Merge pull request github#12590 from yoff/python/patch-uninitialized-local

yoff · web-flow · commit 6639e5a97b39 · 2023-03-20T15:11:14.000+01:00
Python: Patch uninitialized local query
diff --git a/python/ql/src/Variables/UninitializedLocal.ql b/python/ql/src/Variables/UninitializedLocal.ql
@@ -15,7 +15,9 @@ import Undefined
 import semmle.python.pointsto.PointsTo
 
 predicate uninitialized_local(NameNode use) {
-  exists(FastLocalVariable local | use.uses(local) or use.deletes(local) | not local.escapes()) and
+  exists(FastLocalVariable local | use.uses(local) or use.deletes(local) |
+    not local.escapes() and not local = any(Nonlocal nl).getAVariable()
+  ) and
   (
     any(Uninitialized uninit).taints(use) and
     PointsToInternal::reachableBlock(use.getBasicBlock(), _)
diff --git a/python/ql/src/change-notes/2023-03-20-uninitialized-local.md b/python/ql/src/change-notes/2023-03-20-uninitialized-local.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Nonlocal variables are excluded from alerts.
diff --git a/python/ql/test/query-tests/Variables/undefined/captured.py b/python/ql/test/query-tests/Variables/undefined/captured.py
@@ -0,0 +1,14 @@
+#!/usr/bin/python
+
+def topLevel():
+    foo = 3
+
+    def bar():
+        nonlocal foo
+        print(foo)
+        foo = 4
+
+    bar()
+    print(foo)
+
+topLevel()

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: fix
 +---
 +* Nonlocal variables are excluded from alerts.