Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b21da86

Browse files
yoffyoff
committed
Python: Field flow for sequence elements
only from displays so far
1 parent e8ce62e commit b21da86

2 files changed

Lines changed: 39 additions & 4 deletions

File tree

python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -220,15 +220,32 @@ predicate jumpStep(Node pred, Node succ) {
220220
// Field flow
221221
//--------
222222
/**
223-
* Holds if data can flow from `node1` to `node2` via an assignment to
223+
* Holds if data can flow from `nodeFrom` to `nodeTo` via an assignment to
224224
* content `c`.
225225
*/
226-
predicate storeStep(Node node1, Content c, Node node2) { none() }
226+
predicate storeStep(Node nodeFrom, Content c, Node nodeTo) {
227+
// Definition
228+
// `x = (..., 42, ...)`
229+
// or
230+
// `x = [..., 42, ...]`
231+
// nodeFrom is `f(42)`, cfg node
232+
// nodeTo is `x`, essa var
233+
exists(SequenceNode s |
234+
nodeFrom.(CfgNode).getNode() = s.getAnElement() and
235+
nodeTo.(EssaNode).getVar().getDefinition().(AssignmentDefinition).getValue() = s
236+
)
237+
}
227238

228239
/**
229-
* Holds if data can flow from `node1` to `node2` via a read of content `c`.
240+
* Holds if data can flow from `nodeFrom` to `nodeTo` via a read of content `c`.
230241
*/
231-
predicate readStep(Node node1, Content c, Node node2) { none() }
242+
predicate readStep(Node nodeFrom, Content c, Node nodeTo) {
243+
// Subscription
244+
// `l[3]`
245+
// nodeFrom is `l`
246+
// nodeTo is `l[3]`
247+
nodeFrom.(CfgNode).getNode() = nodeTo.(CfgNode).getNode().(SubscriptNode).getObject()
248+
}
232249

233250
/**
234251
* Holds if values stored inside content `c` are cleared at node `n`. For example,

python/ql/test/experimental/dataflow/coverage/dataflow.expected

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,25 @@
11
edges
2+
| test.py:17:5:17:5 | SSA variable x [Content] | test.py:18:9:18:9 | ControlFlowNode for x [Content] |
3+
| test.py:17:13:17:18 | ControlFlowNode for SOURCE | test.py:17:5:17:5 | SSA variable x [Content] |
4+
| test.py:18:9:18:9 | ControlFlowNode for x [Content] | test.py:18:9:18:12 | ControlFlowNode for Subscript |
5+
| test.py:18:9:18:12 | ControlFlowNode for Subscript | test.py:19:10:19:10 | ControlFlowNode for y |
26
| test.py:23:9:23:14 | ControlFlowNode for SOURCE | test.py:24:10:24:10 | ControlFlowNode for x |
37
| test.py:28:9:28:16 | ControlFlowNode for Str | test.py:29:10:29:10 | ControlFlowNode for x |
48
| test.py:32:9:32:17 | ControlFlowNode for Str | test.py:33:10:33:10 | ControlFlowNode for x |
59
| test.py:36:9:36:10 | ControlFlowNode for IntegerLiteral | test.py:37:10:37:10 | ControlFlowNode for x |
610
| test.py:40:9:40:12 | ControlFlowNode for FloatLiteral | test.py:41:10:41:10 | ControlFlowNode for x |
711
| test.py:49:10:49:15 | ControlFlowNode for SOURCE | test.py:50:10:50:10 | ControlFlowNode for x |
12+
| test.py:54:5:54:5 | SSA variable x [Content] | test.py:55:10:55:10 | ControlFlowNode for x [Content] |
13+
| test.py:54:10:54:15 | ControlFlowNode for SOURCE | test.py:54:5:54:5 | SSA variable x [Content] |
14+
| test.py:55:10:55:10 | ControlFlowNode for x [Content] | test.py:55:10:55:13 | ControlFlowNode for Subscript |
815
| test.py:226:15:226:20 | ControlFlowNode for SOURCE | test.py:226:10:226:21 | ControlFlowNode for f() |
916
| test.py:282:12:282:17 | ControlFlowNode for SOURCE | test.py:282:10:282:18 | ControlFlowNode for f() |
1017
nodes
18+
| test.py:17:5:17:5 | SSA variable x [Content] | semmle.label | SSA variable x [Content] |
19+
| test.py:17:13:17:18 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
20+
| test.py:18:9:18:9 | ControlFlowNode for x [Content] | semmle.label | ControlFlowNode for x [Content] |
21+
| test.py:18:9:18:12 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
22+
| test.py:19:10:19:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
1123
| test.py:23:9:23:14 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
1224
| test.py:24:10:24:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
1325
| test.py:28:9:28:16 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
@@ -20,16 +32,22 @@ nodes
2032
| test.py:41:10:41:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
2133
| test.py:49:10:49:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
2234
| test.py:50:10:50:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
35+
| test.py:54:5:54:5 | SSA variable x [Content] | semmle.label | SSA variable x [Content] |
36+
| test.py:54:10:54:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
37+
| test.py:55:10:55:10 | ControlFlowNode for x [Content] | semmle.label | ControlFlowNode for x [Content] |
38+
| test.py:55:10:55:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
2339
| test.py:226:10:226:21 | ControlFlowNode for f() | semmle.label | ControlFlowNode for f() |
2440
| test.py:226:15:226:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
2541
| test.py:282:10:282:18 | ControlFlowNode for f() | semmle.label | ControlFlowNode for f() |
2642
| test.py:282:12:282:17 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
2743
#select
44+
| test.py:19:10:19:10 | ControlFlowNode for y | test.py:17:13:17:18 | ControlFlowNode for SOURCE | test.py:19:10:19:10 | ControlFlowNode for y | <message> |
2845
| test.py:24:10:24:10 | ControlFlowNode for x | test.py:23:9:23:14 | ControlFlowNode for SOURCE | test.py:24:10:24:10 | ControlFlowNode for x | <message> |
2946
| test.py:29:10:29:10 | ControlFlowNode for x | test.py:28:9:28:16 | ControlFlowNode for Str | test.py:29:10:29:10 | ControlFlowNode for x | <message> |
3047
| test.py:33:10:33:10 | ControlFlowNode for x | test.py:32:9:32:17 | ControlFlowNode for Str | test.py:33:10:33:10 | ControlFlowNode for x | <message> |
3148
| test.py:37:10:37:10 | ControlFlowNode for x | test.py:36:9:36:10 | ControlFlowNode for IntegerLiteral | test.py:37:10:37:10 | ControlFlowNode for x | <message> |
3249
| test.py:41:10:41:10 | ControlFlowNode for x | test.py:40:9:40:12 | ControlFlowNode for FloatLiteral | test.py:41:10:41:10 | ControlFlowNode for x | <message> |
3350
| test.py:50:10:50:10 | ControlFlowNode for x | test.py:49:10:49:15 | ControlFlowNode for SOURCE | test.py:50:10:50:10 | ControlFlowNode for x | <message> |
51+
| test.py:55:10:55:13 | ControlFlowNode for Subscript | test.py:54:10:54:15 | ControlFlowNode for SOURCE | test.py:55:10:55:13 | ControlFlowNode for Subscript | <message> |
3452
| test.py:226:10:226:21 | ControlFlowNode for f() | test.py:226:15:226:20 | ControlFlowNode for SOURCE | test.py:226:10:226:21 | ControlFlowNode for f() | <message> |
3553
| test.py:282:10:282:18 | ControlFlowNode for f() | test.py:282:12:282:17 | ControlFlowNode for SOURCE | test.py:282:10:282:18 | ControlFlowNode for f() | <message> |

0 commit comments

Comments
 (0)