Skip to content

Python: Support integer subscripts in the API graph #15497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Python: Support integer subscripts in the API graph #15497

wants to merge 2 commits into from
+211 −4

Conversation

yoff
Copy link
Contributor

@yoff yoff commented Jan 31, 2024

Recall that for

foo.f(data = d)

we can find d as moduleImport("foo").getMember("f").getKeywordParameter("data"). We will call this API path D.

We were already able to find value in

 d = {"key": value}
foo.f(d)

and

d["key"] = value
foo.f(d)

via D.getSubscript("key").

But we could not find 'value' in

 d = [value]
foo.f(d)

and

d[0] = value
foo.f(d)

at all. We can now find these via D.getIntSubscript(0).

Inspired by https://github.slack.com/archives/CPGHLR8DD/p1706707895922829

@yoff yoff added the Awaiting evaluation Do not merge yet, this PR is waiting for an evaluation to finish label Jan 31, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 31, 2024
View reviewed changes
python/ql/src/meta/StdLib/FindUses.ql

predicate entryPoint(
DataFlow::Node argument, string parameterName, string functionName, DataFlow::Node outNode,
string alreadyModelled

Check warning

Code scanning / CodeQL

Misspelling

This variable name contains the non-US spelling 'modelled', which should instead be 'modeled'.
python/ql/src/meta/StdLib/FindUses.ql

from
EntryPointsByQuery e, DataFlow::Node argument, string parameter, string functionName,
DataFlow::Node outNode, string alreadyModelled

Check warning

Code scanning / CodeQL

Misspelling

This variable name contains the non-US spelling 'modelled', which should instead be 'modeled'.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Awaiting evaluation Do not merge yet, this PR is waiting for an evaluation to finish Python
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@yoff