Python: filter local flow from a node to itself

yoff · yoff · commit efcdb3e67ebd · 2023-12-14T10:28:26.000+01:00
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
@@ -684,8 +684,13 @@ predicate summaryFlowSteps(Node nodeFrom, Node nodeTo) {
 }
 
 predicate variableCaptureFlowStep(Node nodeFrom, Node nodeTo) {
+  // Blindly applying use-use flow can result in a node that steps to itself, for
+  // example in while-loops. To uphold dataflow consistency checks, we don't want
+  // that. However, we do want to allow `[post] n` to `n` (to handle while loops), so
+  // we should only do the filtering after `IncludePostUpdateFlow` has ben applied.
   IncludePostUpdateFlow<PhaseDependentFlow<VariableCapture::valueStep/2>::step/2>::step(nodeFrom,
-    nodeTo)
+    nodeTo) and
+  nodeFrom != nodeTo
 }
 
 /** `ModuleVariable`s are accessed via jump steps at runtime. */

Original file line number	Diff line number	Diff line change
`@@ -684,8 +684,13 @@ predicate summaryFlowSteps(Node nodeFrom, Node nodeTo) {`
`684`	`684`	`}`
`685`	`685`
`686`	`686`	`predicate variableCaptureFlowStep(Node nodeFrom, Node nodeTo) {`
	`687`	`+ // Blindly applying use-use flow can result in a node that steps to itself, for`
	`688`	`+ // example in while-loops. To uphold dataflow consistency checks, we don't want`
	`689`	+ // that. However, we do want to allow `[post] n` to `n` (to handle while loops), so
	`690`	+ // we should only do the filtering after `IncludePostUpdateFlow` has ben applied.
`687`	`691`	`IncludePostUpdateFlow<PhaseDependentFlow<VariableCapture::valueStep/2>::step/2>::step(nodeFrom,`
`688`		`- nodeTo)`
	`692`	`+ nodeTo) and`
	`693`	`+ nodeFrom != nodeTo`
`689`	`694`	`}`
`690`	`695`
`691`	`696`	/** `ModuleVariable`s are accessed via jump steps at runtime. */