WIP

Author: tausbn

python/ql/lib/semmle/python/ApiGraphs.qll

@@ -451,6 +451,7 @@ module API {
    * allowing this predicate to be used in a negative
    * context when constructing new nodes.
    */
+  overlay[local]
   predicate moduleImportExists(string m) {
     Impl::isImported(m) and
     // restrict `moduleImport` so it will never give results for a dotted name. Note
@@ -695,6 +696,7 @@ module API {
      *
      * This is determined syntactically.
      */
+    overlay[local]
     cached
     predicate isImported(string name) {
       // Ignore the following module name for Python 2, as we alias `__builtin__` to `builtins` elsewhere

python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll

@@ -23,6 +23,7 @@ deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack;
 deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack;
 
 /** A callable with a flow summary, identified by a unique string. */
+overlay[local]
 abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable {
   bindingset[this]
   SummarizedCallable() { any() }

python/ql/lib/semmle/python/dataflow/new/internal/Builtins.qll

@@ -1,4 +1,6 @@
 /** Provides predicates for reasoning about built-ins in Python. */
+overlay[local]
+module;
 
 private import python
 private import semmle.python.dataflow.new.DataFlow

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll

@@ -31,6 +31,8 @@
  * Note: This hasn't been 100% realized yet, so we don't currently expose a predicate to
  * ask what targets any data-flow node has. But it's still the plan to do this!
  */
+overlay[local?]
+module;
 
 private import python
 private import DataFlowPublic
@@ -39,6 +41,7 @@ private import FlowSummaryImpl as FlowSummaryImpl
 private import semmle.python.internal.CachedStages
 private import semmle.python.dataflow.new.internal.TypeTrackingImpl::CallGraphConstruction as CallGraphConstruction
 
+overlay[local]
 newtype TParameterPosition =
   /** Used for `self` in methods, and `cls` in classmethods. */
   TSelfParameterPosition() or
@@ -84,6 +87,7 @@ newtype TParameterPosition =
   TSynthDictSplatParameterPosition()
 
 /** A parameter position. */
+overlay[local]
 class ParameterPosition extends TParameterPosition {
   /** Holds if this position represents a `self`/`cls` parameter. */
   predicate isSelf() { this = TSelfParameterPosition() }
@@ -146,6 +150,7 @@ class ParameterPosition extends TParameterPosition {
   }
 }
 
+overlay[local]
 newtype TArgumentPosition =
   /** Used for `self` in methods, and `cls` in classmethods. */
   TSelfArgumentPosition() or
@@ -180,6 +185,7 @@ newtype TArgumentPosition =
   TDictSplatArgumentPosition()
 
 /** An argument position. */
+overlay[local]
 class ArgumentPosition extends TArgumentPosition {
   /** Holds if this position represents a `self`/`cls` argument. */
   predicate isSelf() { this = TSelfArgumentPosition() }
@@ -248,6 +254,7 @@ predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) {
  * `@staticmethod` decorator or by convention
  * (like a `__new__` method on a class is a classmethod even without the decorator).
  */
+overlay[local]
 predicate isStaticmethod(Function func) {
   exists(NameNode id | id.getId() = "staticmethod" and id.isGlobal() |
     func.getADecorator() = id.getNode()
@@ -259,6 +266,7 @@ predicate isStaticmethod(Function func) {
  * `@classmethod` decorator or by convention
  * (like a `__new__` method on a class is a classmethod even without the decorator).
  */
+overlay[local]
 predicate isClassmethod(Function func) {
   exists(NameNode id | id.getId() = "classmethod" and id.isGlobal() |
     func.getADecorator() = id.getNode()
@@ -275,6 +283,7 @@ predicate isClassmethod(Function func) {
 }
 
 /** Holds if the function `func` has a `property` decorator. */
+overlay[local]
 predicate hasPropertyDecorator(Function func) {
   exists(NameNode id | id.getId() = "property" and id.isGlobal() |
     func.getADecorator() = id.getNode()
@@ -284,6 +293,7 @@ predicate hasPropertyDecorator(Function func) {
 /**
  * Holds if the function `func` has a `contextlib.contextmanager`.
  */
+overlay[local]
 predicate hasContextmanagerDecorator(Function func) {
   exists(ControlFlowNode contextmanager |
     contextmanager.(NameNode).getId() = "contextmanager" and contextmanager.(NameNode).isGlobal()
@@ -298,20 +308,25 @@ predicate hasContextmanagerDecorator(Function func) {
 // Callables
 // =============================================================================
 /** A callable defined in library code, identified by a unique string. */
+overlay[local]
 abstract class LibraryCallable extends string {
   bindingset[this]
   LibraryCallable() { any() }
 
   /** Gets a call to this library callable. */
+  overlay[global]
   abstract CallCfgNode getACall();
 
   /** Same as `getACall` but without referring to the call graph or API graph. */
+  overlay[global]
   CallCfgNode getACallSimple() { none() }
 
   /** Gets a data-flow node, where this library callable is used as a call-back. */
+  overlay[global]
   abstract ArgumentNode getACallback();
 }
 
+overlay[local]
 newtype TDataFlowCallable =
   /**
    * Is used as the target for all calls: plain functions, lambdas, methods on classes,
@@ -329,6 +344,7 @@ newtype TDataFlowCallable =
   TLibraryCallable(LibraryCallable callable)
 
 /** A callable. */
+overlay[local]
 abstract class DataFlowCallable extends TDataFlowCallable {
   /** Gets a textual representation of this element. */
   abstract string toString();
@@ -350,6 +366,7 @@ abstract class DataFlowCallable extends TDataFlowCallable {
 }
 
 /** A callable function. */
+overlay[local]
 abstract class DataFlowFunction extends DataFlowCallable, TFunction {
   Function func;
 
@@ -370,6 +387,7 @@ abstract class DataFlowFunction extends DataFlowCallable, TFunction {
   /** Gets the positional parameter offset, to take into account self/cls parameters. */
   int positionalOffset() { result = 0 }
 
+  overlay[local]
   override ParameterNode getParameter(ParameterPosition ppos) {
     // Do not handle lower bound positions (such as `[1..]`) here
     // they are handled by parameter matching and would create
@@ -408,11 +426,13 @@ abstract class DataFlowFunction extends DataFlowCallable, TFunction {
 }
 
 /** A plain (non-method) function. */
+overlay[local]
 class DataFlowPlainFunction extends DataFlowFunction {
   DataFlowPlainFunction() { not this instanceof DataFlowMethod }
 }
 
 /** A method. */
+overlay[local]
 class DataFlowMethod extends DataFlowFunction {
   Class cls;
 
@@ -431,11 +451,13 @@ class DataFlowMethod extends DataFlowFunction {
 }
 
 /** A classmethod. */
+overlay[local]
 class DataFlowClassmethod extends DataFlowMethod {
   DataFlowClassmethod() { isClassmethod(func) }
 }
 
 /** A staticmethod. */
+overlay[local]
 class DataFlowStaticmethod extends DataFlowMethod, DataFlowFunction {
   DataFlowStaticmethod() { isStaticmethod(func) }
 
@@ -450,6 +472,7 @@ class DataFlowStaticmethod extends DataFlowMethod, DataFlowFunction {
  * A module. This is not actually a callable, but we need this so a
  * `ModuleVariableNode` have an enclosing callable.
  */
+overlay[local]
 class DataFlowModuleScope extends DataFlowCallable, TModule {
   Module mod;
 
@@ -466,6 +489,7 @@ class DataFlowModuleScope extends DataFlowCallable, TModule {
   override ParameterNode getParameter(ParameterPosition ppos) { none() }
 }
 
+overlay[local]
 class LibraryCallableValue extends DataFlowCallable, TLibraryCallable {
   LibraryCallable callable;
 
@@ -476,6 +500,7 @@ class LibraryCallableValue extends DataFlowCallable, TLibraryCallable {
   override string getQualifiedName() { result = callable.toString() }
 
   /** Gets a data-flow node, where this library callable is used as a call-back. */
+  overlay[global]
   ArgumentNode getACallback() { result = callable.getACallback() }
 
   override Scope getScope() { none() }
@@ -1589,6 +1614,7 @@ class SummaryCall extends DataFlowCall, TSummaryCall {
  * The value of a parameter at function entry, viewed as a node in a data
  * flow graph.
  */
+overlay[local]
 abstract class ParameterNodeImpl extends Node {
   /** Gets the `Parameter` this `ParameterNode` represents. */
   abstract Parameter getParameter();
@@ -1610,6 +1636,7 @@ abstract class ParameterNodeImpl extends Node {
  *
  * This is used for tracking flow through captured variables.
  */
+overlay[local]
 class SynthCapturedVariablesParameterNode extends ParameterNodeImpl,
   TSynthCapturedVariablesParameterNode
 {
@@ -1634,6 +1661,7 @@ class SynthCapturedVariablesParameterNode extends ParameterNodeImpl,
 }
 
 /** A parameter for a library callable with a flow summary. */
+overlay[local]
 class SummaryParameterNode extends ParameterNodeImpl, FlowSummaryNode {
   SummaryParameterNode() {
     FlowSummaryImpl::Private::summaryParameterNode(this.getSummaryNode(), _)
@@ -1800,12 +1828,14 @@ DataFlowCallable viableCallable(DataFlowCall call) {
 // =============================================================================
 // Remaining required data-flow things
 // =============================================================================
+overlay[local]
 private newtype TReturnKind = TNormalReturnKind()
 
 /**
  * A return kind. A return kind describes how a value can be returned
  * from a callable. For Python, this is simply a method return.
  */
+overlay[local]
 class ReturnKind extends TReturnKind {
   /** Gets a textual representation of this element. */
   string toString() { result = "return" }

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll

@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 private import python
 private import DataFlowPublic
 private import semmle.python.essa.SsaCompute
@@ -39,6 +42,7 @@ predicate isArgumentNode(ArgumentNode arg, DataFlowCall c, ArgumentPosition pos)
 //--------
 // Nodes
 //--------
+overlay[local]
 predicate isExpressionNode(ControlFlowNode node) { node.getNode() instanceof Expr }
 
 // =============================================================================
@@ -111,6 +115,7 @@ class SyntheticPreUpdateNode extends Node, TSyntheticPreUpdateNode {
  * func = foo if <cond> else bar
  * func(1, 2, 3)
  */
+overlay[local]
 class SynthStarArgsElementParameterNode extends ParameterNodeImpl,
   TSynthStarArgsElementParameterNode
 {
@@ -241,6 +246,7 @@ private predicate dictSplatParameterNodeClearStep(ParameterNode n, DictionaryEle
  *  (c) since the synthesized nodes are hidden, the reported data-flow paths will be
  *      collapsed anyway.
  */
+overlay[local]
 class SynthDictSplatParameterNode extends ParameterNodeImpl, TSynthDictSplatParameterNode {
   DataFlowCallable callable;
 

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll

@@ -1,6 +1,8 @@
 /**
  * Provides Python-specific definitions for use in the data flow library.
  */
+overlay[local]
+module;
 
 private import python
 private import DataFlowPrivate
@@ -22,6 +24,7 @@ private import semmle.python.frameworks.data.ModelsAsData
  * - Module variable nodes: These represent global variables and act as canonical targets for reads and writes of these.
  * - Synthetic nodes: These handle flow in various special cases.
  */
+overlay[local]
 newtype TNode =
   /** A node corresponding to a control flow node. */
   TCfgNode(ControlFlowNode node) {
@@ -76,15 +79,7 @@ newtype TNode =
     node.getNode() = any(Comp c).getIterable()
   } or
   /** A node representing a global (module-level) variable in a specific module. */
-  TModuleVariableNode(Module m, GlobalVariable v) {
-    v.getScope() = m and
-    (
-      v.escapes()
-      or
-      isAccessedThroughImportStar(m) and
-      ImportStar::globalNameDefinedInModule(v.getId(), m)
-    )
-  } or
+  TModuleVariableNode(Module m, GlobalVariable v) { v.getScope() = m } or
   /**
    * A synthetic node representing that an iterable sequence flows to consumer.
    */
@@ -151,6 +146,7 @@ private import semmle.python.internal.CachedStages
  * An element, viewed as a node in a data flow graph. Either an SSA variable
  * (`EssaNode`) or a control flow node (`CfgNode`).
  */
+overlay[local]
 class Node extends TNode {
   /** Gets a textual representation of this element. */
   cached
@@ -318,6 +314,7 @@ class ScopeEntryDefinitionNode extends Node, TScopeEntryDefinitionNode {
  * The value of a parameter at function entry, viewed as a node in a data
  * flow graph.
  */
+overlay[local]
 class ParameterNode extends Node instanceof ParameterNodeImpl {
   /** Gets the parameter corresponding to this node, if any. */
   final Parameter getParameter() { result = super.getParameter() }
@@ -613,6 +610,7 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
  * Algebraic datatype for tracking data content associated with values.
  * Content can be collection elements or object attributes.
  */
+overlay[local]
 newtype TContent =
   /** An element of a list. */
   TListElementContent() or
@@ -684,6 +682,7 @@ newtype TContent =
  * If the value is a collection, it can have elements,
  * if it is an object, it can have attribute values.
  */
+overlay[local]
 class Content extends TContent {
   /** Gets a textual representation of this element. */
   string toString() { result = "Content" }

python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll

@@ -1,6 +1,8 @@
 /**
  * Provides classes and predicates for defining flow summaries.
  */
+overlay[local]
+module;
 
 private import python
 private import codeql.dataflow.internal.FlowSummaryImpl

python/ql/lib/semmle/python/dataflow/new/internal/ImportStar.qll

@@ -1,4 +1,6 @@
 /** Provides predicates for reasoning about uses of `import *` in Python. */
+overlay[local]
+module;
 
 private import python
 private import semmle.python.dataflow.new.internal.Builtins
@@ -92,6 +94,7 @@ module ImportStar {
    *
    * this would return the data-flow nodes corresponding to `foo.bar` and `quux`.
    */
+  overlay[local]
   cached
   ControlFlowNode potentialImportStarBase(Scope s) {
     result = any(ImportStarNode n | n.getScope() = s).getModule()

python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll

@@ -166,6 +166,8 @@
  *
  *  `c`: [ListElementContent]
  */
+overlay[local]
+module;
 
 private import python
 private import DataFlowPublic

python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll

@@ -5,6 +5,8 @@
  * Note that unlike `TypeTracker.qll`, this library only performs
  * local tracking within a function.
  */
+overlay[local]
+module;
 
 private import python
 import DataFlowPublic