Skip to content

Commit ce8bc58

Browse files
committed
Python: Include all assignments in data flow paths
Like Ruby did in #12566
1 parent 6cc4028 commit ce8bc58

2 files changed

Lines changed: 7 additions & 12 deletions

File tree

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -513,15 +513,10 @@ class CastNode extends Node {
513513
* explanations.
514514
*/
515515
predicate neverSkipInPathGraph(Node n) {
516-
// We include read- and store steps here to force them to be
517-
// shown in path explanations.
518-
// This hack is necessary, because we have included some of these
519-
// steps as default taint steps, making them be suppressed in path
520-
// explanations.
521-
// We should revert this once, we can remove this steps from the
522-
// default taint steps; this should be possible once we have
523-
// implemented flow summaries and recursive content.
524-
readStep(_, _, n) or storeStep(_, _, n)
516+
exists(DefinitionNode def |
517+
// ensure that all variable assignments are included in the path graph
518+
def.getValue() = n.asCfgNode()
519+
)
525520
}
526521

527522
/**

python/ql/test/experimental/dataflow/path-graph/test.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11
def assign():
22
x = SOURCE # $ path-node
33

4-
y = x
4+
y = x # $ path-node
55

66
SINK(y) # $ path-node
77

88

99
z = ""
1010

11-
z += x
11+
z += x # $ path-node
1212

1313
SINK(z) # $ path-node
1414

@@ -18,7 +18,7 @@ class X: pass
1818
x = X()
1919
x.attr = SOURCE # $ path-node
2020

21-
y = x
21+
y = x # $ path-node
2222

2323
SINK(y.attr) # $ path-node
2424

0 commit comments

Comments
 (0)