Skip to content

Commit 880ce3d

Browse files
markshannonmarkshannon
committed
Python: Change note for new points-to implementation.
1 parent a6da499 commit 880ce3d

File tree

1 file changed

+27
-2
lines changed

1 file changed

+27
-2
lines changed

change-notes/1.21/analysis-python.md

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,33 @@
33

44
## General improvements
55

6-
> Changes that affect alerts in many files or from many queries
7-
> For example, changes to file classification
6+
Points-to analysis has been re-implemented to support more language features and provide better reachability analysis.
7+
The new implementation adds the following new features:
8+
9+
* Non-local tracking of bound methods and instances of `super()`
10+
* Superior analysis of conditionals and thus improved reachability analysis.
11+
* Superior modelling of descriptors, for example, classmethods and staticmethods.
12+
* Superior tracking of values through parameters, especially `*` arguments.
13+
14+
A new object API has been provided to complement the new points-to implementation.
15+
A new class `Value` replaces the old `Object` class. The `Value` class has a simpler and more consistent API compared to `Object`.
16+
Some of the functionality of `FunctionObject` and `ClassObject` has been added to `Value` to reduce the number of casts to more specific classes.
17+
For example, the QL to find calls to `os.path.open` has changed from
18+
`ModuleObject::named("os").attr("path").(ModuleObject).attr("join").(FunctionObject).getACall()`
19+
to
20+
`Value::called("os.path.join").getACall()`
21+
22+
The old API is now deprecated, but will be continued to be supported for at least another year.
23+
24+
### Impact on existing queries.
25+
26+
As points-to underpins many queries and provides the call-graph and reachability analysis required for taint-tracking, many queries will have additional results and some may have fewer results.
27+
28+
New results are a result of the improved reachability analysis and non-local tracking of bound-methods.
29+
Removed results are a result of more precise tracking of values through `*` arguments.
30+
The expectation is that number of true positives will increase and the number of false negatives will decline.
31+
However, this is new code and may still contain errors.
32+
833

934
## New queries
1035
| **Query** | **Tags** | **Purpose** |

0 commit comments

Comments
 (0)