Merge pull request #20142 from joefarebrother/python-qual-subclass-shadow

Python: Modernise Superclass attribute shadows subclass method query

Author: joefarebrother

python/ql/integration-tests/query-suite/python-code-quality-extended.qls.expected

@@ -8,7 +8,7 @@ ql/python/ql/src/Classes/InitCallsSubclass/InitCallsSubclassMethod.ql
 ql/python/ql/src/Classes/MissingCallToDel.ql
 ql/python/ql/src/Classes/MissingCallToInit.ql
 ql/python/ql/src/Classes/MutatingDescriptor.ql
-ql/python/ql/src/Classes/SubclassShadowing.ql
+ql/python/ql/src/Classes/SubclassShadowing/SubclassShadowing.ql
 ql/python/ql/src/Classes/SuperclassDelCalledMultipleTimes.ql
 ql/python/ql/src/Classes/SuperclassInitCalledMultipleTimes.ql
 ql/python/ql/src/Classes/WrongNameForArgumentInClassInstantiation.ql

python/ql/integration-tests/query-suite/python-code-quality.qls.expected

@@ -8,7 +8,7 @@ ql/python/ql/src/Classes/InitCallsSubclass/InitCallsSubclassMethod.ql
 ql/python/ql/src/Classes/MissingCallToDel.ql
 ql/python/ql/src/Classes/MissingCallToInit.ql
 ql/python/ql/src/Classes/MutatingDescriptor.ql
-ql/python/ql/src/Classes/SubclassShadowing.ql
+ql/python/ql/src/Classes/SubclassShadowing/SubclassShadowing.ql
 ql/python/ql/src/Classes/SuperclassDelCalledMultipleTimes.ql
 ql/python/ql/src/Classes/SuperclassInitCalledMultipleTimes.ql
 ql/python/ql/src/Classes/WrongNameForArgumentInClassInstantiation.ql

python/ql/integration-tests/query-suite/python-security-and-quality.qls.expected

@@ -11,7 +11,7 @@ ql/python/ql/src/Classes/MutatingDescriptor.ql
 ql/python/ql/src/Classes/OverwritingAttributeInSuperClass.ql
 ql/python/ql/src/Classes/PropertyInOldStyleClass.ql
 ql/python/ql/src/Classes/SlotsInOldStyleClass.ql
-ql/python/ql/src/Classes/SubclassShadowing.ql
+ql/python/ql/src/Classes/SubclassShadowing/SubclassShadowing.ql
 ql/python/ql/src/Classes/SuperInOldStyleClass.ql
 ql/python/ql/src/Classes/SuperclassDelCalledMultipleTimes.ql
 ql/python/ql/src/Classes/SuperclassInitCalledMultipleTimes.ql

python/ql/src/Classes/SubclassShadowing.py

@@ -0,0 +1,39 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+<p>
+When an object has an attribute that shares its name with a method on the object's class (or another class attribute), the instance attribute is 
+prioritized during attribute lookup, shadowing the method.  
+
+If a method on a subclass is shadowed by an attribute on a superclass in this way, this may lead to unexpected results or errors, as this
+shadowing behavior is nonlocal and may be unintended.
+</p>
+
+</overview>
+<recommendation>
+
+<p>
+Ensure method names on subclasses don't conflict with attribute names on superclasses, and rename one.  
+If the shadowing behavior is intended, ensure this is explicit in the superclass.
+</p>
+
+</recommendation>
+<example>
+<p>
+In the following example, the <code>_foo</code> attribute of class <code>A</code> shadows the method <code>_foo</code> of class <code>B</code>. 
+Calls to <code>B()._foo()</code> will result in a <code>TypeError</code>, as <code>3</code> will be called instead. 
+</p>
+
+<sample src="examples/SubclassShadowingBad.py" />
+
+<p>
+In the following example, the behavior of the <code>default</code> attribute being shadowed to allow for customization during initialization is
+intended in within the superclass <code>A</code>. Overriding <code>default</code> in the subclass <code>B</code> is then OK.
+</p>
+
+<sample src="examples/SubclassShadowingGood.py" />
+
+</example>
+</qhelp>

python/ql/src/Classes/SubclassShadowing.qhelp

@@ -0,0 +1,71 @@
+/**
+ * @name Superclass attribute shadows subclass method
+ * @description Defining an attribute in a superclass method with a name that matches a subclass
+ *              method, hides the method in the subclass.
+ * @kind problem
+ * @problem.severity error
+ * @tags quality
+ *       reliability
+ *       correctness
+ * @sub-severity low
+ * @precision high
+ * @id py/attribute-shadows-method
+ */
+
+import python
+import semmle.python.ApiGraphs
+import semmle.python.dataflow.new.internal.DataFlowDispatch
+
+predicate isSettableProperty(Function prop) {
+  isProperty(prop) and
+  exists(Function setter |
+    setter.getScope() = prop.getScope() and
+    setter.getName() = prop.getName() and
+    isSetter(setter)
+  )
+}
+
+predicate isSetter(Function f) {
+  exists(DataFlow::AttrRead attr |
+    f.getADecorator() = attr.asExpr() and
+    attr.getAttributeName() = "setter"
+  )
+}
+
+predicate isProperty(Function prop) {
+  prop.getADecorator() = API::builtin("property").asSource().asExpr()
+}
+
+predicate shadowedBySuperclass(
+  Class cls, Class superclass, DataFlow::AttrWrite write, Function shadowed
+) {
+  getADirectSuperclass+(cls) = superclass and
+  shadowed = cls.getAMethod() and
+  exists(Function init |
+    init = superclass.getInitMethod() and
+    DataFlow::parameterNode(init.getArg(0)).(DataFlow::LocalSourceNode).flowsTo(write.getObject()) and
+    write.getAttributeName() = shadowed.getName()
+  ) and
+  // Allow cases in which the super class defines the method as well.
+  // We assume that the original method must have been defined for a reason.
+  not exists(Function superShadowed |
+    superShadowed = superclass.getAMethod() and
+    superShadowed.getName() = shadowed.getName()
+  ) and
+  // Allow properties if they have setters, as the write in the superclass will call the setter.
+  not isSettableProperty(shadowed) and
+  not isSetter(shadowed)
+}
+
+from Class cls, Class superclass, DataFlow::AttrWrite write, Function shadowed, string extra
+where
+  shadowedBySuperclass(cls, superclass, write, shadowed) and
+  (
+    if isProperty(shadowed)
+    then
+      // it's not a setter, so it's a read-only property
+      extra = " (read-only property may cause an error if written to in the superclass)"
+    else extra = ""
+  )
+select shadowed, "This method is shadowed by $@ in superclass $@." + extra, write,
+  "attribute " + write.getAttributeName(), superclass, superclass.getName()

python/ql/src/Classes/SubclassShadowing.ql

@@ -0,0 +1,9 @@
+class A:
+    def __init__(self):
+        self._foo = 3
+
+class B(A):
+    # BAD: _foo is shadowed by attribute A._foo
+    def _foo(self):
+        return 2
+

python/ql/src/Classes/SubclassShadowing/SubclassShadowing.qhelp

@@ -0,0 +1,15 @@
+class A:
+    def __init__(self, default_func=None):
+        if default_func is not None:
+            self.default = default_func 
+
+    # GOOD: The shadowing behavior is explicitly intended in the superclass.
+    def default(self):
+        return []
+    
+class B(A):
+    
+    # Subclasses may override the method `default`, which will still be shadowed by the attribute `default` if it is set.
+    # As this is part of the expected behavior of the superclass, this is fine. 
+    def default(self):
+        return {}