mirror of
https://github.com/github/codeql.git
synced 2026-03-30 20:28:15 +02:00
df0f2f8ce4
None of these required any changes to the dataflow libraries, so it seemed easiest to put them in their own commit.
52 lines
1.3 KiB
Plaintext
52 lines
1.3 KiB
Plaintext
/**
|
|
* INTERNAL: Do not use.
|
|
*
|
|
* Provides helper class for defining additional API graph edges.
|
|
*/
|
|
overlay[local]
|
|
module;
|
|
|
|
private import python
|
|
private import semmle.python.dataflow.new.DataFlow
|
|
private import semmle.python.internal.CachedStages
|
|
|
|
/**
|
|
* INTERNAL: Do not use.
|
|
*
|
|
* Holds if `result` is the result of awaiting `awaitedValue`.
|
|
*/
|
|
cached
|
|
DataFlow::Node awaited(DataFlow::Node awaitedValue) {
|
|
Stages::DataFlow::ref() and
|
|
// `await` x
|
|
// - `awaitedValue` is `x`
|
|
// - `result` is `await x`
|
|
exists(Await await |
|
|
await.getValue() = awaitedValue.asExpr() and
|
|
result.asExpr() = await
|
|
)
|
|
or
|
|
// `async for x in l`
|
|
// - `awaitedValue` is `l`
|
|
// - `result` is `l` (`x` is behind a read step)
|
|
exists(AsyncFor asyncFor |
|
|
// To consider `x` the result of awaiting, we would use asyncFor.getTarget() = awaitedValue.asExpr(),
|
|
// but that is behind a read step rather than a flow step.
|
|
asyncFor.getIter() = awaitedValue.asExpr() and
|
|
result.asExpr() = asyncFor.getIter()
|
|
)
|
|
or
|
|
// `async with x as y`
|
|
// - `awaitedValue` is `x`
|
|
// - `result` is `x` and `y` if it exists
|
|
exists(AsyncWith asyncWith |
|
|
awaitedValue.asExpr() = asyncWith.getContextExpr() and
|
|
result.asExpr() in [
|
|
// `x`
|
|
asyncWith.getContextExpr(),
|
|
// `y`, if it exists
|
|
asyncWith.getOptionalVars()
|
|
]
|
|
)
|
|
}
|