Python: Add basic flow for class attributes #14706
Conversation
All are for the better 🎉
|
FYI: Tests on this PR will fail until #14590 is merged (now merged into this PR 👍) |
| @@ -64,7 +64,7 @@ class Unsafe: | |||
| def test_value_pattern(): | |||
| match SOURCE: | |||
| case Unsafe.VALUE as x: | |||
| SINK(x) #$ flow="SOURCE, l:-2 -> x" MISSING: flow="SOURCE, l:-5 -> x" | |||
| SINK(x) #$ flow="SOURCE, l:-2 -> x" flow="SOURCE, l:-5 -> x" | |||
python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
Outdated
Show resolved
Hide resolved
|
|
||
| set_to_source() | ||
|
|
||
| SINK(WithTuple2.my_tuple[0]) # $ MISSING: flow="SOURCE, l:-10 -> WithTuple2.my_tuple[0]" |
There was a problem hiding this comment.
Is this missing because we do not have post-update nodes?
There was a problem hiding this comment.
No. It's missing because we don't have any global for the store to WithTuple2 in set_to_source, to the reference in the test_class_override function. Without that global flow (jump step), we just get flow from the class definition (that is, think it's still a nonsource).
If we inlined set_to_source, we would get flow through normal attribute-store, so that doesn't count.
There was a problem hiding this comment.
I've renamed the function to make this more clear
| class Outer: | ||
| src = SOURCE | ||
| class Inner: | ||
| src = SOURCE |
There was a problem hiding this comment.
Do we want a test updating this value, to test the need for post-update nodes?
There was a problem hiding this comment.
I didn't find a need for it. Happy to accept a suggestion if you feel like it 😊
…ate.qll Co-authored-by: yoff <lerchedahl@gmail.com>
No description provided.