Python: Support integer subscripts in the API graph #15497

yoff · 2024-01-31T21:47:10Z

Recall that for

foo.f(data = d)

we can find d as moduleImport("foo").getMember("f").getKeywordParameter("data"). We will call this API path D.

We were already able to find value in

 d = {"key": value}
foo.f(d)

and

d["key"] = value
foo.f(d)

via D.getSubscript("key").

But we could not find 'value' in

 d = [value]
foo.f(d)

and

d[0] = value
foo.f(d)

at all. We can now find these via D.getIntSubscript(0).

Inspired by https://github.slack.com/archives/CPGHLR8DD/p1706707895922829

python/ql/src/meta/StdLib/FindUses.ql

+
+  predicate entryPoint(
+    DataFlow::Node argument, string parameterName, string functionName, DataFlow::Node outNode,
+    string alreadyModelled


python/ql/src/meta/StdLib/FindUses.ql

+
+from
+  EntryPointsByQuery e, DataFlow::Node argument, string parameter, string functionName,
+  DataFlow::Node outNode, string alreadyModelled


yoff added 2 commits January 29, 2024 21:07

python: initial queries

820061b

python: Support integer subscript

debfef7

yoff added the Awaiting evaluation Do not merge yet, this PR is waiting for an evaluation to finish label Jan 31, 2024

github-actions bot added the Python label Jan 31, 2024

github-advanced-security bot found potential problems Jan 31, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Python: Support integer subscripts in the API graph #15497

Python: Support integer subscripts in the API graph #15497

Uh oh!

yoff commented Jan 31, 2024

Uh oh!

Check warning

Check warning

Uh oh!

Python: Support integer subscripts in the API graph #15497

Are you sure you want to change the base?

Python: Support integer subscripts in the API graph #15497

Uh oh!

Conversation

yoff commented Jan 31, 2024

Uh oh!

Check warning

Check warning

Uh oh!