f3f9e340d3
So I've been thinking a bit about import pkg_ok.foo1 after reading the Python references for imports of submodules https://docs.python.org/3/reference/import.html#submodules > When a submodule is loaded using any mechanism (...) a binding is placed in the parent module’s namespace to the submodule object. For example, if package spam has a submodule foo, after importing spam.foo, spam will have an attribute foo which is bound to the submodule. That does at least explain what is going on here. I feel that import pkg_ok.foo1 might be a very contrived example. In principle it should be an alert, since the module pkg_ok ends up with an import of itself, but my gut feeling is that in practice it's not a very important piece of code to give alerts for. if we really care about giving these import related alerts, we could probably add a new query for this pattern, as it's kind of surprising that it works when you're just an ordinary python programmer.
CodeQL
This open source repository contains the standard CodeQL libraries and queries that power LGTM, and the other products that Semmle makes available to its customers worldwide.
How do I learn CodeQL and run queries?
There is extensive documentation on getting started with writing CodeQL. You can use the interactive query console on LGTM.com or the CodeQL for Visual Studio Code extension to try out your queries on any open source project that's currently being analyzed.
Contributing
We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our contributing guidelines. You can also consult our style guides to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.
License
The code in this repository is licensed under Apache License 2.0 by Semmle.