From 93fcaf24c19edb8c855eb8c3d730c274e19cf326 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Thu, 1 Sep 2022 21:45:57 +0200 Subject: [PATCH 1/2] python: `RaisingTuple.ql` to not use `poins-to` Use local dataflow instead and simply check for tuple literals. --- python/ql/src/Exceptions/RaisingTuple.ql | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/python/ql/src/Exceptions/RaisingTuple.ql b/python/ql/src/Exceptions/RaisingTuple.ql index abfe785e9cb4..9116430ac18b 100644 --- a/python/ql/src/Exceptions/RaisingTuple.ql +++ b/python/ql/src/Exceptions/RaisingTuple.ql @@ -10,11 +10,14 @@ */ import python +import semmle.python.dataflow.new.DataFlow -from Raise r, Value v, AstNode origin +from Raise r, DataFlow::LocalSourceNode origin where - r.getException().pointsTo(v, origin) and - v.getClass() = ClassValue::tuple() and + exists(DataFlow::Node exception | exception.asExpr() = r.getException() | + origin.flowsTo(exception) + ) and + origin.asExpr() instanceof Tuple and major_version() = 2 /* Raising a tuple is a type error in Python 3, so is handled by the IllegalRaise query. */ select r, From d31d763328f99512bc683d94a4a733d556a0d95c Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Mon, 5 Sep 2022 16:45:43 +0200 Subject: [PATCH 2/2] Python: adjust test expectations We now locate a `DataFlow::Node` rather than an 'AstNode`. --- .../2/query-tests/Exceptions/raising/RaisingTuple.expected | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python/ql/test/2/query-tests/Exceptions/raising/RaisingTuple.expected b/python/ql/test/2/query-tests/Exceptions/raising/RaisingTuple.expected index f95dd5defdeb..7200c147ea99 100644 --- a/python/ql/test/2/query-tests/Exceptions/raising/RaisingTuple.expected +++ b/python/ql/test/2/query-tests/Exceptions/raising/RaisingTuple.expected @@ -1,3 +1,3 @@ -| test.py:8:5:8:12 | Raise | Raising $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:7:10:7:29 | Tuple | a tuple | -| test.py:11:5:11:32 | Raise | Raising $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:11:12:11:31 | Tuple | a tuple | -| test.py:15:5:15:23 | Raise | Raising $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:14:10:14:19 | Tuple | a tuple | +| test.py:8:5:8:12 | Raise | Raising $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:7:10:7:29 | ControlFlowNode for Tuple | a tuple | +| test.py:11:5:11:32 | Raise | Raising $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:11:12:11:31 | ControlFlowNode for Tuple | a tuple | +| test.py:15:5:15:23 | Raise | Raising $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:14:10:14:19 | ControlFlowNode for Tuple | a tuple |