Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d74c765

Browse files
markshannonmarkshannon
committed
Python points-to: Don't track non-descriptor class attributes on instances. Update more tests.
1 parent beebd0e commit d74c765

9 files changed

Lines changed: 34 additions & 23 deletions

File tree

python/ql/src/semmle/python/objects/Instances.qll

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,12 @@ class SpecificInstanceInternal extends TSpecificInstance, ObjectInternal {
8282
exists(ObjectInternal cls_attr, CfgOrigin attr_orig |
8383
this.getClass().(ClassObjectInternal).lookup(name, cls_attr, attr_orig)
8484
|
85-
cls_attr.isDescriptor() = false and value = cls_attr and origin = attr_orig
85+
/* If class attribute is not a descriptor, that usually means it is some sort of
86+
* default value and likely overridden by an instance attribute. In that case
87+
* use `unknown` to signal that an attribute exists but to avoid false positives
88+
* for due to using the default value.
89+
*/
90+
cls_attr.isDescriptor() = false and value = ObjectInternal::unknown() and origin = CfgOrigin::unknown()
8691
or
8792
cls_attr.isDescriptor() = true and cls_attr.descriptorGetInstance(this, value, origin)
8893
)

python/ql/test/3/library-tests/PointsTo/attributes/Test.expected

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,7 @@
7777
| 56 | ControlFlowNode for Attribute | int 20 | 56 |
7878
| 56 | ControlFlowNode for IntegerLiteral | int 20 | 56 |
7979
| 56 | ControlFlowNode for c2 | C() | 52 |
80+
| 57 | ControlFlowNode for Attribute | int 1 | 10 |
8081
| 57 | ControlFlowNode for Attribute | int 10 | 54 |
8182
| 57 | ControlFlowNode for c1 | C() | 51 |
8283
| 58 | ControlFlowNode for Attribute | int 1 | 10 |
@@ -114,6 +115,7 @@
114115
| 72 | ControlFlowNode for Attribute | int 2 | 72 |
115116
| 72 | ControlFlowNode for IntegerLiteral | int 2 | 72 |
116117
| 72 | ControlFlowNode for self | self | 70 |
118+
| 73 | ControlFlowNode for Attribute | Attribute | 73 |
117119
| 73 | ControlFlowNode for Attribute() | NoneType None | 64 |
118120
| 73 | ControlFlowNode for self | self | 70 |
119121
| 74 | ControlFlowNode for Attribute | int 0 | 65 |
@@ -174,6 +176,7 @@
174176
| 100 | ControlFlowNode for self | self | 98 |
175177
| 100 | ControlFlowNode for setattr | Builtin-function setattr | 100 |
176178
| 100 | ControlFlowNode for setattr() | NoneType None | 100 |
179+
| 101 | ControlFlowNode for Attribute | Attribute | 101 |
177180
| 101 | ControlFlowNode for Attribute() | NoneType None | 92 |
178181
| 101 | ControlFlowNode for self | self | 98 |
179182
| 102 | ControlFlowNode for Str | str u'a' | 102 |
@@ -198,5 +201,6 @@
198201
| 109 | ControlFlowNode for self | self | 108 |
199202
| 109 | ControlFlowNode for setattr | Builtin-function setattr | 109 |
200203
| 109 | ControlFlowNode for setattr() | NoneType None | 109 |
204+
| 111 | ControlFlowNode for Attribute | int 0 | 109 |
201205
| 111 | ControlFlowNode for G | class G | 106 |
202206
| 111 | ControlFlowNode for G() | G() | 111 |

python/ql/test/3/library-tests/PointsTo/attributes/TestWithType.expected

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,7 @@
7777
| 56 | ControlFlowNode for Attribute | int 20 | builtin-class int | 56 |
7878
| 56 | ControlFlowNode for IntegerLiteral | int 20 | builtin-class int | 56 |
7979
| 56 | ControlFlowNode for c2 | C() | class C | 52 |
80+
| 57 | ControlFlowNode for Attribute | int 1 | builtin-class int | 10 |
8081
| 57 | ControlFlowNode for Attribute | int 10 | builtin-class int | 54 |
8182
| 57 | ControlFlowNode for c1 | C() | class C | 51 |
8283
| 58 | ControlFlowNode for Attribute | int 1 | builtin-class int | 10 |
@@ -114,6 +115,7 @@
114115
| 72 | ControlFlowNode for Attribute | int 2 | builtin-class int | 72 |
115116
| 72 | ControlFlowNode for IntegerLiteral | int 2 | builtin-class int | 72 |
116117
| 72 | ControlFlowNode for self | self | class D | 70 |
118+
| 73 | ControlFlowNode for Attribute | Attribute | builtin-class method | 73 |
117119
| 73 | ControlFlowNode for Attribute() | NoneType None | builtin-class NoneType | 64 |
118120
| 73 | ControlFlowNode for self | self | class D | 70 |
119121
| 74 | ControlFlowNode for Attribute | int 0 | builtin-class int | 65 |
@@ -174,6 +176,7 @@
174176
| 100 | ControlFlowNode for self | self | class F | 98 |
175177
| 100 | ControlFlowNode for setattr | Builtin-function setattr | builtin-class builtin_function_or_method | 100 |
176178
| 100 | ControlFlowNode for setattr() | NoneType None | builtin-class NoneType | 100 |
179+
| 101 | ControlFlowNode for Attribute | Attribute | builtin-class method | 101 |
177180
| 101 | ControlFlowNode for Attribute() | NoneType None | builtin-class NoneType | 92 |
178181
| 101 | ControlFlowNode for self | self | class F | 98 |
179182
| 102 | ControlFlowNode for Str | str u'a' | builtin-class str | 102 |
@@ -198,5 +201,6 @@
198201
| 109 | ControlFlowNode for self | self | class G | 108 |
199202
| 109 | ControlFlowNode for setattr | Builtin-function setattr | builtin-class builtin_function_or_method | 109 |
200203
| 109 | ControlFlowNode for setattr() | NoneType None | builtin-class NoneType | 109 |
204+
| 111 | ControlFlowNode for Attribute | int 0 | builtin-class int | 109 |
201205
| 111 | ControlFlowNode for G | class G | builtin-class type | 106 |
202206
| 111 | ControlFlowNode for G() | G() | class G | 111 |

python/ql/test/3/library-tests/PointsTo/attributes/test.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ def k(cond):
5454
c1.z = 10
5555
if cond:
5656
c2.z = 20
57-
c1.z
57+
c1.z # FP here due to self.attribute and local attribute
5858
c2.z
5959
c3.z
6060
c3.z = 30
@@ -85,7 +85,7 @@ def __init__(self, cond):
8585

8686
E().x
8787

88-
#Make sure that we handle getattr and setattr as well as they are needed for protobuf stubs.
88+
#Make sure that we handle getattr and setattr as well
8989

9090
class F(object):
9191

python/ql/test/3/library-tests/classes/attr/list_attr.expected

Lines changed: 3 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,8 @@
11
| builtin-class list | __add__ | Builtin-method __add__ |
2-
| builtin-class list | __class__ | Property __class__ |
32
| builtin-class list | __contains__ | Builtin-method __contains__ |
4-
| builtin-class list | __delattr__ | Builtin-method __delattr__ |
53
| builtin-class list | __delitem__ | Builtin-method __delitem__ |
6-
| builtin-class list | __dir__ | Builtin-method __dir__ |
74
| builtin-class list | __doc__ | str u'list() -> new empty list\nlist(iterable) -> new list initialized from iterable's items' |
85
| builtin-class list | __eq__ | Builtin-method __eq__ |
9-
| builtin-class list | __format__ | Builtin-method __format__ |
106
| builtin-class list | __ge__ | Builtin-method __ge__ |
117
| builtin-class list | __getattribute__ | Builtin-method __getattribute__ |
128
| builtin-class list | __getitem__ | Builtin-method __getitem__ |
@@ -21,17 +17,12 @@
2117
| builtin-class list | __lt__ | Builtin-method __lt__ |
2218
| builtin-class list | __mul__ | Builtin-method __mul__ |
2319
| builtin-class list | __ne__ | Builtin-method __ne__ |
24-
| builtin-class list | __new__ | Builtin-method __new__ |
25-
| builtin-class list | __reduce__ | Builtin-method __reduce__ |
26-
| builtin-class list | __reduce_ex__ | Builtin-method __reduce_ex__ |
20+
| builtin-class list | __new__ | builtin_function_or_method __new__ |
2721
| builtin-class list | __repr__ | Builtin-method __repr__ |
2822
| builtin-class list | __reversed__ | Builtin-method __reversed__ |
2923
| builtin-class list | __rmul__ | Builtin-method __rmul__ |
30-
| builtin-class list | __setattr__ | Builtin-method __setattr__ |
3124
| builtin-class list | __setitem__ | Builtin-method __setitem__ |
3225
| builtin-class list | __sizeof__ | Builtin-method __sizeof__ |
33-
| builtin-class list | __str__ | Builtin-method __str__ |
34-
| builtin-class list | __subclasshook__ | classmethod_descriptor __subclasshook__ |
3526
| builtin-class list | append | Builtin-method append |
3627
| builtin-class list | clear | Builtin-method clear |
3728
| builtin-class list | copy | Builtin-method copy |
@@ -60,13 +51,14 @@
6051
| class DerivedFromBuiltin | __iadd__ | Builtin-method __iadd__ |
6152
| class DerivedFromBuiltin | __imul__ | Builtin-method __imul__ |
6253
| class DerivedFromBuiltin | __init__ | Builtin-method __init__ |
54+
| class DerivedFromBuiltin | __init_subclass__ | classmethod_descriptor __init_subclass__ |
6355
| class DerivedFromBuiltin | __iter__ | Builtin-method __iter__ |
6456
| class DerivedFromBuiltin | __le__ | Builtin-method __le__ |
6557
| class DerivedFromBuiltin | __len__ | Builtin-method __len__ |
6658
| class DerivedFromBuiltin | __lt__ | Builtin-method __lt__ |
6759
| class DerivedFromBuiltin | __mul__ | Builtin-method __mul__ |
6860
| class DerivedFromBuiltin | __ne__ | Builtin-method __ne__ |
69-
| class DerivedFromBuiltin | __new__ | Builtin-method __new__ |
61+
| class DerivedFromBuiltin | __new__ | builtin_function_or_method __new__ |
7062
| class DerivedFromBuiltin | __reduce__ | Builtin-method __reduce__ |
7163
| class DerivedFromBuiltin | __reduce_ex__ | Builtin-method __reduce_ex__ |
7264
| class DerivedFromBuiltin | __repr__ | Builtin-method __repr__ |

python/ql/test/3/library-tests/six/test.expected

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
| Module six | callable | Builtin-function callable |
2929
| Module six | callable | Function callable |
3030
| Module six | class_types | Tuple |
31+
| Module six | create_bound_method | builtin-class method |
3132
| Module six | get_function_closure | Attribute() |
3233
| Module six | get_function_code | Attribute() |
3334
| Module six | get_function_defaults | Attribute() |
@@ -45,8 +46,17 @@
4546
| Module six | iterlists | Function iterlists |
4647
| Module six | itervalues | Function itervalues |
4748
| Module six | moves | Module six.moves |
49+
| Module six | moves.__init__ | Module six.moves.__init__ |
50+
| Module six | moves.urllib | Module six.moves.urllib |
51+
| Module six | moves.urllib.__init__ | Module six.moves.urllib.__init__ |
52+
| Module six | moves.urllib_error | Module six.moves.urllib_error |
53+
| Module six | moves.urllib_parse | Module six.moves.urllib_parse |
54+
| Module six | moves.urllib_request | Module six.moves.urllib_request |
55+
| Module six | moves.urllib_response | Module six.moves.urllib_response |
56+
| Module six | moves.urllib_robotparser | Module six.moves.urllib_robotparser |
4857
| Module six | next | Builtin-function next |
4958
| Module six | operator | Module operator |
59+
| Module six | print_ | Function print_ |
5060
| Module six | remove_move | Function remove_move |
5161
| Module six | reraise | Function reraise |
5262
| Module six | string_types | Tuple |
@@ -86,6 +96,7 @@
8696
| Module six.__init__ | callable | Builtin-function callable |
8797
| Module six.__init__ | callable | Function callable |
8898
| Module six.__init__ | class_types | Tuple |
99+
| Module six.__init__ | create_bound_method | builtin-class method |
89100
| Module six.__init__ | get_function_closure | Attribute() |
90101
| Module six.__init__ | get_function_code | Attribute() |
91102
| Module six.__init__ | get_function_defaults | Attribute() |
@@ -105,6 +116,7 @@
105116
| Module six.__init__ | moves | Module six.moves |
106117
| Module six.__init__ | next | Builtin-function next |
107118
| Module six.__init__ | operator | Module operator |
119+
| Module six.__init__ | print_ | Function print_ |
108120
| Module six.__init__ | remove_move | Function remove_move |
109121
| Module six.__init__ | reraise | Function reraise |
110122
| Module six.__init__ | string_types | Tuple |
@@ -120,6 +132,7 @@
120132
| Module six.moves | PY3 | bool True |
121133
| Module six.moves | SimpleHTTPServer | Module http.server |
122134
| Module six.moves | StringIO | builtin-class _io.StringIO |
135+
| Module six.moves | UserString | class UserString |
123136
| Module six.moves | __name__ | str u'six.moves' |
124137
| Module six.moves | _thread | Module _thread |
125138
| Module six.moves | builtins | Module builtins |
@@ -161,6 +174,7 @@
161174
| Module six.moves | tkinter_tksimpledialog | Module tkinter.simpledialog |
162175
| Module six.moves | tkinter_ttk | Module tkinter.ttk |
163176
| Module six.moves | urllib | Module six.moves.urllib |
177+
| Module six.moves | urllib.__init__ | Module six.moves.urllib.__init__ |
164178
| Module six.moves | urllib_error | Module six.moves.urllib_error |
165179
| Module six.moves | urllib_parse | Module six.moves.urllib_parse |
166180
| Module six.moves | urllib_request | Module six.moves.urllib_request |
@@ -176,6 +190,7 @@
176190
| Module six.moves.__init__ | PY3 | bool True |
177191
| Module six.moves.__init__ | SimpleHTTPServer | Module http.server |
178192
| Module six.moves.__init__ | StringIO | builtin-class _io.StringIO |
193+
| Module six.moves.__init__ | UserString | class UserString |
179194
| Module six.moves.__init__ | __name__ | str u'six.moves' |
180195
| Module six.moves.__init__ | _thread | Module _thread |
181196
| Module six.moves.__init__ | builtins | Module builtins |

python/ql/test/library-tests/PointsTo/guarded/PointsTo.expected

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -49,14 +49,10 @@
4949
| test.py | 301 | ControlFlowNode for x | NoneType None | 291 |
5050
| test.py | 308 | ControlFlowNode for z | int 7 | 305 |
5151
| test.py | 314 | ControlFlowNode for b | NoneType None | 311 |
52-
| test.py | 330 | ControlFlowNode for Attribute | NoneType None | 324 |
53-
| test.py | 330 | ControlFlowNode for Attribute | int 3 | 324 |
5452
| test.py | 332 | ControlFlowNode for Attribute | NoneType None | 322 |
5553
| test.py | 332 | ControlFlowNode for Attribute | int 4 | 322 |
5654
| test.py | 337 | ControlFlowNode for Attribute | NoneType None | 324 |
5755
| test.py | 337 | ControlFlowNode for Attribute | int 3 | 324 |
58-
| test.py | 345 | ControlFlowNode for Attribute | NoneType None | 324 |
59-
| test.py | 345 | ControlFlowNode for Attribute | int 3 | 324 |
6056
| test.py | 347 | ControlFlowNode for Attribute | NoneType None | 322 |
6157
| test.py | 347 | ControlFlowNode for Attribute | int 4 | 322 |
6258
| test.py | 357 | ControlFlowNode for g1 | float 7.0 | 356 |

python/ql/test/library-tests/PointsTo/guarded/PointsToWithType.expected

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -49,14 +49,10 @@
4949
| test.py | 301 | ControlFlowNode for x | NoneType None | builtin-class NoneType | 291 |
5050
| test.py | 308 | ControlFlowNode for z | int 7 | builtin-class int | 305 |
5151
| test.py | 314 | ControlFlowNode for b | NoneType None | builtin-class NoneType | 311 |
52-
| test.py | 330 | ControlFlowNode for Attribute | NoneType None | builtin-class NoneType | 324 |
53-
| test.py | 330 | ControlFlowNode for Attribute | int 3 | builtin-class int | 324 |
5452
| test.py | 332 | ControlFlowNode for Attribute | NoneType None | builtin-class NoneType | 322 |
5553
| test.py | 332 | ControlFlowNode for Attribute | int 4 | builtin-class int | 322 |
5654
| test.py | 337 | ControlFlowNode for Attribute | NoneType None | builtin-class NoneType | 324 |
5755
| test.py | 337 | ControlFlowNode for Attribute | int 3 | builtin-class int | 324 |
58-
| test.py | 345 | ControlFlowNode for Attribute | NoneType None | builtin-class NoneType | 324 |
59-
| test.py | 345 | ControlFlowNode for Attribute | int 3 | builtin-class int | 324 |
6056
| test.py | 347 | ControlFlowNode for Attribute | NoneType None | builtin-class NoneType | 322 |
6157
| test.py | 347 | ControlFlowNode for Attribute | int 4 | builtin-class int | 322 |
6258
| test.py | 357 | ControlFlowNode for g1 | float 7.0 | builtin-class float | 356 |

python/ql/test/library-tests/PointsTo/metaclass/Failed.expected

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,2 @@
11
| test.py:26:1:26:17 | class C5 | Failed to infer metaclass |
2-
| test.py:30:1:30:17 | class C6 | Decorator not understood |
32
| test.py:30:1:30:17 | class C6 | Failed to infer metaclass |

0 commit comments

Comments
 (0)