Python: restrict AttrRead with AttrNode.isLoad()

Author: RasmusWL

python/ql/lib/semmle/python/dataflow/new/internal/Attributes.qll

@@ -204,6 +204,8 @@ abstract class AttrRead extends AttrRef, Node, LocalSourceNode { }
 private class AttributeReadAsAttrRead extends AttrRead, CfgNode {
   override AttrNode node;
 
+  AttributeReadAsAttrRead() { node.isLoad() }
+
   override Node getObject() { result.asCfgNode() = node.getObject() }
 
   override ExprNode getAttributeNameExpr() {

python/ql/test/experimental/attrs/AttrReads.expected

@@ -1,4 +1,2 @@
-| test.py:6:9:6:16 | ControlFlowNode for Attribute | test.py:6:9:6:12 | ControlFlowNode for self | foo |
-| test.py:9:1:9:9 | ControlFlowNode for Attribute | test.py:9:1:9:5 | ControlFlowNode for myobj | foo |
 | test.py:10:1:10:9 | ControlFlowNode for Attribute | test.py:10:1:10:5 | ControlFlowNode for myobj | foo |
 | test.py:13:1:13:21 | ControlFlowNode for getattr() | test.py:13:9:13:13 | ControlFlowNode for myobj | foo |

python/ql/test/experimental/dataflow/typetracking/attribute_tests.py

@@ -25,9 +25,9 @@ def expects_string(x): # $ str=field SPURIOUS: int=field
 
 def test_incompatible_types():
     x = SomeClass() # $int,str=field
-    x.field = int(5) # $int=field int SPURIOUS: str=field str
+    x.field = int(5) # $int=field int SPURIOUS: str=field
     expects_int(x) # $int=field SPURIOUS: str=field
-    x.field = str("Hello") # $str=field str SPURIOUS: int=field int
+    x.field = str("Hello") # $str=field str SPURIOUS: int=field
     expects_string(x) # $ str=field SPURIOUS: int=field
 
 # set in different function