Merge pull request #2147 from tausbn/python-cyclic-import-package-fp

Python: Fix cyclic import FP relating to packages.

Author: RasmusWL

python/ql/src/Imports/Cyclic.qll

@@ -21,7 +21,8 @@ predicate circular_import(ModuleValue m1, ModuleValue m2) {
 ModuleValue stmt_imports(ImportingStmt s) {
     exists(string name | result.importedAs(name) and not name = "__main__" |
         name = s.getAnImportedModuleName() and
-        s.getASubExpression().pointsTo(result)
+        s.getASubExpression().pointsTo(result) and
+        not result.isPackage()
     )
 }
 

python/ql/src/semmle/python/objects/ObjectAPI.qll

@@ -139,6 +139,11 @@ class ModuleValue extends Value {
         PointsToInternal::module_imported_as(this, name)
     }
 
+    /** Whether this module is a package. */
+    predicate isPackage() {
+        this instanceof PackageObjectInternal
+    }
+
 }
 
 module Module {

python/ql/test/query-tests/Imports/cyclic-module-package-fp/false-negative/CyclicImport.expected

@@ -0,0 +1 @@
+Imports/CyclicImport.ql

python/ql/test/query-tests/Imports/cyclic-module-package-fp/false-negative/CyclicImport.qlref

@@ -0,0 +1 @@
+Imports/ModuleLevelCyclicImport.ql

python/ql/test/query-tests/Imports/cyclic-module-package-fp/false-negative/ModuleLevelCyclicImport.expected

@@ -0,0 +1,2 @@
+from package import p
+foo = 5

python/ql/test/query-tests/Imports/cyclic-module-package-fp/false-negative/ModuleLevelCyclicImport.qlref

@@ -0,0 +1 @@
+semmle-extractor-options: -R .

python/ql/test/query-tests/Imports/cyclic-module-package-fp/false-negative/bar/__init__.py

@@ -0,0 +1,3 @@
+from bar.foo import foo
+from package import baz
+p = 1