Python: Add warnings regarding missing results

yoff · yoff · commit b74d6408983c · 2021-03-15T17:47:51.000+01:00
diff --git a/python/change-notes/2021-03-12-small-api-enhancements.md b/python/change-notes/2021-03-12-small-api-enhancements.md
@@ -1,4 +1,4 @@
 lgtm,codescanning
 * The class `ParameterNode` now extends `LocalSourceNode`, thus making methods like `flowsTo` available.
-* Local taint tracking can now be performed using the `taintFlowsTo` method on the `LocalSourceNode` class. Conversely, the new member predicate `getALocalTaintSource` can be called on a `DataFlow::Node` to obtain a `LocalSourceNode` from which taint can be tracked locally to that data-flow node.
+* Local taint tracking can now be performed using the `taintFlowsTo` method on the `LocalSourceNode` class. Conversely, the new member predicate `getALocalTaintSource` can be called on a `DataFlow::Node` to obtain a `LocalSourceNode` from which taint can be tracked locally to that data-flow node. Note that this functionality requires the taint-tracking libraries to be imported into scope.
 * The new predicate `parameterNode` can now be used to map from a `Parameter` to a data-flow node.
diff --git a/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll b/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
@@ -142,6 +142,7 @@ class Node extends TNode {
 
   /**
    * Gets a local source node from which data may flow to this node in zero or more local taint-flow steps.
+   * WARNING: This will only have results if the taint tracking libraries have been imported into scope.
    */
   LocalSourceNode getALocalTaintSource() { result.taintFlowsTo(this) }
 }
diff --git a/python/ql/src/semmle/python/dataflow/new/internal/LocalSources.qll b/python/ql/src/semmle/python/dataflow/new/internal/LocalSources.qll
@@ -27,7 +27,10 @@ class LocalSourceNode extends Node {
   pragma[inline]
   predicate flowsTo(Node nodeTo) { Cached::hasLocalSource(nodeTo, this) }
 
-  /** Holds if this `LocalSourceNode` can flow to `nodeTo` in one or more local taint steps. */
+  /**
+   * Holds if this `LocalSourceNode` can flow to `nodeTo` in one or more local taint steps.
+   * WARNING: This will only have results if the taint tracking libraries have been imported into scope.
+   */
   pragma[inline]
   predicate taintFlowsTo(Node nodeTo) { none() }
 

Original file line number	Diff line number	Diff line change
`@@ -142,6 +142,7 @@ class Node extends TNode {`
`142`	`142`
`143`	`143`	`/**`
`144`	`144`	`* Gets a local source node from which data may flow to this node in zero or more local taint-flow steps.`
	`145`	`+ * WARNING: This will only have results if the taint tracking libraries have been imported into scope.`
`145`	`146`	`*/`
`146`	`147`	`LocalSourceNode getALocalTaintSource() { result.taintFlowsTo(this) }`
`147`	`148`	`}`