Python: Explain the funky logic in Find.ql

RasmusWL · RasmusWL · commit 03aa2e27df42 · 2023-12-08T11:27:52.000+01:00
diff --git a/python/ql/src/meta/ClassHierarchy/Find.ql b/python/ql/src/meta/ClassHierarchy/Find.ql
@@ -478,6 +478,19 @@ predicate fullyQualifiedToYamlFormat(string fullyQualified, string type2, string
 from FindSubclassesSpec spec, string newModelFullyQualified, string type2, string path, Module mod
 where
   newModel(spec, newModelFullyQualified, _, mod, _) and
+  // Since a class C which is a subclass for flask.MethodView is always a subclass of
+  // flask.View, and we chose to care about this distinction, in a naive approach we
+  // would always record rows for _both_ specs... that's just wasteful, so instead we
+  // only record the row for the more specific spec -- this is captured by the
+  // .getSuperClass() method on a spec, which can links specs together in this way.
+  // However, if the definition actually depends on some logic, like below, we should
+  // still record both rows
+  // ```
+  // if <cond>:
+  //     class C(flask.View): ...
+  // else:
+  //     class C(flask.MethodView): ...
+  // ```
   not exists(FindSubclassesSpec subclass | subclass.getSuperClass() = spec |
     newModel(subclass, newModelFullyQualified, _, mod, _)
   ) and
diff --git a/python/ql/test/experimental/library-tests/FindSubclass/Find.expected b/python/ql/test/experimental/library-tests/FindSubclass/Find.expected
@@ -1,3 +1,4 @@
+| flask.MethodView~Subclass | find_subclass_test | Member[C] |
 | flask.MethodView~Subclass | find_subclass_test | Member[MethodView] |
 | flask.MethodView~Subclass | find_subclass_test | Member[clash] |
 | flask.View~Subclass | find_subclass_test | Member[A] |
diff --git a/python/ql/test/experimental/library-tests/FindSubclass/find_subclass_test.py b/python/ql/test/experimental/library-tests/FindSubclass/find_subclass_test.py
@@ -1,11 +1,14 @@
 from flask.views import View
+import flask.views
 
 class A(View):
     pass
 
 class B(A):
     pass
 
+class C(flask.views.MethodView):
+    pass
 
 ViewAlias = View
 

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+\| flask.MethodView~Subclass \| find_subclass_test \| Member[C] \|`
`1`	`2`	`\| flask.MethodView~Subclass \| find_subclass_test \| Member[MethodView] \|`
`2`	`3`	`\| flask.MethodView~Subclass \| find_subclass_test \| Member[clash] \|`
`3`	`4`	`\| flask.View~Subclass \| find_subclass_test \| Member[A] \|`