hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-03 12:50:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a13dfaa44f5e0b3f37a1092700926e50cc21095a
codeql/python/ql/src/Variables/LeakingListComprehension.ql
Copilot a13dfaa44f Python: deprecate AstNode.getAFlowNode() and rewrite internal callers 
Preparatory refactor for the shared-CFG dataflow migration.

Deprecates the AstNode.getAFlowNode() cached predicate on the public
Python QL API and rewrites all ~140 internal callers across lib/, src/,
test/, and tools/ from `expr.getAFlowNode() = cfgNode` to
`cfgNode.getNode() = expr`, using ControlFlowNode.getNode() which
already exists in Flow.qll.

The predicate itself is preserved (with a deprecation note pointing at
the new pattern) so external users do not experience churn — they can
migrate at their own pace and the AST/CFG hierarchies still get the
intended untangling once the deprecation eventually elapses.

Semantic noop verified by:
- All 361 lib/ + src/ queries compile clean.
- All 122 ControlFlow + PointsTo library-tests pass.
- All 64 dataflow library-tests pass.
- All 113 Variables/Exceptions/Expressions/Statements/Functions/Imports/
  Security/CWE-798/ModificationOfParameterWithDefault query-tests pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-02 08:37:30 +00:00

35 lines
1.1 KiB
Plaintext
Raw Blame History

/**
* @name List comprehension variable used in enclosing scope
* @description Using the iteration variable of a list comprehension in the enclosing scope will result in different behavior between Python 2 and 3 and is confusing.
* @kind problem
* @tags portability
* correctness
* @problem.severity warning
* @sub-severity high
* @precision very-high
* @id py/leaking-list-comprehension
*/
import python
import Definition
from
ListComprehensionDeclaration l, Name use, Name defn, ControlFlowNode lCfg, ControlFlowNode useCfg
where
use = l.getALeakedVariableUse() and
defn = l.getDefinition() and
lCfg.getNode() = l and
useCfg.getNode() = use and
lCfg.strictlyReaches(useCfg) and
/* Make sure we aren't in a loop, as the variable may be redefined */
not useCfg.strictlyReaches(lCfg) and
not l.contains(use) and
not use.deletes(_) and
not exists(SsaVariable v |
v.getAUse() = useCfg and
not v.getDefinition().strictlyDominates(lCfg)
)
select use,
use.getId() + " may have a different value in Python 3, as the $@ will not be in scope.", defn,
"list comprehension variable"
Reference in New Issue View Git Blame Copy Permalink