Merge pull request github#3300 from RasmusWL/python-pointsto-regression-open

tausbn · web-flow · commit 54d1991a9d55 · 2020-04-23T11:50:30.000+02:00
Python: Add points-to regression for uncalled function
diff --git a/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.ql b/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.ql
@@ -1,10 +1,10 @@
 import python
 
-from NameNode name, CallNode call, string debug
+from ControlFlowNode arg, CallNode call, string debug
 where
-    call.getAnArg() = name and
+    call.getAnArg() = arg and
     call.getFunction().(NameNode).getId() = "check" and
-    if exists(name.pointsTo())
-    then debug = name.pointsTo().toString()
+    if exists(arg.pointsTo())
+    then debug = arg.pointsTo().toString()
     else debug = "<MISSING pointsTo()>"
-select name, debug
+select arg, debug
diff --git a/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.ql b/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.ql
@@ -1,10 +1,10 @@
 import python
 
-from NameNode name, CallNode call, string debug
+from ControlFlowNode arg, CallNode call, string debug
 where
-    call.getAnArg() = name and
+    call.getAnArg() = arg and
     call.getFunction().(NameNode).getId() = "check" and
-    if exists(name.pointsTo())
-    then debug = name.pointsTo().toString()
+    if exists(arg.pointsTo())
+    then debug = arg.pointsTo().toString()
     else debug = "<MISSING pointsTo()>"
-select name, debug
+select arg, debug
diff --git a/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.expected b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.expected
@@ -0,0 +1,2 @@
+| test.py:10:11:10:14 | ControlFlowNode for open | <MISSING pointsTo()> |
+| test.py:14:11:14:14 | ControlFlowNode for open | Builtin-function open |
diff --git a/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.ql b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.ql
@@ -0,0 +1,10 @@
+import python
+
+from ControlFlowNode arg, CallNode call, string debug
+where
+    call.getAnArg() = arg and
+    call.getFunction().(NameNode).getId() = "check" and
+    if exists(arg.pointsTo())
+    then debug = arg.pointsTo().toString()
+    else debug = "<MISSING pointsTo()>"
+select arg, debug
diff --git a/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/test.py b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/test.py
@@ -0,0 +1,18 @@
+# Points-to information seems to be missing if our analysis thinks the enclosing function
+# is never called. However, as illustrated by the code below, it's easy to fool our
+# analysis :(
+
+# This was inspired by a problem in real code, where our analysis doesn't have any
+# points-to information about the `open` call in
+# https://google-gruyere.appspot.com/code/gruyere.py on line 227
+
+def _func_not_called(filename, mode='rb'):
+    check(open)
+    return open(filename, mode)
+
+def _func_called(filename, mode='rb'):
+    check(open)
+    return open(filename, mode)
+
+globals()['_func_not_called']('test.txt')
+_func_called('test.txt')

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+\| test.py:10:11:10:14 \| ControlFlowNode for open \| <MISSING pointsTo()> \|`
	`2`	`+\| test.py:14:11:14:14 \| ControlFlowNode for open \| Builtin-function open \|`