File tree Expand file tree Collapse file tree
python/ql/lib/semmle/python Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -177,7 +177,7 @@ private predicate legalDottedName(string name) {
177177}
178178
179179bindingset [ name]
180- private predicate legalShortName ( string name ) { name .regexpMatch ( "(\\p{L}|_)(\\p{L}|\\d|_)*" ) }
180+ predicate legalShortName ( string name ) { name .regexpMatch ( "(\\p{L}|_)(\\p{L}|\\d|_)*" ) }
181181
182182private string moduleNameFromBase ( Container file ) {
183183 // We used to also require `isPotentialPackage(f)` to hold in this case,
Original file line number Diff line number Diff line change @@ -10,6 +10,7 @@ private import semmle.python.dataflow.new.DataFlow
1010private import semmle.python.dataflow.new.internal.ImportResolution
1111private import semmle.python.ApiGraphs
1212private import semmle.python.filters.Tests
13+ private import semmle.python.Module
1314
1415// very much inspired by the draft at https://github.com/github/codeql/pull/5632
1516module NotExposed {
@@ -114,7 +115,11 @@ module NotExposed {
114115 predicate isAllowedModule ( Module mod ) {
115116 // don't include anything found in site-packages
116117 exists ( mod .getFile ( ) .getRelativePath ( ) ) and
117- not mod .getFile ( ) .getRelativePath ( ) .regexpMatch ( "(?i)(^|/)examples?/.*" )
118+ not mod .getFile ( ) .getRelativePath ( ) .regexpMatch ( "(?i)(^|/)examples?/.*" ) and
119+ // to counter things like `my-example/app/foo.py` being allowed under `app.foo`
120+ forall ( string part | part = mod .getFile ( ) .getParent ( ) .getRelativePath ( ) .splitAt ( "/" ) |
121+ legalShortName ( part )
122+ )
118123 }
119124
120125 predicate isTestCode ( AstNode ast ) {
You can’t perform that action at this time.
0 commit comments