Python: further restrict LibraryLambdaMethod

yoff · yoff · commit 061fd014a668 · 2023-12-14T10:27:15.000+01:00
On the small test project, this reduces the number
of instances from 285 to 22.
diff --git a/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll b/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll
@@ -92,12 +92,30 @@ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::Summari
 class RequiredSummaryComponentStack = Impl::Public::RequiredSummaryComponentStack;
 
 private module LibraryCallbackSummaries {
+  private predicate libraryCall(CallCfgNode call) {
+    not exists(NormalCall normalCall | call.getNode() = normalCall.getNode())
+  }
+
+  private DataFlow::LocalSourceNode trackLambdaCreation(TypeTracker t) {
+    t.start() and
+    lambdaCreation(result, _, _)
+    or
+    exists(TypeTracker t2 | result = trackLambdaCreation(t2).track(t2, t)) and
+    not result.(ParameterNode).getParameter().isSelf()
+  }
+
+  private predicate libraryCallHasLambdaArg(CallCfgNode call, int i) {
+    exists(CfgNode arg |
+      arg = call.getArg(i) and
+      arg.getALocalSource() = trackLambdaCreation(TypeTracker::end()) and
+      libraryCall(call)
+    )
+  }
+
   private class LibraryLambdaMethod extends SummarizedCallable {
     LibraryLambdaMethod() { this = "<library method accepting a callback>" }
 
-    final override CallCfgNode getACall() {
-      not exists(NormalCall call | result.getNode() = call.getNode())
-    }
+    final override CallCfgNode getACall() { libraryCallHasLambdaArg(result, _) }
 
     final override ArgumentNode getACallback() { none() }
 
