Skip to content

Commit 40c592a

Browse files
committed
Python: Introduce DataFlowOnlyInternalUse to avoid re-evaluation
1 parent d084261 commit 40c592a

File tree

4 files changed

+4197
-2
lines changed

4 files changed

+4197
-2
lines changed

config/identical-files.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,8 @@
2222
"python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
2323
"python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
2424
"python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
25-
"python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl4.qll"
25+
"python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl4.qll",
26+
"python/ql/src/semmle/python/dataflow/new/internal/DataFlowImplOnlyInternalUse.qll"
2627
],
2728
"DataFlow Java/C++/C#/Python Common": [
2829
"java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",

python/ql/src/semmle/python/Concepts.qll

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66

77
import python
88
private import semmle.python.dataflow.new.DataFlow
9+
private import semmle.python.dataflow.new.DataFlowOnlyInternalUse
910
private import semmle.python.dataflow.new.RemoteFlowSources
1011
private import semmle.python.dataflow.new.TaintTracking
1112
private import semmle.python.Frameworks
@@ -565,7 +566,7 @@ module Cryptography {
565566
/**
566567
* A data-flow configuration for tracking integer literals.
567568
*/
568-
private class IntegerLiteralTrackerConfiguration extends DataFlow::Configuration {
569+
private class IntegerLiteralTrackerConfiguration extends DataFlowOnlyInternalUse::Configuration {
569570
IntegerLiteralTrackerConfiguration() { this = "IntegerLiteralTrackerConfiguration" }
570571

571572
override predicate isSource(DataFlow::Node source) {
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
/**
2+
* INTERNAL: Do not use.
3+
*
4+
* This copy exists to allow internal non-query usage of global data-flow analyses. If
5+
* we used the same copy as was used in multiple queries (A, B, C), then all internal
6+
* non-query configurations would have to be re-evaluated for _each_ query, which is
7+
* expensive. By having a separate copy, we avoid this re-evaluation.
8+
*
9+
* Provides a library for local (intra-procedural) and global (inter-procedural)
10+
* data flow analysis: deciding whether data can flow from a _source_ to a
11+
* _sink_.
12+
*
13+
* Unless configured otherwise, _flow_ means that the exact value of
14+
* the source may reach the sink. We do not track flow across pointer
15+
* dereferences or array indexing. To track these types of flow, where the
16+
* exact value may not be preserved, import
17+
* `semmle.python.dataflow.new.TaintTracking`.
18+
*
19+
* To use global (interprocedural) data flow, extend the class
20+
* `DataFlow::Configuration` as documented on that class. To use local
21+
* (intraprocedural) data flow, call `DataFlow::localFlow` or
22+
* `DataFlow::localFlowStep` with arguments of type `DataFlow::Node`.
23+
*/
24+
25+
private import python
26+
27+
/**
28+
* INTERNAL: Do not use.
29+
*
30+
* This copy exists to allow internal non-query usage of global data-flow analyses. If
31+
* we used the same copy as was used in multiple queries (A, B, C), then all internal
32+
* non-query configurations would have to be re-evaluated for _each_ query, which is
33+
* expensive. By having a separate copy, we avoid this re-evaluation.
34+
*
35+
* Provides classes for performing local (intra-procedural) and
36+
* global (inter-procedural) data flow analyses.
37+
*/
38+
module DataFlowOnlyInternalUse {
39+
import semmle.python.dataflow.new.internal.DataFlowImplOnlyInternalUse
40+
}

0 commit comments

Comments
 (0)