Skip to content

Commit 6d23d7f

Browse files
yoffyoff
committed
Python: Test that pointsTo implies data flow
Running the test on a larger database gives some interesting results.
1 parent 4e963a8 commit 6d23d7f

File tree

2 files changed

+41
-0
lines changed

2 files changed

+41
-0
lines changed

python/ql/test/experimental/dataflow/regression/pointsto.expected

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
| test.py:16:9:16:14 | ControlFlowNode for source | test.py:9:1:9:13 | ControlFlowNode for FunctionExpr |
2+
| test.py:21:5:21:8 | ControlFlowNode for sink | test.py:12:1:12:14 | ControlFlowNode for FunctionExpr |
3+
| test.py:24:9:24:14 | ControlFlowNode for source | test.py:9:1:9:13 | ControlFlowNode for FunctionExpr |
4+
| test.py:25:5:25:8 | ControlFlowNode for sink | test.py:12:1:12:14 | ControlFlowNode for FunctionExpr |
5+
| test.py:44:12:44:17 | ControlFlowNode for source | test.py:9:1:9:13 | ControlFlowNode for FunctionExpr |
6+
| test.py:47:5:47:8 | ControlFlowNode for sink | test.py:12:1:12:14 | ControlFlowNode for FunctionExpr |
7+
| test.py:51:9:51:12 | ControlFlowNode for sink | test.py:12:1:12:14 | ControlFlowNode for FunctionExpr |
8+
| test.py:54:9:54:15 | ControlFlowNode for source2 | test.py:43:1:43:17 | ControlFlowNode for FunctionExpr |
9+
| test.py:55:5:55:9 | ControlFlowNode for sink2 | test.py:46:1:46:15 | ControlFlowNode for FunctionExpr |
10+
| test.py:63:5:63:9 | ControlFlowNode for sink3 | test.py:49:1:49:21 | ControlFlowNode for FunctionExpr |
11+
| test.py:70:5:70:9 | ControlFlowNode for sink3 | test.py:49:1:49:21 | ControlFlowNode for FunctionExpr |
12+
| test.py:77:9:77:11 | ControlFlowNode for hub | test.py:72:1:72:13 | ControlFlowNode for FunctionExpr |
13+
| test.py:82:9:82:11 | ControlFlowNode for hub | test.py:72:1:72:13 | ControlFlowNode for FunctionExpr |

python/ql/test/experimental/dataflow/regression/pointsto.ql

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
private import python
2+
import experimental.dataflow.DataFlow
3+
4+
predicate pointsToOrigin(DataFlow::DataFlowCfgNode pointer, DataFlow::DataFlowCfgNode pointed) {
5+
pointed = pointer.pointsTo().getOrigin()
6+
}
7+
8+
class PointsToConfiguration extends DataFlow::Configuration {
9+
PointsToConfiguration() { this = "PointsToConfiguration" }
10+
11+
override predicate isSource(DataFlow::Node node) { pointsToOrigin(_, node.asCfgNode()) }
12+
13+
override predicate isSink(DataFlow::Node node) { pointsToOrigin(node.asCfgNode(), _) }
14+
}
15+
16+
predicate hasFlow(ControlFlowNode pointed, ControlFlowNode pointer) {
17+
exists(PointsToConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink |
18+
source.getNode().asCfgNode() = pointed and
19+
sink.getNode().asCfgNode() = pointer and
20+
config.hasFlowPath(source, sink)
21+
)
22+
}
23+
24+
from DataFlow::DataFlowCfgNode pointer, DataFlow::DataFlowCfgNode pointed
25+
where
26+
pointsToOrigin(pointer, pointed) and
27+
not hasFlow(pointed, pointer)
28+
select pointer, pointed

0 commit comments

Comments
 (0)