Python: Include all assignments in data flow paths

RasmusWL · RasmusWL · commit 46af77c1aff4 · 2023-08-10T11:45:29.000+02:00
Like Ruby did in github#12566
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
@@ -513,15 +513,21 @@ class CastNode extends Node {
  * explanations.
  */
 predicate neverSkipInPathGraph(Node n) {
-  // We include read- and store steps here to force them to be
-  // shown in path explanations.
-  // This hack is necessary, because we have included some of these
-  // steps as default taint steps, making them be suppressed in path
-  // explanations.
-  // We should revert this once, we can remove this steps from the
-  // default taint steps; this should be possible once we have
-  // implemented flow summaries and recursive content.
-  readStep(_, _, n) or storeStep(_, _, n)
+  // NOTE: We could use RHS of a definition, but since we have use-use flow, in an
+  // example like
+  // ```py
+  // x = SOURCE()
+  // if <cond>:
+  //     y = x
+  // SINK(x)
+  // ```
+  // we would end up saying that the path MUST not skip the x in `y = x`, which is just
+  // annoying and doesn't help the path explanation become clearer.
+  n.asVar() instanceof EssaDefinition and
+  // For a parameter we have flow from ControlFlowNode to SSA node, and then onwards
+  // with use-use flow, and since the CFN is already part of the path graph, we don't
+  // want to force showing the SSA node as well.
+  not n.asVar() instanceof ParameterDefinition
 }
 
 /**
diff --git a/python/ql/test/experimental/dataflow/path-graph/test.py b/python/ql/test/experimental/dataflow/path-graph/test.py
@@ -1,7 +1,7 @@
 def assign():
     x = SOURCE # $ path-node
 
-    y = x
+    y = x # $ path-node
 
     SINK(y) # $ path-node
 
@@ -10,7 +10,7 @@ def aug_assign():
     x = SOURCE # $ path-node
     z = ""
 
-    z += x
+    z += x # $ path-node
 
     SINK(z) # $ path-node
 
@@ -41,7 +41,7 @@ class X: pass
     x = X()
     x.attr = SOURCE # $ path-node
 
-    y = x
+    y = x # $ path-node
 
     SINK(y.attr) # $ path-node
 
@@ -81,7 +81,7 @@ def test_tuple():
 def test_with():
     x = SOURCE # $ path-node
 
-    with x as y:
+    with x as y: # $ path-node
 
         SINK(y) # $ path-node
 
@@ -91,6 +91,6 @@ def test_match():
 
     match x:
 
-        case y:
+        case y: # $ path-node
 
             SINK(y) # $ path-node
