide data-flow ParameterNodes for more of the AST parameter nodes. Python: Adjust `dataflow/calls` test Python: Implement `isParameterOf`/`argumentOf`/`OutNode` This makes the tests under `dataflow/basic` work as well 👍 (initially I had these as separate commits, but it felt like it was too much noise) Python: Accept fix for `dataflow/consistency` Python: Changes to `coverage/argumentRoutingTest.ql` Notice we gain a few new resolved arguments. We loose out on stuff due to: 1. not handling `*` or `**` in either arguments/parameters (yet) 2. not handling special calls (yet) Python: Small fix for `TestUtil/RoutingTest.qll` Since the helper predicates do not depend on this, moved outside class. Python: Accept changes to `dataflow/coverage/NormalDataflowTest.ql` Most of this is due to: - not handling any kinds of methods yet - not handling `*` or `**` Python: Small investigation of `test_deep_callgraph` Python: Accept changes to `coverage/localFlow.ql` I don't fully understand why the .expected file changed. Since we still have the desired flow, I'm not going to worry too much about it. with this commit, the `dataflow/coverage` tests passes 👍 Python: Minor doc update Python: Add staticmethod/classmethod to `dataflow/calls` Python: Handle method calls on class instances without trying to deal with any class inheritance, or staticmethod/classmethod at all. Notice that with this change, we only have a DataFlowCall for the calls that we can actually resolve. I'm not 100% sure if we need to add a `UnresolvedCall` subclass of `DataFlowCall` for MaD in the future, but it should be easy to do. I'm still unsure about the value of `classesCallGraph`, but have just accepted the changes. Python: Handle direct method calls `C.foo(C, arg0)` Python: Handle `@staticmethod` Python: Handle class method calls... but the code is shit WIP todo Rewrite method calls to be better also fixed a problem with `self` being an argument to the `x.staticmethod()` call :| Python: Add subclass tests Python: Split `class_advanced` test Python: Rewrite call-graph tests to be inline expectation (1/2) This adds inline expectations, next commit will remove old annotations code... but I thought it would be easier to review like this. Minor fixup Python: Add simple subclass support Python: more precise subclass lookup Still not 100% precise.. but it's better New ambiguous Python: Add test for `self.m()` and `cls.m()` calls Python: Handle `self.m()` and `cls.m()` calls Python: Add tests for `__init__` and `__new__` Python: Handle class calls Python: Fix `self` argument passing for class calls Now field-flow tests also pass 💪 (although the crosstalk fieldflow test changes were due to this specific commit) I also copied much of the setup for pre/post update nodes from Ruby, specifically having the abstract `PostUpdateNodeImpl` in DataFlowPrivate seemed like a nice change. Same for the setup with `TNode` definition having the specification directly in the body, instead of a `NeedsSyntheticPostUpdateNode` class. Python: Add new crosstalk test WIP Maybe needs a bit of refactoring, and to see how it all behaves with points-to Python: Add `super()` call-graph tests Python: Refactor MethodCall char-pred In anticipation of supporting `super(MyClass, self).foo()`, where the `self` argument doesn't come from an AttrNode, but from the second argument to super. Without `pragma[inline]` the optimizer found a terrible join-order -- this won't guarantee a good join-order for the future, but for now it was just so simple and could let me move on with life. Python: Add basic `super()` support I debated a little (with myself) whether I should really do `superTracker`, but I thought "why not" and just rolled with it. I did not confirm whether it was actually needed anywhere, that is if anyone does `ref = super; ref().foo()` -- although I certainly doubt it's very wide-spread. Python: InlineCallGraphTest: Allow non-unique callable name in different files Python: more MRO tests Python: Add MRO approximation for `super()` Although it's not 100% accurate, it seems to be on level with the one in points-to. Python: Remove some spurious targets for direct calls removal of TODO from refactoring remove TODOs class call support Python: Add contrived subclass call example Python: Remove more spurious call targets NOTE: I initially forgot to use `findFunctionAccordingToMroKnownStartingClass` instead of `findFunctionAccordingToMro` for __init__ and __new__, and since I did make that mistake myself, I wanted to add something to the test to highlight this fact, and make it viewable by PR reviewer... this will be fixed in the next commit. Python: Proper fix for spurious __init__ targets Python: Add call-graph example of class decorator Python: Support decorated classes in new call-graph Python: Add call-graph tests for `type(obj).meth()` Python: support `type(obj).meth()` Python: Add test for callable defined in function Python: Add test for callable as argument Current'y we don't find these with type-tracking, which is super mysterious. I did check that we have proper flow from the arguments to the parameters. Python: Found problem for callable as argument :| MAJOR WIP WIP commit IT WORKS AGAIN (but terrible performance) remove pragma[inline] remove oops Fix performance problem I tried to optimize it even further, but I didn't end up achieving anything :| Fix call-graph comparison add comparison version with easy lookup incomplete missing call-graph tests unhandled tests trying to replicate missing call-edge due to missing imports ... but it's hard also seems to be problems with the inline-expectation-value that I used, seems like it has both missing/unexpected results with same value Python: Add import-problem test Python: Add shadowing problem some cleanup of rewrite fix a little more cleanup Add consistency queries to call-graph tests Python: Add post-update nodes for `self` in implicit `super()` uses But we do need to discuss whether this is the right approach :O Fix for field-flow tests This came from more precise argument passing Fixed results in type-tracking Comes from better argument passing with super() and handling of functions with decorators fix of inline call graph tests Fixup call annotation test Many minor cleanups/fixes NewNormalCall -> NormalCall Python: Major restructuring + qldoc writing Python: Accept changes from pre/post update node .toString changes Python: Reduce `super` complexity !! WIP !! Python: Only pass self-reference if in same enclosing-callable Python: Add call-graph test with nested class This was inspired by the ImpliesDataflow test that showed missing flow for q_super, but at least for the call-graph, I'm not able to reproduce this missing result :| Python: Restrict `super()` to function defined directly on class Python: Accept fixes to ImpliesDataflow Python: Expand field-flow crosstalk tests
190 lines
3.9 KiB
Python
190 lines
3.9 KiB
Python
import sys
|
|
import os
|
|
import functools
|
|
|
|
sys.path.append(os.path.dirname(os.path.dirname((__file__))))
|
|
from testlib import expects
|
|
|
|
arg = "source"
|
|
arg1 = "source1"
|
|
arg2 = "source2"
|
|
arg3 = "source3"
|
|
arg4 = "source4"
|
|
arg5 = "source5"
|
|
arg6 = "source6"
|
|
arg7 = "source7"
|
|
|
|
|
|
def SINK_TEST(x, test):
|
|
if test(x):
|
|
print("OK")
|
|
else:
|
|
print("Unexpected flow", x)
|
|
|
|
|
|
def SINK(x, expected=arg):
|
|
SINK_TEST(x, test=lambda x: x == expected)
|
|
|
|
|
|
def SINK_F(x, unexpected=arg):
|
|
SINK_TEST(x, test=lambda x: x != unexpected)
|
|
|
|
|
|
SINK1 = functools.partial(SINK, expected=arg1)
|
|
SINK2 = functools.partial(SINK, expected=arg2)
|
|
SINK3 = functools.partial(SINK, expected=arg3)
|
|
SINK4 = functools.partial(SINK, expected=arg4)
|
|
SINK5 = functools.partial(SINK, expected=arg5)
|
|
SINK6 = functools.partial(SINK, expected=arg6)
|
|
SINK7 = functools.partial(SINK, expected=arg7)
|
|
|
|
|
|
def argument_passing(
|
|
a,
|
|
b,
|
|
/,
|
|
c,
|
|
d=arg4, #$ arg4 func=argument_passing
|
|
*,
|
|
e=arg5, #$ arg5 func=argument_passing
|
|
f,
|
|
**g,
|
|
):
|
|
SINK1(a)
|
|
SINK2(b)
|
|
SINK3(c)
|
|
SINK4(d)
|
|
SINK5(e)
|
|
SINK6(f)
|
|
try:
|
|
SINK7(g["g"])
|
|
except:
|
|
print("OK")
|
|
|
|
|
|
@expects(7)
|
|
def test_argument_passing1():
|
|
argument_passing(arg1, *(arg2, arg3, arg4), e=arg5, **{"f": arg6, "g": arg7}) #$ arg1 arg5 MISSING: arg2 arg3 arg4 arg6 arg7
|
|
|
|
|
|
@expects(7)
|
|
def test_argument_passing2():
|
|
argument_passing(arg1, arg2, arg3, f=arg6) #$ arg1 arg2 arg3 arg6
|
|
|
|
|
|
def with_pos_only(a, /, b):
|
|
SINK1(a)
|
|
SINK2(b)
|
|
|
|
|
|
@expects(6)
|
|
def test_pos_only():
|
|
with_pos_only(arg1, arg2) #$ arg1 arg2
|
|
with_pos_only(arg1, b=arg2) #$ arg1 arg2
|
|
with_pos_only(arg1, *(arg2,)) #$ arg1 MISSING: arg2
|
|
|
|
|
|
def with_multiple_kw_args(a, b, c):
|
|
SINK1(a)
|
|
SINK2(b)
|
|
SINK3(c)
|
|
|
|
|
|
@expects(12)
|
|
def test_multiple_kw_args():
|
|
with_multiple_kw_args(b=arg2, c=arg3, a=arg1) #$ arg1 arg2 arg3
|
|
with_multiple_kw_args(arg1, *(arg2,), arg3) #$ arg1 MISSING: arg2 arg3
|
|
with_multiple_kw_args(arg1, **{"c": arg3}, b=arg2) #$ arg1 arg2 MISSING: arg3
|
|
with_multiple_kw_args(**{"b": arg2}, **{"c": arg3}, **{"a": arg1}) #$ MISSING: arg1 arg2 arg3
|
|
|
|
|
|
def with_default_arguments(a=arg1, b=arg2, c=arg3): #$ arg1 arg2 arg3 func=with_default_arguments
|
|
SINK1(a)
|
|
SINK2(b)
|
|
SINK3(c)
|
|
|
|
|
|
@expects(12)
|
|
def test_default_arguments():
|
|
with_default_arguments()
|
|
with_default_arguments(arg1) #$ arg1
|
|
with_default_arguments(b=arg2) #$ arg2
|
|
with_default_arguments(**{"c": arg3}) #$ MISSING: arg3
|
|
|
|
|
|
# Nested constructor pattern
|
|
def grab_foo_bar_baz(foo, **kwargs):
|
|
SINK1(foo)
|
|
grab_bar_baz(**kwargs)
|
|
|
|
|
|
# It is not possible to pass `bar` into `kwargs`,
|
|
# since `bar` is a valid keyword argument.
|
|
def grab_bar_baz(bar, **kwargs):
|
|
SINK2(bar)
|
|
try:
|
|
SINK2_F(kwargs["bar"])
|
|
except:
|
|
print("OK")
|
|
grab_baz(**kwargs)
|
|
|
|
|
|
def grab_baz(baz):
|
|
SINK3(baz)
|
|
|
|
|
|
@expects(4)
|
|
def test_grab():
|
|
grab_foo_bar_baz(baz=arg3, bar=arg2, foo=arg1) #$ arg1 MISSING: arg2 func=grab_bar_baz arg3 func=grab_baz
|
|
|
|
|
|
# All combinations
|
|
def test_pos_pos():
|
|
def with_pos(a):
|
|
SINK1(a)
|
|
|
|
with_pos(arg1) #$ arg1 func=test_pos_pos.with_pos
|
|
|
|
|
|
def test_pos_pos_only():
|
|
def with_pos_only(a, /):
|
|
SINK1(a)
|
|
|
|
with_pos_only(arg1) #$ arg1 func=test_pos_pos_only.with_pos_only
|
|
|
|
|
|
def test_pos_star():
|
|
def with_star(*a):
|
|
if len(a) > 0:
|
|
SINK1(a[0])
|
|
|
|
with_star(arg1) #$ MISSING: arg1 func=test_pos_star.with_star
|
|
|
|
|
|
def test_pos_kw():
|
|
def with_kw(a=""):
|
|
SINK1(a)
|
|
|
|
with_kw(arg1) #$ arg1 func=test_pos_kw.with_kw
|
|
|
|
|
|
def test_kw_pos():
|
|
def with_pos(a):
|
|
SINK1(a)
|
|
|
|
with_pos(a=arg1) #$ arg1 func=test_kw_pos.with_pos
|
|
|
|
|
|
def test_kw_kw():
|
|
def with_kw(a=""):
|
|
SINK1(a)
|
|
|
|
with_kw(a=arg1) #$ arg1 func=test_kw_kw.with_kw
|
|
|
|
|
|
def test_kw_doublestar():
|
|
def with_doublestar(**a):
|
|
SINK1(a["a"])
|
|
|
|
with_doublestar(a=arg1) #$ MISSING: arg1 func=test_kw_doublestar.with_doublestar
|