Python: more tests and comments

yoff · yoff · commit a9c409403c91 · 2021-09-08T14:44:36.000+02:00
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
@@ -245,6 +245,9 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) {
 /**
  * Holds if there is an Essa flow step from `nodeFrom` to `nodeTo` that does not switch between
  * local and global SSA variables.
+ *
+ * This predicate is currently empty, since `EssaFlow::essaFlowStep` never goes between `EssaNode`s.
+ * (It only starts in an `EssaNode` in a single case, namely `defToFirstUse` which ends in a `CfgNode`.)
  */
 private predicate localEssaStep(EssaNode nodeFrom, EssaNode nodeTo) {
   EssaFlow::essaFlowStep(nodeFrom, nodeTo) and
diff --git a/python/ql/test/experimental/dataflow/module-initialization/localFlow.expected b/python/ql/test/experimental/dataflow/module-initialization/localFlow.expected
@@ -0,0 +1,45 @@
+| base.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | base.py:1:1:1:3 | GSSA Variable foo |
+| m1.py:2:7:2:8 | ControlFlowNode for IntegerLiteral | m1.py:2:1:2:3 | GSSA Variable foo |
+| m1.py:4:8:4:11 | ControlFlowNode for ImportExpr | m1.py:4:8:4:11 | GSSA Variable base |
+| m1.py:4:8:4:11 | GSSA Variable base | m1.py:10:14:10:17 | ControlFlowNode for base |
+| m1.py:6:1:6:14 | ControlFlowNode for FunctionExpr | m1.py:6:5:6:10 | GSSA Variable passOn |
+| m1.py:6:5:6:10 | GSSA Variable passOn | m1.py:10:7:10:12 | ControlFlowNode for passOn |
+| m1.py:10:7:10:22 | ControlFlowNode for passOn() | m1.py:10:1:10:3 | GSSA Variable bar |
+| multiphase.py:0:0:0:0 | GSSA Variable __file__ | multiphase.py:4:50:4:57 | ControlFlowNode for __file__ |
+| multiphase.py:0:0:0:0 | GSSA Variable expects | multiphase.py:37:2:37:8 | ControlFlowNode for expects |
+| multiphase.py:1:8:1:10 | ControlFlowNode for ImportExpr | multiphase.py:1:8:1:10 | GSSA Variable sys |
+| multiphase.py:1:8:1:10 | GSSA Variable sys | multiphase.py:4:1:4:3 | ControlFlowNode for sys |
+| multiphase.py:2:8:2:9 | ControlFlowNode for ImportExpr | multiphase.py:2:8:2:9 | GSSA Variable os |
+| multiphase.py:2:8:2:9 | GSSA Variable os | multiphase.py:4:17:4:18 | ControlFlowNode for os |
+| multiphase.py:4:17:4:18 | ControlFlowNode for os | multiphase.py:4:33:4:34 | ControlFlowNode for os |
+| multiphase.py:4:17:4:18 | [post read] ControlFlowNode for os | multiphase.py:4:33:4:34 | ControlFlowNode for os |
+| multiphase.py:8:1:8:9 | GSSA Variable NONSOURCE | multiphase.py:34:7:34:15 | ControlFlowNode for NONSOURCE |
+| multiphase.py:8:13:8:26 | ControlFlowNode for Str | multiphase.py:8:1:8:9 | GSSA Variable NONSOURCE |
+| multiphase.py:9:10:9:17 | ControlFlowNode for Str | multiphase.py:9:1:9:6 | GSSA Variable SOURCE |
+| multiphase.py:12:1:12:17 | ControlFlowNode for FunctionExpr | multiphase.py:12:5:12:13 | GSSA Variable is_source |
+| multiphase.py:16:1:16:12 | ControlFlowNode for FunctionExpr | multiphase.py:16:5:16:8 | GSSA Variable SINK |
+| multiphase.py:23:1:23:14 | ControlFlowNode for FunctionExpr | multiphase.py:23:5:23:10 | GSSA Variable SINK_F |
+| multiphase.py:29:1:29:14 | ControlFlowNode for FunctionExpr | multiphase.py:29:5:29:11 | GSSA Variable set_foo |
+| multiphase.py:29:5:29:11 | GSSA Variable set_foo | multiphase.py:35:1:35:7 | ControlFlowNode for set_foo |
+| multiphase.py:34:7:34:15 | ControlFlowNode for NONSOURCE | multiphase.py:34:1:34:3 | GSSA Variable foo |
+| multiphase.py:37:2:37:11 | ControlFlowNode for expects()() | multiphase.py:38:5:38:15 | GSSA Variable test_phases |
+| test.py:2:13:2:26 | ControlFlowNode for Str | test.py:2:1:2:9 | GSSA Variable NONSOURCE |
+| test.py:3:10:3:17 | ControlFlowNode for Str | test.py:3:1:3:6 | GSSA Variable SOURCE |
+| test.py:6:1:6:17 | ControlFlowNode for FunctionExpr | test.py:6:5:6:13 | GSSA Variable is_source |
+| test.py:10:1:10:12 | ControlFlowNode for FunctionExpr | test.py:10:5:10:8 | GSSA Variable SINK |
+| test.py:17:1:17:14 | ControlFlowNode for FunctionExpr | test.py:17:5:17:10 | GSSA Variable SINK_F |
+| test.py:23:8:23:11 | ControlFlowNode for ImportExpr | test.py:23:8:23:11 | GSSA Variable base |
+| test.py:23:8:23:11 | GSSA Variable base | test.py:25:1:25:4 | ControlFlowNode for base |
+| test.py:27:8:27:9 | ControlFlowNode for ImportExpr | test.py:27:8:27:9 | GSSA Variable m1 |
+| test.py:29:1:29:17 | ControlFlowNode for FunctionExpr | test.py:29:5:29:14 | GSSA Variable test_const |
+| test.py:32:1:32:23 | ControlFlowNode for FunctionExpr | test.py:32:5:32:20 | GSSA Variable test_overwritten |
+| testOnce.py:2:13:2:26 | ControlFlowNode for Str | testOnce.py:2:1:2:9 | GSSA Variable NONSOURCE |
+| testOnce.py:3:10:3:17 | ControlFlowNode for Str | testOnce.py:3:1:3:6 | GSSA Variable SOURCE |
+| testOnce.py:6:1:6:17 | ControlFlowNode for FunctionExpr | testOnce.py:6:5:6:13 | GSSA Variable is_source |
+| testOnce.py:10:1:10:12 | ControlFlowNode for FunctionExpr | testOnce.py:10:5:10:8 | GSSA Variable SINK |
+| testOnce.py:17:1:17:14 | ControlFlowNode for FunctionExpr | testOnce.py:17:5:17:10 | GSSA Variable SINK_F |
+| testOnce.py:23:8:23:9 | ControlFlowNode for ImportExpr | testOnce.py:23:8:23:9 | GSSA Variable m1 |
+| testOnce.py:25:8:25:11 | ControlFlowNode for ImportExpr | testOnce.py:25:8:25:11 | GSSA Variable base |
+| testOnce.py:25:8:25:11 | GSSA Variable base | testOnce.py:27:1:27:4 | ControlFlowNode for base |
+| testOnce.py:29:1:29:17 | ControlFlowNode for FunctionExpr | testOnce.py:29:5:29:14 | GSSA Variable test_const |
+| testOnce.py:32:1:32:25 | ControlFlowNode for FunctionExpr | testOnce.py:32:5:32:22 | GSSA Variable test_unoverwritten |
diff --git a/python/ql/test/experimental/dataflow/module-initialization/localFlow.ql b/python/ql/test/experimental/dataflow/module-initialization/localFlow.ql
@@ -0,0 +1,20 @@
+// This query should be more focused yet.
+import python
+import semmle.python.dataflow.new.DataFlow
+
+pragma[inline]
+predicate inCodebase(DataFlow::Node node) { exists(node.getLocation().getFile().getRelativePath()) }
+
+predicate isTopLevel(DataFlow::Node node) { node.getScope() instanceof Module }
+
+predicate inFocus(DataFlow::Node node) {
+  isTopLevel(node) and
+  inCodebase(node)
+}
+
+from DataFlow::Node nodeFrom, DataFlow::Node nodeTo
+where
+  inFocus(nodeFrom) and
+  inFocus(nodeTo) and
+  DataFlow::localFlowStep(nodeFrom, nodeTo)
+select nodeFrom, nodeTo
diff --git a/python/ql/test/experimental/dataflow/module-initialization/multiphase.py b/python/ql/test/experimental/dataflow/module-initialization/multiphase.py
@@ -0,0 +1,43 @@
+import sys
+import os
+
+sys.path.append(os.path.dirname(os.path.dirname((__file__))))
+from testlib import *
+
+# These are defined so that we can evaluate the test code.
+NONSOURCE = "not a source"
+SOURCE = "source"
+
+
+def is_source(x):
+    return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
+
+
+def SINK(x):
+    if is_source(x):
+        print("OK")
+    else:
+        print("Unexpected flow", x)
+
+
+def SINK_F(x):
+    if is_source(x):
+        print("Unexpected flow", x)
+    else:
+        print("OK")
+
+def set_foo():
+    global foo
+    print(foo)
+    foo = SOURCE
+
+foo = NONSOURCE
+set_foo()
+
+@expects(2)
+def test_phases():
+    global foo
+    SINK(foo)
+    foo = NONSOURCE
+    set_foo()
+    SINK(foo)
diff --git a/python/ql/test/experimental/dataflow/validTest.py b/python/ql/test/experimental/dataflow/validTest.py
@@ -56,6 +56,7 @@ def check_tests_valid(testFile):
     check_tests_valid("variable-capture.in")
     check_tests_valid("variable-capture.nonlocal")
     check_tests_valid("variable-capture.dict")
+    check_tests_valid("module-initialization.multiphase")
     # The below fails when trying to import modules
     # check_tests_valid("module-initialization.test")
     # check_tests_valid("module-initialization.testOnce")
