Merge pull request github#3114 from RasmusWL/python-add-fp-for-non-callable

semmle-qlci · web-flow · commit a413a3254b97 · 2020-03-25T10:34:50.000Z
Approved by tausbn
diff --git a/python/ql/test/library-tests/PointsTo/regressions/wrong/classmethod/Test.expected b/python/ql/test/library-tests/PointsTo/regressions/wrong/classmethod/Test.expected
@@ -0,0 +1,7 @@
+| test.py:10:15:10:17 | ControlFlowNode for cls | class Foo |
+| test.py:17:15:17:17 | ControlFlowNode for cls | class Foo |
+| test.py:17:15:17:17 | ControlFlowNode for cls | self instance of Foo |
+| test.py:22:15:22:17 | ControlFlowNode for cls | class Foo |
+| test.py:22:15:22:17 | ControlFlowNode for cls | self instance of Foo |
+| test.py:27:15:27:17 | ControlFlowNode for cls | class Foo |
+| test.py:27:15:27:17 | ControlFlowNode for cls | self instance of Foo |
diff --git a/python/ql/test/library-tests/PointsTo/regressions/wrong/classmethod/Test.ql b/python/ql/test/library-tests/PointsTo/regressions/wrong/classmethod/Test.ql
@@ -0,0 +1,10 @@
+import python
+
+from NameNode name, CallNode call, string debug
+where
+    call.getAnArg() = name and
+    call.getFunction().(NameNode).getId() = "check" and
+    if exists(name.pointsTo())
+    then debug = name.pointsTo().toString()
+    else debug = "<MISSING pointsTo()>"
+select name, debug
diff --git a/python/ql/test/library-tests/PointsTo/regressions/wrong/classmethod/test.py b/python/ql/test/library-tests/PointsTo/regressions/wrong/classmethod/test.py
@@ -0,0 +1,35 @@
+# See https://github.com/Semmle/ql/issues/3113
+def some_decorator(func):
+    print("this could be tricky for our analysis")
+    return func
+
+class Foo(object):
+
+    @classmethod
+    def no_problem(cls):
+        check(cls) # analysis says 'cls' can only point-to Class Foo
+
+    @some_decorator
+    @classmethod
+    def problem_through_instance(cls):
+        # Problem is that our analysis says that 'cls' can point to EITHER the
+        # Class Foo (correct) or an instance of Foo (wrong)
+        check(cls)
+
+    @some_decorator
+    @classmethod
+    def problem_through_class(cls):
+        check(cls) # same as above
+
+    @classmethod
+    @some_decorator
+    def also_problem(cls):
+        check(cls) # same as above
+
+# We need to call the methods before our analysis works
+f1 = Foo()
+f1.no_problem()
+f1.problem_through_instance()
+f1.also_problem()
+
+Foo.problem_through_class()
diff --git a/python/ql/test/query-tests/Expressions/callable/NonCallableCalled.expected b/python/ql/test/query-tests/Expressions/callable/NonCallableCalled.expected
@@ -3,3 +3,4 @@
 | test.py:18:5:18:8 | List() | Call to a $@ of $@. | test.py:18:5:18:6 | List | non-callable | file://:0:0:0:0 | builtin-class list | builtin-class list |
 | test.py:26:9:26:16 | non() | Call to a $@ of $@. | test.py:15:11:15:23 | NonCallable() | non-callable | test.py:3:1:3:26 | class NonCallable | class NonCallable |
 | test.py:47:12:47:27 | NotImplemented() | Call to a $@ of $@. | test.py:47:12:47:25 | NotImplemented | non-callable | file://:0:0:0:0 | builtin-class NotImplementedType | builtin-class NotImplementedType |
+| test.py:63:16:63:27 | cls() | Call to a $@ of $@. | test.py:62:22:62:24 | cls | non-callable | test.py:56:1:56:18 | class Foo | class Foo |
diff --git a/python/ql/test/query-tests/Expressions/callable/test.py b/python/ql/test/query-tests/Expressions/callable/test.py
@@ -46,3 +46,21 @@ def foo():
 def bar():
     return NotImplemented()
 
+
+# FP due to decorator
+# https://github.com/Semmle/ql/issues/3113
+def some_decorator(func):
+    print("this could be tricky for our analysis")
+    return func
+
+class Foo(object):
+    def __init__(self, arg):
+        self.arg = arg
+
+    @some_decorator
+    @classmethod
+    def new_instance(cls, new_arg):
+        return cls(new_arg) # TODO: FP
+
+f1 = Foo(1)
+f2 = f1.new_instance(2)
