Python points-to: Make sure that vararg tuples are only assigned to vararg parameters.

Author: markshannon

python/ql/src/semmle/python/pointsto/PointsTo.qll

@@ -906,6 +906,7 @@ module InterProceduralPointsTo {
         origin = def.getDefiningNode()
         or
         /* A tuple constructed from positional arguments for a `*` parameter. */
+        def.isVarargs() and
         exists(CallNode call, Function scope, PointsToContext caller, int offset, int length |
             varargs_tuple(call, caller, scope, context, offset, length) and
             value = TVarargsTuple(call, caller, offset, length) and
@@ -914,6 +915,7 @@ module InterProceduralPointsTo {
         origin = def.getDefiningNode()
         or
         /* A `*` parameter with no surplus positional arguments; an empty tuple */
+        def.isVarargs() and
         exists(Function scope |
             varargs_empty_tuple(scope, context) and
             value = ObjectInternal::emptyTuple() and

python/ql/test/library-tests/PointsTo/new/PointsToWithContext.expected

@@ -612,8 +612,6 @@ WARNING: Predicate points_to has been deprecated and may be removed in future (P
 | l_calls.py:33 | ControlFlowNode for m | Function m | builtin-class function | 33 | import |
 | l_calls.py:34 | ControlFlowNode for self | E() | class E | 38 | code/l_calls.py:38 from import |
 | l_calls.py:34 | ControlFlowNode for self | int 3 | builtin-class int | 39 | code/l_calls.py:39 from import |
-| l_calls.py:34 | ControlFlowNode for self | self | builtin-class tuple | 33 | code/l_calls.py:38 from import |
-| l_calls.py:34 | ControlFlowNode for self | self | builtin-class tuple | 33 | code/l_calls.py:39 from import |
 | l_calls.py:34 | ControlFlowNode for self | self | class E | 33 | runtime |
 | l_calls.py:35 | ControlFlowNode for args | args | builtin-class tuple | 33 | code/l_calls.py:38 from import |
 | l_calls.py:35 | ControlFlowNode for args | args | builtin-class tuple | 33 | code/l_calls.py:39 from import |

python/ql/test/library-tests/PointsTo/new/PointsToWithType.expected

@@ -687,7 +687,6 @@ WARNING: Predicate points_to has been deprecated and may be removed in future (P
 | l_calls.py:33 | ControlFlowNode for m | Function m | builtin-class function | 33 |
 | l_calls.py:34 | ControlFlowNode for self | E() | class E | 38 |
 | l_calls.py:34 | ControlFlowNode for self | int 3 | builtin-class int | 39 |
-| l_calls.py:34 | ControlFlowNode for self | self | builtin-class tuple | 33 |
 | l_calls.py:34 | ControlFlowNode for self | self | class E | 33 |
 | l_calls.py:35 | ControlFlowNode for args | args | builtin-class tuple | 33 |
 | l_calls.py:37 | ControlFlowNode for IntegerLiteral | int 1 | builtin-class int | 37 |

python/ql/test/library-tests/PointsTo/new/Values.expected

@@ -473,9 +473,7 @@
 | l_calls.py:32 | ControlFlowNode for ClassExpr | import | class E | builtin-class type |
 | l_calls.py:32 | ControlFlowNode for object | import | builtin-class object | builtin-class type |
 | l_calls.py:33 | ControlFlowNode for FunctionExpr | import | Function E.m | builtin-class function |
-| l_calls.py:34 | ControlFlowNode for self | code/l_calls.py:38 from import | (int 2, int 3, int 4, ) | builtin-class tuple |
 | l_calls.py:34 | ControlFlowNode for self | code/l_calls.py:38 from import | E() | class E |
-| l_calls.py:34 | ControlFlowNode for self | code/l_calls.py:39 from import | (int 4, int 5, ) | builtin-class tuple |
 | l_calls.py:34 | ControlFlowNode for self | code/l_calls.py:39 from import | int 3 | builtin-class int |
 | l_calls.py:34 | ControlFlowNode for self | runtime | self instance of E | class E |
 | l_calls.py:35 | ControlFlowNode for args | code/l_calls.py:38 from import | (int 2, int 3, int 4, ) | builtin-class tuple |