Python: More review suggestions

tausbn · yoff · RasmusWL · web-flow · commit 7f790432cc4a · 2022-11-11T14:40:58.000+01:00
I could have sworn I added all of them to the batch, but somehow these slipped through.

Co-authored-by: yoff &lt;lerchedahl@gmail.com&gt;
Co-authored-by: Rasmus Wriedt Larsen &lt;rasmuswriedtlarsen@gmail.com&gt;
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll b/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll
@@ -78,7 +78,7 @@ module ImportResolution {
     )
     or
     exists(Alias a |
-      defn.asExpr() = [a.getValue(), a.getValue().(ImportMember).getModule()] and
+      defn.asExpr() = [a.getValue().(ImportExpr), a.getValue().(ImportMember).getModule()] and
       a.getAsname().(Name).getId() = name and
       defn.getScope() = m
     )
diff --git a/python/ql/test/experimental/import-resolution/importflow.ql b/python/ql/test/experimental/import-resolution/importflow.ql
@@ -27,7 +27,7 @@ private class ImportConfiguration extends DataFlow::Configuration {
 class ResolutionTest extends InlineExpectationsTest {
   ResolutionTest() { this = "ResolutionTest" }
 
-  override string getARelevantTag() { result = "import" }
+  override string getARelevantTag() { result = "prints" }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(DataFlow::PathNode source, DataFlow::PathNode sink, ImportConfiguration config |
diff --git a/python/ql/test/experimental/import-resolution/main.py b/python/ql/test/experimental/import-resolution/main.py
@@ -1,4 +1,22 @@
 #! /usr/bin/env python3
+"""
+A slightly complicated test setup. I wanted to both make sure I captured
+the semantics of Python and also the fact that the kinds of global flow
+we expect to see are indeed present.
+
+The code is executable, and prints out both when the execution reaches
+certain files, and also what values are assigned to the various
+attributes that are referenced throughout the program. These values are
+validated in the test as well.
+
+My original version used introspection to avoid referencing attributes
+directly (thus enabling better error diagnostics), but unfortunately
+that made it so that the model couldn't follow what was going on.
+
+The current setup is a bit clunky (and Python's scoping rules makes it
+especially so -- cf. the explicit calls to `globals` and `locals`), but
+I think it does the job okay.
+"""
 
 from __future__ import print_function
 import sys

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ module ImportResolution {`
`78`	`78`	`)`
`79`	`79`	`or`
`80`	`80`	`exists(Alias a \|`
`81`		`- defn.asExpr() = [a.getValue(), a.getValue().(ImportMember).getModule()] and`
	`81`	`+ defn.asExpr() = [a.getValue().(ImportExpr), a.getValue().(ImportMember).getModule()] and`
`82`	`82`	`a.getAsname().(Name).getId() = name and`
`83`	`83`	`defn.getScope() = m`
`84`	`84`	`)`