Merge pull request github#4757 from yoff/python-dataflow-synthetic-callables

RasmusWL · web-flow · commit 49f902d28b48 · 2020-12-18T16:06:26.000+01:00
Python: Enclosing callable for synthetic arguments
diff --git a/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll b/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
@@ -287,6 +287,13 @@ class PosOverflowNode extends Node, TPosOverflowNode {
 
   override string toString() { result = "PosOverflowNode for " + call.getNode().toString() }
 
+  override DataFlowCallable getEnclosingCallable() {
+    exists(Node node |
+      node = TCfgNode(call) and
+      result = node.getEnclosingCallable()
+    )
+  }
+
   override Location getLocation() { result = call.getLocation() }
 }
 
@@ -301,6 +308,13 @@ class KwOverflowNode extends Node, TKwOverflowNode {
 
   override string toString() { result = "KwOverflowNode for " + call.getNode().toString() }
 
+  override DataFlowCallable getEnclosingCallable() {
+    exists(Node node |
+      node = TCfgNode(call) and
+      result = node.getEnclosingCallable()
+    )
+  }
+
   override Location getLocation() { result = call.getLocation() }
 }
 
@@ -316,6 +330,13 @@ class KwUnpacked extends Node, TKwUnpacked {
 
   override string toString() { result = "KwUnpacked " + name }
 
+  override DataFlowCallable getEnclosingCallable() {
+    exists(Node node |
+      node = TCfgNode(call) and
+      result = node.getEnclosingCallable()
+    )
+  }
+
   override Location getLocation() { result = call.getLocation() }
 }
 
diff --git a/python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected
@@ -1,4 +1,5 @@
 uniqueEnclosingCallable
+| test.py:239:27:239:27 | ControlFlowNode for p | Node should have one enclosing callable but has 0. |
 uniqueType
 uniqueNodeLocation
 missingLocation
diff --git a/python/ql/test/experimental/dataflow/consistency/test.py b/python/ql/test/experimental/dataflow/consistency/test.py
@@ -235,3 +235,17 @@ def non_const_eq_preserves_taint(x):
         SINK(tainted) # unsafe
     if tainted == x:
         SINK(tainted) # unsafe
+
+def overflowCallee(*args, p="", **kwargs):
+    print("args", args)
+    print("p", p)
+    print("kwargs", kwargs)
+
+def synth_arg_posOverflow():
+    overflowCallee(42)
+
+def synth_arg_kwOverflow():
+    overflowCallee(foo=42)
+
+def synth_arg_kwUnpacked():
+    overflowCallee(**{"p": "42"})

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`uniqueEnclosingCallable`
	`2`	`+\| test.py:239:27:239:27 \| ControlFlowNode for p \| Node should have one enclosing callable but has 0. \|`
`2`	`3`	`uniqueType`
`3`	`4`	`uniqueNodeLocation`
`4`	`5`	`missingLocation`