Python: Only track modules that are imported

tausbn · tausbn · commit 43ae7462b44b · 2021-04-06T21:56:12.000+02:00
This greatly restricts the set of modules that have a new name under
this scheme.

One change to the tests was needed, which reflects the fact that the
two `main.py` files no longer have the name `main` (which makes sense,
since they're never imported under this name).
diff --git a/python/ql/src/semmle/python/Module.qll b/python/ql/src/semmle/python/Module.qll
@@ -201,16 +201,31 @@ private string moduleNameFromBase(Container file) {
   file instanceof File and result = file.getStem()
 }
 
+/**
+ * Holds if `file` may be transitively imported from a file that may serve as the entry point of
+ * the execution.
+ */
+private predicate transitively_imported_from_entry_point(File file) {
+  file.getExtension().matches("%py%") and
+  exists(File importer |
+    importer.getParent() = file.getParent() and
+    exists(ImportExpr i | i.getLocation().getFile() = importer and i.getName() = file.getStem())
+  |
+    importer.maybeExecutedDirectly() or transitively_imported_from_entry_point(importer)
+  )
+}
+
 string moduleNameFromFile(Container file) {
   exists(string basename |
     basename = moduleNameFromBase(file) and
     legalShortName(basename)
   |
     result = moduleNameFromFile(file.getParent()) + "." + basename
     or
-    // If execution can start in the folder containing this module, then we will assume `file` can
-    // be imported as an absolute import, and hence return `basename` as a possible name.
-    file.getParent().(Folder).mayContainEntryPoint() and result = basename
+    // If `file` is a transitive import of a file that's executed directly, we allow references
+    // to it by its `basename`.
+    transitively_imported_from_entry_point(file) and
+    result = basename
   )
   or
   isPotentialSourcePackage(file) and
diff --git a/python/ql/test/3/library-tests/modules/entry_point/modules.expected b/python/ql/test/3/library-tests/modules/entry_point/modules.expected
@@ -1,5 +1,3 @@
-| main | hash_bang/main.py:0:0:0:0 | Script main |
-| main | name_main/main.py:0:0:0:0 | Module main |
 | module | hash_bang/module.py:0:0:0:0 | Module module |
 | module | name_main/module.py:0:0:0:0 | Module module |
 | package | hash_bang/package:0:0:0:0 | Package package |

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,3 @@`
`1`		`-\| main \| hash_bang/main.py:0:0:0:0 \| Script main \|`
`2`		`-\| main \| name_main/main.py:0:0:0:0 \| Module main \|`
`3`	`1`	`\| module \| hash_bang/module.py:0:0:0:0 \| Module module \|`
`4`	`2`	`\| module \| name_main/module.py:0:0:0:0 \| Module module \|`
`5`	`3`	`\| package \| hash_bang/package:0:0:0:0 \| Package package \|`