Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python: Local/Global dataflow analysis not tracing class field? #17021

Open
hksdpc255 opened this issue Jul 19, 2024 · 3 comments
Open

Python: Local/Global dataflow analysis not tracing class field? #17021

hksdpc255 opened this issue Jul 19, 2024 · 3 comments
Labels
question Further information is requested

Comments

@hksdpc255
Copy link

Python

class Cls:
    def __init__(self) -> None:
        self.field = 1
    def __init__(self, num) -> None:
        self.field = num
    def print(self) -> None:
        print(self.field)


if __name__ == '__main__':
    var1 = Cls(2)
    var2 = var1
    var2.field = 3
    var1.print()
    var1.field2 = 4
    print(var2.field2)

CodeQL

import python
import semmle.python.ApiGraphs
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking

module MyConf implements DataFlow::ConfigSig {
    predicate isSource(DataFlow::Node source) {
        source.asExpr() instanceof IntegerLiteral
    }
    predicate isSink(DataFlow::Node sink) {
        sink = API::builtin("print").getACall().getArg(0)
    }
}

module MyFlow = DataFlow::Global<MyConf>;

from DataFlow::Node source, DataFlow::Node sink
where MyFlow::flow(source, sink)
select source, sink

Output

source sink
1 self.field in line 7
2 self.field in line 7

Expected result

source sink
1 self.field in line 7
2 self.field in line 7
3 self.field in line 7
4 self.field in line 16
@hksdpc255 hksdpc255 added the question Further information is requested label Jul 19, 2024
@hksdpc255 hksdpc255 mentioned this issue Jul 19, 2024
Open
@aibaars
Copy link
Contributor

aibaars commented Jul 19, 2024

Perhaps the problem is that CodeQL does not "see" that var1 and var2 are references to the same object. What happens if you don't write var1 = var2 and use var1 in all the places where it says var2 ?

@hksdpc255
Copy link
Author

That's the problem. CodeQL does not "see" that var1 and var2 are references to the same object.

@hksdpc255
Copy link
Author

So, is there any plan to fix this bug?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aibaars @hksdpc255