Skip to content

Commit a21c295

Browse files
committed
Python: Fix false negative
I'm slightly suspicious of this fix -- it seems to work, but it makes me wonder if we're potentially missing other kinds of flow, by not handling other kinds of definitions. Also, I feel like this should really be attached to an appropriate post-update node of the given argument. As it is written now, the flow will go from the argument _before_ the call, which obviously misses a step if the argument is modified by the call. In practice, I would expect this to be rather rare.
1 parent 860cafe commit a21c295

File tree

2 files changed

+5
-2
lines changed

2 files changed

+5
-2
lines changed

python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -521,8 +521,11 @@ predicate jumpStep(Node nodeFrom, Node nodeTo) {
521521
private predicate module_export(Module m, string name, CfgNode defn) {
522522
exists(EssaVariable v |
523523
v.getName() = name and
524-
v.getAUse() = m.getANormalExit() and
524+
v.getAUse() = m.getANormalExit()
525+
|
525526
defn.getNode() = v.getDefinition().(AssignmentDefinition).getValue()
527+
or
528+
defn.getNode() = v.getDefinition().(ArgumentRefinement).getArgument()
526529
)
527530
}
528531

python/ql/test/experimental/dataflow/typetracking/test.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ def test_import():
5454
mymodule.x # $tracked
5555
y = mymodule.func() # $tracked
5656
y # $tracked
57-
mymodule.z # $f-:tracked
57+
mymodule.z # $tracked
5858

5959
# ------------------------------------------------------------------------------
6060

0 commit comments

Comments
 (0)