Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2187389

Browse files
yoffyoff
committed
Python: Show constructor keyword arg problem
Also make tests runnable
1 parent db23dad commit 2187389

2 files changed

Lines changed: 73 additions & 38 deletions

File tree

python/ql/test/experimental/dataflow/fieldflow/dataflow.expected

Lines changed: 47 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -18,19 +18,25 @@ edges
1818
| examples.py:41:13:41:18 | ControlFlowNode for SOURCE | examples.py:50:29:50:34 | ControlFlowNode for SOURCE |
1919
| examples.py:42:6:42:8 | ControlFlowNode for obj [Attribute foo] | examples.py:42:6:42:12 | ControlFlowNode for Attribute |
2020
| examples.py:50:29:50:34 | ControlFlowNode for SOURCE | examples.py:50:6:50:35 | ControlFlowNode for fields_with_local_flow() |
21-
| test.py:29:12:29:16 | [post arg] ControlFlowNode for myobj [Attribute foo] | test.py:30:10:30:14 | ControlFlowNode for myobj [Attribute foo] |
22-
| test.py:29:19:29:24 | ControlFlowNode for SOURCE | test.py:29:12:29:16 | [post arg] ControlFlowNode for myobj [Attribute foo] |
23-
| test.py:30:10:30:14 | ControlFlowNode for myobj [Attribute foo] | test.py:30:10:30:18 | ControlFlowNode for Attribute |
24-
| test.py:34:9:34:14 | ControlFlowNode for SOURCE | test.py:38:17:38:17 | ControlFlowNode for x |
25-
| test.py:38:5:38:5 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] | test.py:41:10:41:10 | ControlFlowNode for a [Attribute obj, Attribute foo] |
26-
| test.py:38:5:38:9 | [post store] ControlFlowNode for Attribute [Attribute foo] | test.py:38:5:38:5 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] |
27-
| test.py:38:17:38:17 | ControlFlowNode for x | test.py:38:5:38:9 | [post store] ControlFlowNode for Attribute [Attribute foo] |
28-
| test.py:41:10:41:10 | ControlFlowNode for a [Attribute obj, Attribute foo] | test.py:41:10:41:14 | ControlFlowNode for Attribute [Attribute foo] |
29-
| test.py:41:10:41:14 | ControlFlowNode for Attribute [Attribute foo] | test.py:41:10:41:18 | ControlFlowNode for Attribute |
30-
| test.py:45:11:45:23 | ControlFlowNode for MyObj() [Attribute foo] | test.py:46:10:46:12 | ControlFlowNode for obj [Attribute foo] |
31-
| test.py:45:17:45:22 | ControlFlowNode for SOURCE | test.py:45:11:45:23 | ControlFlowNode for MyObj() [Attribute foo] |
32-
| test.py:46:10:46:12 | ControlFlowNode for obj [Attribute foo] | test.py:46:10:46:16 | ControlFlowNode for Attribute |
33-
| test.py:56:33:56:38 | ControlFlowNode for SOURCE | test.py:56:10:56:39 | ControlFlowNode for fields_with_local_flow() |
21+
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:46:19:46:24 | ControlFlowNode for SOURCE |
22+
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:51:9:51:14 | ControlFlowNode for SOURCE |
23+
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:62:17:62:22 | ControlFlowNode for SOURCE |
24+
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | test.py:78:33:78:38 | ControlFlowNode for SOURCE |
25+
| test.py:3:1:3:6 | GSSA Variable SOURCE | test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test |
26+
| test.py:3:10:3:17 | ControlFlowNode for Str | test.py:3:1:3:6 | GSSA Variable SOURCE |
27+
| test.py:46:12:46:16 | [post arg] ControlFlowNode for myobj [Attribute foo] | test.py:47:10:47:14 | ControlFlowNode for myobj [Attribute foo] |
28+
| test.py:46:19:46:24 | ControlFlowNode for SOURCE | test.py:46:12:46:16 | [post arg] ControlFlowNode for myobj [Attribute foo] |
29+
| test.py:47:10:47:14 | ControlFlowNode for myobj [Attribute foo] | test.py:47:10:47:18 | ControlFlowNode for Attribute |
30+
| test.py:51:9:51:14 | ControlFlowNode for SOURCE | test.py:55:17:55:17 | ControlFlowNode for x |
31+
| test.py:55:5:55:5 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] | test.py:58:10:58:10 | ControlFlowNode for a [Attribute obj, Attribute foo] |
32+
| test.py:55:5:55:9 | [post store] ControlFlowNode for Attribute [Attribute foo] | test.py:55:5:55:5 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] |
33+
| test.py:55:17:55:17 | ControlFlowNode for x | test.py:55:5:55:9 | [post store] ControlFlowNode for Attribute [Attribute foo] |
34+
| test.py:58:10:58:10 | ControlFlowNode for a [Attribute obj, Attribute foo] | test.py:58:10:58:14 | ControlFlowNode for Attribute [Attribute foo] |
35+
| test.py:58:10:58:14 | ControlFlowNode for Attribute [Attribute foo] | test.py:58:10:58:18 | ControlFlowNode for Attribute |
36+
| test.py:62:11:62:23 | ControlFlowNode for MyObj() [Attribute foo] | test.py:63:10:63:12 | ControlFlowNode for obj [Attribute foo] |
37+
| test.py:62:17:62:22 | ControlFlowNode for SOURCE | test.py:62:11:62:23 | ControlFlowNode for MyObj() [Attribute foo] |
38+
| test.py:63:10:63:12 | ControlFlowNode for obj [Attribute foo] | test.py:63:10:63:16 | ControlFlowNode for Attribute |
39+
| test.py:78:33:78:38 | ControlFlowNode for SOURCE | test.py:78:10:78:39 | ControlFlowNode for fields_with_local_flow() |
3440
nodes
3541
| examples.py:27:8:27:12 | [post arg] ControlFlowNode for myobj [Attribute foo] | semmle.label | [post arg] ControlFlowNode for myobj [Attribute foo] |
3642
| examples.py:27:15:27:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
@@ -49,23 +55,26 @@ nodes
4955
| examples.py:42:6:42:12 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
5056
| examples.py:50:6:50:35 | ControlFlowNode for fields_with_local_flow() | semmle.label | ControlFlowNode for fields_with_local_flow() |
5157
| examples.py:50:29:50:34 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
52-
| test.py:29:12:29:16 | [post arg] ControlFlowNode for myobj [Attribute foo] | semmle.label | [post arg] ControlFlowNode for myobj [Attribute foo] |
53-
| test.py:29:19:29:24 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
54-
| test.py:30:10:30:14 | ControlFlowNode for myobj [Attribute foo] | semmle.label | ControlFlowNode for myobj [Attribute foo] |
55-
| test.py:30:10:30:18 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
56-
| test.py:34:9:34:14 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
57-
| test.py:38:5:38:5 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] | semmle.label | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] |
58-
| test.py:38:5:38:9 | [post store] ControlFlowNode for Attribute [Attribute foo] | semmle.label | [post store] ControlFlowNode for Attribute [Attribute foo] |
59-
| test.py:38:17:38:17 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
60-
| test.py:41:10:41:10 | ControlFlowNode for a [Attribute obj, Attribute foo] | semmle.label | ControlFlowNode for a [Attribute obj, Attribute foo] |
61-
| test.py:41:10:41:14 | ControlFlowNode for Attribute [Attribute foo] | semmle.label | ControlFlowNode for Attribute [Attribute foo] |
62-
| test.py:41:10:41:18 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
63-
| test.py:45:11:45:23 | ControlFlowNode for MyObj() [Attribute foo] | semmle.label | ControlFlowNode for MyObj() [Attribute foo] |
64-
| test.py:45:17:45:22 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
65-
| test.py:46:10:46:12 | ControlFlowNode for obj [Attribute foo] | semmle.label | ControlFlowNode for obj [Attribute foo] |
66-
| test.py:46:10:46:16 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
67-
| test.py:56:10:56:39 | ControlFlowNode for fields_with_local_flow() | semmle.label | ControlFlowNode for fields_with_local_flow() |
68-
| test.py:56:33:56:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
58+
| test.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module test | semmle.label | ModuleVariableNode for Global Variable SOURCE in Module test |
59+
| test.py:3:1:3:6 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
60+
| test.py:3:10:3:17 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
61+
| test.py:46:12:46:16 | [post arg] ControlFlowNode for myobj [Attribute foo] | semmle.label | [post arg] ControlFlowNode for myobj [Attribute foo] |
62+
| test.py:46:19:46:24 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
63+
| test.py:47:10:47:14 | ControlFlowNode for myobj [Attribute foo] | semmle.label | ControlFlowNode for myobj [Attribute foo] |
64+
| test.py:47:10:47:18 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
65+
| test.py:51:9:51:14 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
66+
| test.py:55:5:55:5 | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] | semmle.label | [post read] ControlFlowNode for a [Attribute obj, Attribute foo] |
67+
| test.py:55:5:55:9 | [post store] ControlFlowNode for Attribute [Attribute foo] | semmle.label | [post store] ControlFlowNode for Attribute [Attribute foo] |
68+
| test.py:55:17:55:17 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
69+
| test.py:58:10:58:10 | ControlFlowNode for a [Attribute obj, Attribute foo] | semmle.label | ControlFlowNode for a [Attribute obj, Attribute foo] |
70+
| test.py:58:10:58:14 | ControlFlowNode for Attribute [Attribute foo] | semmle.label | ControlFlowNode for Attribute [Attribute foo] |
71+
| test.py:58:10:58:18 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
72+
| test.py:62:11:62:23 | ControlFlowNode for MyObj() [Attribute foo] | semmle.label | ControlFlowNode for MyObj() [Attribute foo] |
73+
| test.py:62:17:62:22 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
74+
| test.py:63:10:63:12 | ControlFlowNode for obj [Attribute foo] | semmle.label | ControlFlowNode for obj [Attribute foo] |
75+
| test.py:63:10:63:16 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
76+
| test.py:78:10:78:39 | ControlFlowNode for fields_with_local_flow() | semmle.label | ControlFlowNode for fields_with_local_flow() |
77+
| test.py:78:33:78:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
6978
#select
7079
| examples.py:28:6:28:14 | ControlFlowNode for Attribute | examples.py:27:15:27:20 | ControlFlowNode for SOURCE | examples.py:28:6:28:14 | ControlFlowNode for Attribute | Flow found |
7180
| examples.py:38:6:38:14 | ControlFlowNode for Attribute | examples.py:27:15:27:20 | ControlFlowNode for SOURCE | examples.py:38:6:38:14 | ControlFlowNode for Attribute | Flow found |
@@ -77,7 +86,11 @@ nodes
7786
| examples.py:50:6:50:35 | ControlFlowNode for fields_with_local_flow() | examples.py:31:5:31:10 | ControlFlowNode for SOURCE | examples.py:50:6:50:35 | ControlFlowNode for fields_with_local_flow() | Flow found |
7887
| examples.py:50:6:50:35 | ControlFlowNode for fields_with_local_flow() | examples.py:41:13:41:18 | ControlFlowNode for SOURCE | examples.py:50:6:50:35 | ControlFlowNode for fields_with_local_flow() | Flow found |
7988
| examples.py:50:6:50:35 | ControlFlowNode for fields_with_local_flow() | examples.py:50:29:50:34 | ControlFlowNode for SOURCE | examples.py:50:6:50:35 | ControlFlowNode for fields_with_local_flow() | Flow found |
80-
| test.py:30:10:30:18 | ControlFlowNode for Attribute | test.py:29:19:29:24 | ControlFlowNode for SOURCE | test.py:30:10:30:18 | ControlFlowNode for Attribute | Flow found |
81-
| test.py:41:10:41:18 | ControlFlowNode for Attribute | test.py:34:9:34:14 | ControlFlowNode for SOURCE | test.py:41:10:41:18 | ControlFlowNode for Attribute | Flow found |
82-
| test.py:46:10:46:16 | ControlFlowNode for Attribute | test.py:45:17:45:22 | ControlFlowNode for SOURCE | test.py:46:10:46:16 | ControlFlowNode for Attribute | Flow found |
83-
| test.py:56:10:56:39 | ControlFlowNode for fields_with_local_flow() | test.py:56:33:56:38 | ControlFlowNode for SOURCE | test.py:56:10:56:39 | ControlFlowNode for fields_with_local_flow() | Flow found |
89+
| test.py:47:10:47:18 | ControlFlowNode for Attribute | test.py:3:10:3:17 | ControlFlowNode for Str | test.py:47:10:47:18 | ControlFlowNode for Attribute | Flow found |
90+
| test.py:47:10:47:18 | ControlFlowNode for Attribute | test.py:46:19:46:24 | ControlFlowNode for SOURCE | test.py:47:10:47:18 | ControlFlowNode for Attribute | Flow found |
91+
| test.py:58:10:58:18 | ControlFlowNode for Attribute | test.py:3:10:3:17 | ControlFlowNode for Str | test.py:58:10:58:18 | ControlFlowNode for Attribute | Flow found |
92+
| test.py:58:10:58:18 | ControlFlowNode for Attribute | test.py:51:9:51:14 | ControlFlowNode for SOURCE | test.py:58:10:58:18 | ControlFlowNode for Attribute | Flow found |
93+
| test.py:63:10:63:16 | ControlFlowNode for Attribute | test.py:3:10:3:17 | ControlFlowNode for Str | test.py:63:10:63:16 | ControlFlowNode for Attribute | Flow found |
94+
| test.py:63:10:63:16 | ControlFlowNode for Attribute | test.py:62:17:62:22 | ControlFlowNode for SOURCE | test.py:63:10:63:16 | ControlFlowNode for Attribute | Flow found |
95+
| test.py:78:10:78:39 | ControlFlowNode for fields_with_local_flow() | test.py:3:10:3:17 | ControlFlowNode for Str | test.py:78:10:78:39 | ControlFlowNode for fields_with_local_flow() | Flow found |
96+
| test.py:78:10:78:39 | ControlFlowNode for fields_with_local_flow() | test.py:78:33:78:38 | ControlFlowNode for SOURCE | test.py:78:10:78:39 | ControlFlowNode for fields_with_local_flow() | Flow found |

python/ql/test/experimental/dataflow/fieldflow/test.py

Lines changed: 26 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,33 @@
1-
from python.ql.test.experimental.dataflow.testDefinitions import *
1+
# These are defined so that we can evaluate the test code.
2+
NONSOURCE = "not a source"
3+
SOURCE = "source"
24

3-
# Preamble
45

6+
def is_source(x):
7+
return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
8+
9+
10+
def SINK(x):
11+
if is_source(x):
12+
print("OK")
13+
else:
14+
print("Unexpected flow", x)
15+
16+
17+
def SINK_F(x):
18+
if is_source(x):
19+
print("Unexpected flow", x)
20+
else:
21+
print("OK")
522

6-
class MyObj(object):
723

24+
# Preamble
25+
class MyObj(object):
826
def __init__(self, foo):
927
self.foo = foo
1028

1129

1230
class NestedObj(object):
13-
1431
def __init__(self):
1532
self.obj = MyObj("OK")
1633

@@ -46,6 +63,11 @@ def test_example3():
4663
SINK(obj.foo)
4764

4865

66+
def test_example3_kw():
67+
obj = MyObj(foo=SOURCE)
68+
SINK(obj.foo) # Flow not found
69+
70+
4971
def fields_with_local_flow(x):
5072
obj = MyObj(x)
5173
a = obj.foo

0 commit comments

Comments
 (0)