mirror of
https://github.com/github/codeql.git
synced 2026-03-20 22:46:47 +01:00
f3f9e340d3
So I've been thinking a bit about import pkg_ok.foo1 after reading the Python references for imports of submodules https://docs.python.org/3/reference/import.html#submodules > When a submodule is loaded using any mechanism (...) a binding is placed in the parent module’s namespace to the submodule object. For example, if package spam has a submodule foo, after importing spam.foo, spam will have an attribute foo which is bound to the submodule. That does at least explain what is going on here. I feel that import pkg_ok.foo1 might be a very contrived example. In principle it should be an alert, since the module pkg_ok ends up with an import of itself, but my gut feeling is that in practice it's not a very important piece of code to give alerts for. if we really care about giving these import related alerts, we could probably add a new query for this pattern, as it's kind of surprising that it works when you're just an ordinary python programmer.