From 4ae3a230899d41964029df57cbd49fdc2de0440b Mon Sep 17 00:00:00 2001 From: Taus Date: Tue, 27 Apr 2021 21:47:38 +0000 Subject: [PATCH] Python: Limit absolute imports Limits the behaviour of github/codeql#5614 in two ways: First, we only consider files that are contained in the source archive. This prevents unnecessary computation involving files in e.g. the standard library. Secondly, we ignore any relative imports (e.g. `from .foo import ...`), as these only work inside packages anyway. This fixes an observed performance regression on projects that include `google-cloud-sdk` as part of their source code. --- python/ql/src/semmle/python/Module.qll | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/python/ql/src/semmle/python/Module.qll b/python/ql/src/semmle/python/Module.qll index 1e9d76bf1d86..8f9344f60c07 100644 --- a/python/ql/src/semmle/python/Module.qll +++ b/python/ql/src/semmle/python/Module.qll @@ -212,8 +212,15 @@ private string moduleNameFromBase(Container file) { private predicate transitively_imported_from_entry_point(File file) { file.getExtension().matches("%py%") and exists(File importer | + // Only consider files that are in the source archive + exists(importer.getRelativePath()) and importer.getParent() = file.getParent() and - exists(ImportExpr i | i.getLocation().getFile() = importer and i.getName() = file.getStem()) + exists(ImportExpr i | + i.getLocation().getFile() = importer and + i.getName() = file.getStem() and + // Disregard relative imports + i.getLevel() = 0 + ) | importer.isPossibleEntryPoint() or transitively_imported_from_entry_point(importer) )