From 8e11abca40b0b60a590bc9e245917d5796b72fd3 Mon Sep 17 00:00:00 2001 From: Taus Brock-Nannestad Date: Tue, 6 Apr 2021 17:39:41 +0200 Subject: [PATCH 1/4] Revert "Merge pull request #5552 from RasmusWL/revert-import-change" This reverts commit 49d1937dc42ed2afe51a82191deec05e9f58ac12, reversing changes made to d4877a9038ae9d94b35d4a543d38599802b3f934. --- python/ql/src/semmle/python/Files.qll | 30 +++++++++++++++++++ python/ql/src/semmle/python/Module.qll | 7 ++++- .../modules/entry_point/hash_bang/main.py | 7 +++++ .../modules/entry_point/hash_bang/module.py | 2 ++ .../namespace_package_main.py | 2 ++ .../namespace_package_module.py | 1 + .../entry_point/hash_bang/package/__init__.py | 2 ++ .../hash_bang/package/package_main.py | 2 ++ .../hash_bang/package/package_module.py | 1 + .../modules/entry_point/modules.expected | 16 ++++++++++ .../modules/entry_point/modules.ql | 4 +++ .../modules/entry_point/name_main/main.py | 8 +++++ .../modules/entry_point/name_main/module.py | 2 ++ .../namespace_package_main.py | 2 ++ .../namespace_package_module.py | 1 + .../entry_point/name_main/package/__init__.py | 2 ++ .../name_main/package/package_main.py | 2 ++ .../name_main/package/package_module.py | 1 + .../entry_point/no_py_extension/main.secretpy | 6 ++++ .../entry_point/no_py_extension/module.py | 2 ++ .../namespace_package_main.py | 2 ++ .../namespace_package_module.py | 1 + .../no_py_extension/package/__init__.py | 2 ++ .../no_py_extension/package/package_main.py | 2 ++ .../no_py_extension/package/package_module.py | 1 + .../library-tests/modules/entry_point/options | 1 + 26 files changed, 108 insertions(+), 1 deletion(-) create mode 100755 python/ql/test/3/library-tests/modules/entry_point/hash_bang/main.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/hash_bang/module.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/hash_bang/namespace_package/namespace_package_main.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/hash_bang/namespace_package/namespace_package_module.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/hash_bang/package/__init__.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/hash_bang/package/package_main.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/hash_bang/package/package_module.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/modules.expected create mode 100644 python/ql/test/3/library-tests/modules/entry_point/modules.ql create mode 100755 python/ql/test/3/library-tests/modules/entry_point/name_main/main.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/name_main/module.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/name_main/namespace_package/namespace_package_main.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/name_main/namespace_package/namespace_package_module.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/name_main/package/__init__.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/name_main/package/package_main.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/name_main/package/package_module.py create mode 100755 python/ql/test/3/library-tests/modules/entry_point/no_py_extension/main.secretpy create mode 100644 python/ql/test/3/library-tests/modules/entry_point/no_py_extension/module.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/no_py_extension/namespace_package/namespace_package_main.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/no_py_extension/namespace_package/namespace_package_module.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/no_py_extension/package/__init__.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/no_py_extension/package/package_main.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/no_py_extension/package/package_module.py create mode 100644 python/ql/test/3/library-tests/modules/entry_point/options diff --git a/python/ql/src/semmle/python/Files.qll b/python/ql/src/semmle/python/Files.qll index ef6484fbdc6e..83ba92f0abcc 100644 --- a/python/ql/src/semmle/python/Files.qll +++ b/python/ql/src/semmle/python/Files.qll @@ -72,6 +72,33 @@ class File extends Container { * are specified to be extracted. */ string getContents() { file_contents(this, result) } + + /** Holds if this file is likely to get executed directly, and thus act as an entry point for execution. */ + predicate maybeExecutedDirectly() { + // Only consider files in the source code, and not things like the standard library + exists(this.getRelativePath()) and + ( + // The file doesn't have the extension `.py` but still contains Python statements + not this.getExtension().matches("py%") and + exists(Stmt s | s.getLocation().getFile() = this) + or + // The file contains the usual `if __name__ == '__main__':` construction + exists(If i, Name name, StrConst main, Cmpop op | + i.getScope().(Module).getFile() = this and + op instanceof Eq and + i.getTest().(Compare).compares(name, op, main) and + name.getId() = "__name__" and + main.getText() = "__main__" + ) + or + // The file contains a `#!` line referencing the python interpreter + exists(Comment c | + c.getLocation().getFile() = this and + c.getLocation().getStartLine() = 1 and + c.getText().regexpMatch("^#! */.*python(2|3)?[ \\\\t]*$") + ) + ) + } } private predicate occupied_line(File f, int n) { @@ -121,6 +148,9 @@ class Folder extends Container { this.getBaseName().regexpMatch("[^\\d\\W]\\w*") and result = this.getParent().getImportRoot(n) } + + /** Holds if execution may start in a file in this directory. */ + predicate mayContainEntryPoint() { any(File f | f.getParent() = this).maybeExecutedDirectly() } } /** diff --git a/python/ql/src/semmle/python/Module.qll b/python/ql/src/semmle/python/Module.qll index fcf1c0b29252..8a420a800ea6 100644 --- a/python/ql/src/semmle/python/Module.qll +++ b/python/ql/src/semmle/python/Module.qll @@ -204,8 +204,13 @@ private string moduleNameFromBase(Container file) { string moduleNameFromFile(Container file) { exists(string basename | basename = moduleNameFromBase(file) and - legalShortName(basename) and + legalShortName(basename) + | result = moduleNameFromFile(file.getParent()) + "." + basename + or + // If execution can start in the folder containing this module, then we will assume `file` can + // be imported as an absolute import, and hence return `basename` as a possible name. + file.getParent().(Folder).mayContainEntryPoint() and result = basename ) or isPotentialSourcePackage(file) and diff --git a/python/ql/test/3/library-tests/modules/entry_point/hash_bang/main.py b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/main.py new file mode 100755 index 000000000000..ad619e5cbd83 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/main.py @@ -0,0 +1,7 @@ +#! /usr/bin/python3 +print(__file__) +import module +import package +import namespace_package +import namespace_package.namespace_package_main +print(module.message) diff --git a/python/ql/test/3/library-tests/modules/entry_point/hash_bang/module.py b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/module.py new file mode 100644 index 000000000000..36206ca60b75 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/module.py @@ -0,0 +1,2 @@ +print(__file__.split("entry_point")[1]) +message = "Hello world!" diff --git a/python/ql/test/3/library-tests/modules/entry_point/hash_bang/namespace_package/namespace_package_main.py b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/namespace_package/namespace_package_main.py new file mode 100644 index 000000000000..5db80f18a278 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/namespace_package/namespace_package_main.py @@ -0,0 +1,2 @@ +print(__file__.split("entry_point")[1]) +import namespace_package.namespace_package_module diff --git a/python/ql/test/3/library-tests/modules/entry_point/hash_bang/namespace_package/namespace_package_module.py b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/namespace_package/namespace_package_module.py new file mode 100644 index 000000000000..567a23d59ce3 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/namespace_package/namespace_package_module.py @@ -0,0 +1 @@ +print(__file__.split("entry_point")[1]) diff --git a/python/ql/test/3/library-tests/modules/entry_point/hash_bang/package/__init__.py b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/package/__init__.py new file mode 100644 index 000000000000..ca14a9f5804e --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/package/__init__.py @@ -0,0 +1,2 @@ +print(__file__.split("entry_point")[1]) +from . import package_main diff --git a/python/ql/test/3/library-tests/modules/entry_point/hash_bang/package/package_main.py b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/package/package_main.py new file mode 100644 index 000000000000..158b12678e3b --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/package/package_main.py @@ -0,0 +1,2 @@ +print(__file__.split("entry_point")[1]) +from . import package_module diff --git a/python/ql/test/3/library-tests/modules/entry_point/hash_bang/package/package_module.py b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/package/package_module.py new file mode 100644 index 000000000000..567a23d59ce3 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/hash_bang/package/package_module.py @@ -0,0 +1 @@ +print(__file__.split("entry_point")[1]) diff --git a/python/ql/test/3/library-tests/modules/entry_point/modules.expected b/python/ql/test/3/library-tests/modules/entry_point/modules.expected new file mode 100644 index 000000000000..e5f6b300074c --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/modules.expected @@ -0,0 +1,16 @@ +| main | hash_bang/main.py:0:0:0:0 | Script main | +| main | name_main/main.py:0:0:0:0 | Module main | +| module | hash_bang/module.py:0:0:0:0 | Module module | +| module | name_main/module.py:0:0:0:0 | Module module | +| package | hash_bang/package:0:0:0:0 | Package package | +| package | name_main/package:0:0:0:0 | Package package | +| package | no_py_extension/package:0:0:0:0 | Package package | +| package.__init__ | hash_bang/package/__init__.py:0:0:0:0 | Module package.__init__ | +| package.__init__ | name_main/package/__init__.py:0:0:0:0 | Module package.__init__ | +| package.__init__ | no_py_extension/package/__init__.py:0:0:0:0 | Module package.__init__ | +| package.package_main | hash_bang/package/package_main.py:0:0:0:0 | Module package.package_main | +| package.package_main | name_main/package/package_main.py:0:0:0:0 | Module package.package_main | +| package.package_main | no_py_extension/package/package_main.py:0:0:0:0 | Module package.package_main | +| package.package_module | hash_bang/package/package_module.py:0:0:0:0 | Module package.package_module | +| package.package_module | name_main/package/package_module.py:0:0:0:0 | Module package.package_module | +| package.package_module | no_py_extension/package/package_module.py:0:0:0:0 | Module package.package_module | diff --git a/python/ql/test/3/library-tests/modules/entry_point/modules.ql b/python/ql/test/3/library-tests/modules/entry_point/modules.ql new file mode 100644 index 000000000000..10c390e8616c --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/modules.ql @@ -0,0 +1,4 @@ +import python + +from Module m +select m.getName(), m diff --git a/python/ql/test/3/library-tests/modules/entry_point/name_main/main.py b/python/ql/test/3/library-tests/modules/entry_point/name_main/main.py new file mode 100755 index 000000000000..08ec212383bb --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/name_main/main.py @@ -0,0 +1,8 @@ +print(__file__) +import module +import package +import namespace_package +import namespace_package.namespace_package_main + +if __name__ == '__main__': + print(module.message) diff --git a/python/ql/test/3/library-tests/modules/entry_point/name_main/module.py b/python/ql/test/3/library-tests/modules/entry_point/name_main/module.py new file mode 100644 index 000000000000..36206ca60b75 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/name_main/module.py @@ -0,0 +1,2 @@ +print(__file__.split("entry_point")[1]) +message = "Hello world!" diff --git a/python/ql/test/3/library-tests/modules/entry_point/name_main/namespace_package/namespace_package_main.py b/python/ql/test/3/library-tests/modules/entry_point/name_main/namespace_package/namespace_package_main.py new file mode 100644 index 000000000000..5db80f18a278 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/name_main/namespace_package/namespace_package_main.py @@ -0,0 +1,2 @@ +print(__file__.split("entry_point")[1]) +import namespace_package.namespace_package_module diff --git a/python/ql/test/3/library-tests/modules/entry_point/name_main/namespace_package/namespace_package_module.py b/python/ql/test/3/library-tests/modules/entry_point/name_main/namespace_package/namespace_package_module.py new file mode 100644 index 000000000000..567a23d59ce3 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/name_main/namespace_package/namespace_package_module.py @@ -0,0 +1 @@ +print(__file__.split("entry_point")[1]) diff --git a/python/ql/test/3/library-tests/modules/entry_point/name_main/package/__init__.py b/python/ql/test/3/library-tests/modules/entry_point/name_main/package/__init__.py new file mode 100644 index 000000000000..ca14a9f5804e --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/name_main/package/__init__.py @@ -0,0 +1,2 @@ +print(__file__.split("entry_point")[1]) +from . import package_main diff --git a/python/ql/test/3/library-tests/modules/entry_point/name_main/package/package_main.py b/python/ql/test/3/library-tests/modules/entry_point/name_main/package/package_main.py new file mode 100644 index 000000000000..158b12678e3b --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/name_main/package/package_main.py @@ -0,0 +1,2 @@ +print(__file__.split("entry_point")[1]) +from . import package_module diff --git a/python/ql/test/3/library-tests/modules/entry_point/name_main/package/package_module.py b/python/ql/test/3/library-tests/modules/entry_point/name_main/package/package_module.py new file mode 100644 index 000000000000..567a23d59ce3 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/name_main/package/package_module.py @@ -0,0 +1 @@ +print(__file__.split("entry_point")[1]) diff --git a/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/main.secretpy b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/main.secretpy new file mode 100755 index 000000000000..e2673d4da786 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/main.secretpy @@ -0,0 +1,6 @@ +print(__file__) +import module +import package +import namespace_package +import namespace_package.namespace_package_main +print(module.message) diff --git a/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/module.py b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/module.py new file mode 100644 index 000000000000..36206ca60b75 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/module.py @@ -0,0 +1,2 @@ +print(__file__.split("entry_point")[1]) +message = "Hello world!" diff --git a/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/namespace_package/namespace_package_main.py b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/namespace_package/namespace_package_main.py new file mode 100644 index 000000000000..5db80f18a278 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/namespace_package/namespace_package_main.py @@ -0,0 +1,2 @@ +print(__file__.split("entry_point")[1]) +import namespace_package.namespace_package_module diff --git a/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/namespace_package/namespace_package_module.py b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/namespace_package/namespace_package_module.py new file mode 100644 index 000000000000..567a23d59ce3 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/namespace_package/namespace_package_module.py @@ -0,0 +1 @@ +print(__file__.split("entry_point")[1]) diff --git a/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/package/__init__.py b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/package/__init__.py new file mode 100644 index 000000000000..ca14a9f5804e --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/package/__init__.py @@ -0,0 +1,2 @@ +print(__file__.split("entry_point")[1]) +from . import package_main diff --git a/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/package/package_main.py b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/package/package_main.py new file mode 100644 index 000000000000..158b12678e3b --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/package/package_main.py @@ -0,0 +1,2 @@ +print(__file__.split("entry_point")[1]) +from . import package_module diff --git a/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/package/package_module.py b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/package/package_module.py new file mode 100644 index 000000000000..567a23d59ce3 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/no_py_extension/package/package_module.py @@ -0,0 +1 @@ +print(__file__.split("entry_point")[1]) diff --git a/python/ql/test/3/library-tests/modules/entry_point/options b/python/ql/test/3/library-tests/modules/entry_point/options new file mode 100644 index 000000000000..6beceeb08ed0 --- /dev/null +++ b/python/ql/test/3/library-tests/modules/entry_point/options @@ -0,0 +1 @@ +semmle-extractor-options: --lang=3 --path bogus -R . --filter=include:**/*.secretpy From b44db460f613164309f6d8f0726f8b1f2658edb6 Mon Sep 17 00:00:00 2001 From: Taus Date: Tue, 6 Apr 2021 19:55:43 +0000 Subject: [PATCH 2/4] Python: Only track modules that are imported --- python/ql/src/semmle/python/Module.qll | 21 ++++++++++++++++--- .../modules/entry_point/modules.expected | 2 -- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/python/ql/src/semmle/python/Module.qll b/python/ql/src/semmle/python/Module.qll index 8a420a800ea6..48d0e9e1a3d9 100644 --- a/python/ql/src/semmle/python/Module.qll +++ b/python/ql/src/semmle/python/Module.qll @@ -201,6 +201,20 @@ private string moduleNameFromBase(Container file) { file instanceof File and result = file.getStem() } +/** + * Holds if `file` may be transitively imported from a file that may serve as the entry point of + * the execution. + */ +private predicate transitively_imported_from_entry_point(File file) { + file.getExtension().matches("%py%") and + exists(File importer | + importer.getParent() = file.getParent() and + exists(ImportExpr i | i.getLocation().getFile() = importer and i.getName() = file.getStem()) + | + importer.maybeExecutedDirectly() or transitively_imported_from_entry_point(importer) + ) +} + string moduleNameFromFile(Container file) { exists(string basename | basename = moduleNameFromBase(file) and @@ -208,9 +222,10 @@ string moduleNameFromFile(Container file) { | result = moduleNameFromFile(file.getParent()) + "." + basename or - // If execution can start in the folder containing this module, then we will assume `file` can - // be imported as an absolute import, and hence return `basename` as a possible name. - file.getParent().(Folder).mayContainEntryPoint() and result = basename + // If `file` is a transitive import of a file that's executed directly, we allow references + // to it by its `basename`. + transitively_imported_from_entry_point(file) and + result = basename ) or isPotentialSourcePackage(file) and diff --git a/python/ql/test/3/library-tests/modules/entry_point/modules.expected b/python/ql/test/3/library-tests/modules/entry_point/modules.expected index e5f6b300074c..cdc743a360d1 100644 --- a/python/ql/test/3/library-tests/modules/entry_point/modules.expected +++ b/python/ql/test/3/library-tests/modules/entry_point/modules.expected @@ -1,5 +1,3 @@ -| main | hash_bang/main.py:0:0:0:0 | Script main | -| main | name_main/main.py:0:0:0:0 | Module main | | module | hash_bang/module.py:0:0:0:0 | Module module | | module | name_main/module.py:0:0:0:0 | Module module | | package | hash_bang/package:0:0:0:0 | Package package | From 43ae7462b44b4fc9561ee1cc6c246507e32b04c0 Mon Sep 17 00:00:00 2001 From: Taus Date: Tue, 6 Apr 2021 19:55:43 +0000 Subject: [PATCH 3/4] Python: Only track modules that are imported This greatly restricts the set of modules that have a new name under this scheme. One change to the tests was needed, which reflects the fact that the two `main.py` files no longer have the name `main` (which makes sense, since they're never imported under this name). --- python/ql/src/semmle/python/Module.qll | 21 ++++++++++++++++--- .../modules/entry_point/modules.expected | 2 -- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/python/ql/src/semmle/python/Module.qll b/python/ql/src/semmle/python/Module.qll index 8a420a800ea6..48d0e9e1a3d9 100644 --- a/python/ql/src/semmle/python/Module.qll +++ b/python/ql/src/semmle/python/Module.qll @@ -201,6 +201,20 @@ private string moduleNameFromBase(Container file) { file instanceof File and result = file.getStem() } +/** + * Holds if `file` may be transitively imported from a file that may serve as the entry point of + * the execution. + */ +private predicate transitively_imported_from_entry_point(File file) { + file.getExtension().matches("%py%") and + exists(File importer | + importer.getParent() = file.getParent() and + exists(ImportExpr i | i.getLocation().getFile() = importer and i.getName() = file.getStem()) + | + importer.maybeExecutedDirectly() or transitively_imported_from_entry_point(importer) + ) +} + string moduleNameFromFile(Container file) { exists(string basename | basename = moduleNameFromBase(file) and @@ -208,9 +222,10 @@ string moduleNameFromFile(Container file) { | result = moduleNameFromFile(file.getParent()) + "." + basename or - // If execution can start in the folder containing this module, then we will assume `file` can - // be imported as an absolute import, and hence return `basename` as a possible name. - file.getParent().(Folder).mayContainEntryPoint() and result = basename + // If `file` is a transitive import of a file that's executed directly, we allow references + // to it by its `basename`. + transitively_imported_from_entry_point(file) and + result = basename ) or isPotentialSourcePackage(file) and diff --git a/python/ql/test/3/library-tests/modules/entry_point/modules.expected b/python/ql/test/3/library-tests/modules/entry_point/modules.expected index e5f6b300074c..cdc743a360d1 100644 --- a/python/ql/test/3/library-tests/modules/entry_point/modules.expected +++ b/python/ql/test/3/library-tests/modules/entry_point/modules.expected @@ -1,5 +1,3 @@ -| main | hash_bang/main.py:0:0:0:0 | Script main | -| main | name_main/main.py:0:0:0:0 | Module main | | module | hash_bang/module.py:0:0:0:0 | Module module | | module | name_main/module.py:0:0:0:0 | Module module | | package | hash_bang/package:0:0:0:0 | Package package | From 6c69c1aeeb10737bd63bc95ed8c7759342116cdb Mon Sep 17 00:00:00 2001 From: Taus Date: Wed, 7 Apr 2021 10:47:21 +0000 Subject: [PATCH 4/4] Python: Minor cleanup --- python/ql/src/semmle/python/Files.qll | 5 +---- python/ql/src/semmle/python/Module.qll | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/python/ql/src/semmle/python/Files.qll b/python/ql/src/semmle/python/Files.qll index 83ba92f0abcc..6eb6b2a18aca 100644 --- a/python/ql/src/semmle/python/Files.qll +++ b/python/ql/src/semmle/python/Files.qll @@ -74,7 +74,7 @@ class File extends Container { string getContents() { file_contents(this, result) } /** Holds if this file is likely to get executed directly, and thus act as an entry point for execution. */ - predicate maybeExecutedDirectly() { + predicate isPossibleEntryPoint() { // Only consider files in the source code, and not things like the standard library exists(this.getRelativePath()) and ( @@ -148,9 +148,6 @@ class Folder extends Container { this.getBaseName().regexpMatch("[^\\d\\W]\\w*") and result = this.getParent().getImportRoot(n) } - - /** Holds if execution may start in a file in this directory. */ - predicate mayContainEntryPoint() { any(File f | f.getParent() = this).maybeExecutedDirectly() } } /** diff --git a/python/ql/src/semmle/python/Module.qll b/python/ql/src/semmle/python/Module.qll index 48d0e9e1a3d9..753be2605d2e 100644 --- a/python/ql/src/semmle/python/Module.qll +++ b/python/ql/src/semmle/python/Module.qll @@ -211,7 +211,7 @@ private predicate transitively_imported_from_entry_point(File file) { importer.getParent() = file.getParent() and exists(ImportExpr i | i.getLocation().getFile() = importer and i.getName() = file.getStem()) | - importer.maybeExecutedDirectly() or transitively_imported_from_entry_point(importer) + importer.isPossibleEntryPoint() or transitively_imported_from_entry_point(importer) ) }