Python: Remove mutable default sources from inside stdlib

Author: tausbn

python/ql/src/semmle/python/functions/ModificationOfParameterWithDefaultCustomizations.qll

@@ -75,7 +75,11 @@ module ModificationOfParameterWithDefault {
   class MutableDefaultValue extends Source {
     boolean nonEmpty;
 
-    MutableDefaultValue() { nonEmpty = mutableDefaultValue(this.asCfgNode().(NameNode).getNode()) }
+    MutableDefaultValue() {
+      nonEmpty = mutableDefaultValue(this.asCfgNode().(NameNode).getNode()) and
+      // Ignore sources inside the standard library. These are unlikely to be true positives.
+      exists(this.getLocation().getFile().getRelativePath())
+    }
 
     override boolean isNonEmpty() { result = nonEmpty }
   }

python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/ModificationOfParameterWithDefault.expected

@@ -1,12 +1,6 @@
 edges
 | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:128:14:128:14 | ControlFlowNode for x | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:149:34:149:34 | ControlFlowNode for x |
 | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:128:14:128:14 | ControlFlowNode for x | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:170:21:170:21 | ControlFlowNode for y |
-| file:///usr/local/python/3.10.13/lib/python3.10/copy.py:128:28:128:31 | ControlFlowNode for _nil | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:138:21:138:24 | ControlFlowNode for _nil |
-| file:///usr/local/python/3.10.13/lib/python3.10/copy.py:138:5:138:5 | ControlFlowNode for y | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:140:16:140:16 | ControlFlowNode for y |
-| file:///usr/local/python/3.10.13/lib/python3.10/copy.py:138:9:138:25 | ControlFlowNode for Attribute() | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:138:5:138:5 | ControlFlowNode for y |
-| file:///usr/local/python/3.10.13/lib/python3.10/copy.py:138:21:138:24 | ControlFlowNode for _nil | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:138:9:138:25 | ControlFlowNode for Attribute() |
-| file:///usr/local/python/3.10.13/lib/python3.10/copy.py:140:16:140:16 | ControlFlowNode for y | test.py:213:9:213:20 | ControlFlowNode for deepcopy() |
-| file:///usr/local/python/3.10.13/lib/python3.10/copy.py:140:16:140:16 | ControlFlowNode for y | test.py:217:9:217:19 | ControlFlowNode for deepcopy() |
 | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:149:13:149:13 | ControlFlowNode for y | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:178:12:178:12 | ControlFlowNode for y |
 | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:149:17:149:41 | ControlFlowNode for _deepcopy_atomic() | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:149:13:149:13 | ControlFlowNode for y |
 | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:149:34:149:34 | ControlFlowNode for x | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:149:17:149:41 | ControlFlowNode for _deepcopy_atomic() |
@@ -54,20 +48,13 @@ edges
 | test.py:195:28:195:28 | ControlFlowNode for x | test.py:181:28:181:28 | ControlFlowNode for x |
 | test.py:197:18:197:18 | ControlFlowNode for x | test.py:198:28:198:28 | ControlFlowNode for x |
 | test.py:198:28:198:28 | ControlFlowNode for x | test.py:181:28:181:28 | ControlFlowNode for x |
-| test.py:213:5:213:5 | ControlFlowNode for y | test.py:214:5:214:5 | ControlFlowNode for y |
-| test.py:213:9:213:20 | ControlFlowNode for deepcopy() | test.py:213:5:213:5 | ControlFlowNode for y |
 | test.py:216:30:216:30 | ControlFlowNode for x | test.py:217:18:217:18 | ControlFlowNode for x |
 | test.py:217:5:217:5 | ControlFlowNode for y | test.py:218:5:218:5 | ControlFlowNode for y |
 | test.py:217:9:217:19 | ControlFlowNode for deepcopy() | test.py:217:5:217:5 | ControlFlowNode for y |
 | test.py:217:18:217:18 | ControlFlowNode for x | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:128:14:128:14 | ControlFlowNode for x |
 | test.py:217:18:217:18 | ControlFlowNode for x | test.py:217:9:217:19 | ControlFlowNode for deepcopy() |
 nodes
 | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:128:14:128:14 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| file:///usr/local/python/3.10.13/lib/python3.10/copy.py:128:28:128:31 | ControlFlowNode for _nil | semmle.label | ControlFlowNode for _nil |
-| file:///usr/local/python/3.10.13/lib/python3.10/copy.py:138:5:138:5 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| file:///usr/local/python/3.10.13/lib/python3.10/copy.py:138:9:138:25 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| file:///usr/local/python/3.10.13/lib/python3.10/copy.py:138:21:138:24 | ControlFlowNode for _nil | semmle.label | ControlFlowNode for _nil |
-| file:///usr/local/python/3.10.13/lib/python3.10/copy.py:140:16:140:16 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
 | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:149:13:149:13 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
 | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:149:17:149:41 | ControlFlowNode for _deepcopy_atomic() | semmle.label | ControlFlowNode for _deepcopy_atomic() |
 | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:149:34:149:34 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
@@ -141,9 +128,6 @@ nodes
 | test.py:195:28:195:28 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
 | test.py:197:18:197:18 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
 | test.py:198:28:198:28 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:213:5:213:5 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:213:9:213:20 | ControlFlowNode for deepcopy() | semmle.label | ControlFlowNode for deepcopy() |
-| test.py:214:5:214:5 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
 | test.py:216:30:216:30 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
 | test.py:217:5:217:5 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
 | test.py:217:9:217:19 | ControlFlowNode for deepcopy() | semmle.label | ControlFlowNode for deepcopy() |
@@ -182,6 +166,4 @@ subpaths
 | test.py:185:9:185:9 | ControlFlowNode for x | test.py:197:18:197:18 | ControlFlowNode for x | test.py:185:9:185:9 | ControlFlowNode for x | This expression mutates a $@. | test.py:197:18:197:18 | ControlFlowNode for x | default value |
 | test.py:187:9:187:9 | ControlFlowNode for x | test.py:194:18:194:18 | ControlFlowNode for x | test.py:187:9:187:9 | ControlFlowNode for x | This expression mutates a $@. | test.py:194:18:194:18 | ControlFlowNode for x | default value |
 | test.py:187:9:187:9 | ControlFlowNode for x | test.py:197:18:197:18 | ControlFlowNode for x | test.py:187:9:187:9 | ControlFlowNode for x | This expression mutates a $@. | test.py:197:18:197:18 | ControlFlowNode for x | default value |
-| test.py:214:5:214:5 | ControlFlowNode for y | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:128:28:128:31 | ControlFlowNode for _nil | test.py:214:5:214:5 | ControlFlowNode for y | This expression mutates a $@. | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:128:28:128:31 | ControlFlowNode for _nil | default value |
-| test.py:218:5:218:5 | ControlFlowNode for y | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:128:28:128:31 | ControlFlowNode for _nil | test.py:218:5:218:5 | ControlFlowNode for y | This expression mutates a $@. | file:///usr/local/python/3.10.13/lib/python3.10/copy.py:128:28:128:31 | ControlFlowNode for _nil | default value |
 | test.py:218:5:218:5 | ControlFlowNode for y | test.py:216:30:216:30 | ControlFlowNode for x | test.py:218:5:218:5 | ControlFlowNode for y | This expression mutates a $@. | test.py:216:30:216:30 | ControlFlowNode for x | default value |

python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.py

@@ -211,7 +211,7 @@ def safe_method(x=[]):
 
 def flow_from_within_deepcopy_fp():
     y = deepcopy([])
-    y.append(1) #$ SPURIOUS: modification=y
+    y.append(1)
 
 def flow_through_deepcopy_fp(x=[]):
     y = deepcopy(x)