Merge pull request #1358 from AlexTereshenkov/master

Approved by taus-semmle

Author: semmle-qlci

change-notes/1.21/analysis-python.md

@@ -10,7 +10,7 @@
   | **Query** | **Tags** | **Purpose** |
   |-----------|----------|-------------|
   | Accepting unknown SSH host keys when using Paramiko (`py/paramiko-missing-host-key-validation`) | security, external/cwe/cwe-295 | Finds instances where Paramiko is configured to accept unknown host keys. Results are shown on LGTM by default. |
-
+  | Use of 'return' or 'yield' outside a function (`py/return-or-yield-outside-function`) | reliability, correctness | Finds instances where `return`, `yield`, and `yield from` are used outside a function. Results are not shown on LGTM by default. |
 
 ## Changes to existing queries
 

python/ql/src/Statements/ReturnOrYieldOutsideFunction.py

@@ -0,0 +1,8 @@
+# invalid class with return outside a function
+class InvalidClass1(object):
+    if [1, 2, 3]:
+        return "Exists"
+
+# invalid statement with yield outside a function
+for i in [1, 2, 3]:
+    yield i

python/ql/src/Statements/ReturnOrYieldOutsideFunction.qhelp

@@ -0,0 +1,36 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>In Python, <code>return</code> and <code>yield</code> statements and the <code>yield from</code>
+expression can only be used within a function. Using them outside a function or a class
+method results in a <code>SyntaxError</code> at runtime.</p>
+</overview>
+
+<recommendation>
+<p>Using these elements outside a function or a class method usually indicates an error in the logic.
+Consequently, it is not possible to suggest a general fix.</p>
+</recommendation>
+
+<example>
+<p>In this example, a <code>return</code> statement is used outside a class method in a class and
+a <code>yield</code> statement is used outside a function in a scope of a module which would result
+in a <code>SyntaxError</code> when running this code.
+
+In this example, the invalid class could be corrected by placing the <code>return</code> statement
+in a class method, or by refactoring the class into a function. The invalid <code>yield</code> statement
+could become part of a new generator function containing the <code>for</code> loop.</p>
+<sample src="ReturnOrYieldOutsideFunction.py" />
+</example>
+
+<references>
+    <li>Python reference: <a href="https://docs.python.org/3.7/reference/simple_stmts.html#the-return-statement">
+    The return statement</a>.</li>
+    <li>Python reference: <a href="https://docs.python.org/3.7/reference/simple_stmts.html#yield">
+    The yield statement</a>.</li>
+    <li>Python PEP-380: <a href="https://docs.python.org/3/whatsnew/3.3.html#pep-380">
+    The yield from expression</a>.</li>
+</references>
+</qhelp>

python/ql/src/Statements/ReturnOrYieldOutsideFunction.ql

@@ -0,0 +1,25 @@
+/**
+ * @name Use of 'return' or 'yield' outside a function
+ * @description Using 'return' or 'yield' outside a function causes a 'SyntaxError' at runtime.
+ * @kind problem
+ * @tags reliability
+ *       correctness
+ * @problem.severity error
+ * @sub-severity low
+ * @precision medium
+ * @id py/return-or-yield-outside-function
+ */
+
+import python
+
+from AstNode node, string kind
+where
+  not node.getScope() instanceof Function and
+  (
+    node instanceof Return and kind = "return"
+    or
+    node instanceof Yield and kind = "yield"
+    or
+    node instanceof YieldFrom and kind = "yield from"
+  )
+select node, "'" + kind + "' is used outside a function."

python/ql/test/query-tests/Statements/ReturnOrYieldOutsideFunction/ReturnOrYieldOutsideFunction.expected

@@ -0,0 +1,9 @@
+| ReturnOrYieldOutsideFunction_test.py:31:9:31:23 | Return | 'return' is used outside a function. |
+| ReturnOrYieldOutsideFunction_test.py:36:9:36:15 | Yield | 'yield' is used outside a function. |
+| ReturnOrYieldOutsideFunction_test.py:41:9:41:25 | YieldFrom | 'yield from' is used outside a function. |
+| ReturnOrYieldOutsideFunction_test.py:45:5:45:12 | Return | 'return' is used outside a function. |
+| ReturnOrYieldOutsideFunction_test.py:49:5:49:11 | Yield | 'yield' is used outside a function. |
+| ReturnOrYieldOutsideFunction_test.py:53:5:53:16 | YieldFrom | 'yield from' is used outside a function. |
+| ReturnOrYieldOutsideFunction_test.py:57:1:57:14 | YieldFrom | 'yield from' is used outside a function. |
+| ReturnOrYieldOutsideFunction_test.py:60:1:60:12 | Return | 'return' is used outside a function. |
+| ReturnOrYieldOutsideFunction_test.py:63:1:63:11 | Yield | 'yield' is used outside a function. |

python/ql/test/query-tests/Statements/ReturnOrYieldOutsideFunction/ReturnOrYieldOutsideFunction.qlref

@@ -0,0 +1 @@
+Statements/ReturnOrYieldOutsideFunction.ql

python/ql/test/query-tests/Statements/ReturnOrYieldOutsideFunction/ReturnOrYieldOutsideFunction_test.py

@@ -0,0 +1,63 @@
+# valid class with return inside a function
+class ValidClass1(object):
+    def class_method(self):
+        return False
+
+# valid class with yield inside a function
+class ValidClass2(object):
+    def class_method(self):
+        yield 1
+
+# valid class with yield from inside a function
+class ValidClass3(object):
+    def class_method(self):
+        yield from [1, 2]
+
+# valid function with the return statement
+def valid_func1():
+    return True
+
+# valid function with the yield statement
+def valid_func2():
+    yield 1
+
+# valid function with the yield from statement
+def valid_func3():
+    yield from [1, 2]
+
+# invalid class with return outside a function
+class InvalidClass1(object):
+    if [1, 2, 3]:
+        return "Exists"
+
+# invalid class with yield outside a function
+class InvalidClass2(object):
+    while True:
+        yield 1
+
+# invalid class with yield from outside a function
+class InvalidClass3(object):
+    while True:
+        yield from [1, 2]
+
+# invalid statement with return outside a function
+for i in [1, 2, 3]:
+    return i
+
+# invalid statement with yield outside a function
+for i in [1, 2, 3]:
+    yield i
+
+# invalid statement with yield from outside a function
+for i in [1, 2, 3]:
+    yield from i
+
+# invalid statement with yield from outside a function
+var = [1,2,3]
+yield from var
+
+# invalid statement with return outside a function
+return False
+
+# invalid statement with yield outside a function
+yield False

python/ql/test/query-tests/Statements/ReturnOrYieldOutsideOfFunction/ReturnOrYieldOutsideOfFunction.expected

@@ -0,0 +1,9 @@
+| ReturnOrYieldOutsideOfFunction_test.py:31:9:31:23 | Return | 'return' is used outside of a function. |
+| ReturnOrYieldOutsideOfFunction_test.py:36:9:36:15 | Yield | 'yield' is used outside of a function. |
+| ReturnOrYieldOutsideOfFunction_test.py:41:9:41:25 | YieldFrom | 'yield from' is used outside of a function. |
+| ReturnOrYieldOutsideOfFunction_test.py:45:5:45:12 | Return | 'return' is used outside of a function. |
+| ReturnOrYieldOutsideOfFunction_test.py:49:5:49:11 | Yield | 'yield' is used outside of a function. |
+| ReturnOrYieldOutsideOfFunction_test.py:53:5:53:16 | YieldFrom | 'yield from' is used outside of a function. |
+| ReturnOrYieldOutsideOfFunction_test.py:57:1:57:14 | YieldFrom | 'yield from' is used outside of a function. |
+| ReturnOrYieldOutsideOfFunction_test.py:60:1:60:12 | Return | 'return' is used outside of a function. |
+| ReturnOrYieldOutsideOfFunction_test.py:63:1:63:11 | Yield | 'yield' is used outside of a function. |