Python: Introduce DataFlowOnlyInternalUse to avoid re-evaluation

RasmusWL · RasmusWL · commit 40c592ab8535 · 2021-02-19T15:29:23.000+01:00
diff --git a/config/identical-files.json b/config/identical-files.json
@@ -22,7 +22,8 @@
     "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
     "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
     "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
-    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl4.qll"
+    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl4.qll",
+    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImplOnlyInternalUse.qll"
   ],
   "DataFlow Java/C++/C#/Python Common": [
     "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",
diff --git a/python/ql/src/semmle/python/Concepts.qll b/python/ql/src/semmle/python/Concepts.qll
@@ -6,6 +6,7 @@
 
 import python
 private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.dataflow.new.DataFlowOnlyInternalUse
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.TaintTracking
 private import semmle.python.Frameworks
@@ -565,7 +566,7 @@ module Cryptography {
       /**
        * A data-flow configuration for tracking integer literals.
        */
-      private class IntegerLiteralTrackerConfiguration extends DataFlow::Configuration {
+      private class IntegerLiteralTrackerConfiguration extends DataFlowOnlyInternalUse::Configuration {
         IntegerLiteralTrackerConfiguration() { this = "IntegerLiteralTrackerConfiguration" }
 
         override predicate isSource(DataFlow::Node source) {
diff --git a/python/ql/src/semmle/python/dataflow/new/DataFlowOnlyInternalUse.qll b/python/ql/src/semmle/python/dataflow/new/DataFlowOnlyInternalUse.qll
@@ -0,0 +1,40 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * This copy exists to allow internal non-query usage of global data-flow analyses. If
+ * we used the same copy as was used in multiple queries (A, B, C), then all internal
+ * non-query configurations would have to be re-evaluated for _each_ query, which is
+ * expensive. By having a separate copy, we avoid this re-evaluation.
+ *
+ * Provides a library for local (intra-procedural) and global (inter-procedural)
+ * data flow analysis: deciding whether data can flow from a _source_ to a
+ * _sink_.
+ *
+ * Unless configured otherwise, _flow_ means that the exact value of
+ * the source may reach the sink. We do not track flow across pointer
+ * dereferences or array indexing. To track these types of flow, where the
+ * exact value may not be preserved, import
+ * `semmle.python.dataflow.new.TaintTracking`.
+ *
+ * To use global (interprocedural) data flow, extend the class
+ * `DataFlow::Configuration` as documented on that class. To use local
+ * (intraprocedural) data flow, call `DataFlow::localFlow` or
+ * `DataFlow::localFlowStep` with arguments of type `DataFlow::Node`.
+ */
+
+private import python
+
+/**
+ * INTERNAL: Do not use.
+ *
+ * This copy exists to allow internal non-query usage of global data-flow analyses. If
+ * we used the same copy as was used in multiple queries (A, B, C), then all internal
+ * non-query configurations would have to be re-evaluated for _each_ query, which is
+ * expensive. By having a separate copy, we avoid this re-evaluation.
+ *
+ * Provides classes for performing local (intra-procedural) and
+ * global (inter-procedural) data flow analyses.
+ */
+module DataFlowOnlyInternalUse {
+  import semmle.python.dataflow.new.internal.DataFlowImplOnlyInternalUse
+}
diff --git a/python/ql/src/semmle/python/dataflow/new/internal/DataFlowImplOnlyInternalUse.qll b/python/ql/src/semmle/python/dataflow/new/internal/DataFlowImplOnlyInternalUse.qll
