-
Notifications
You must be signed in to change notification settings - Fork 440
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
distinguish instance attribute models from class attribute models
Summary: In Python, the semantics of class and instance variables differ. If you declare `class C: x = 1` and write `self.x = 2` later, `C.x` will remain unchanged for the other instances of `C`. Previously, we would allow accessing an attribute model through both the instance and class. This disallows us from expressing models only for class attributes vs. only for instance attributes. Support the class attribute case via the module_name.ClassName.__class__.attribute, and keep instance attribute syntax as is (via module_name.ClassName.attribute). If we need models for both cases, we'll need to write both. Reviewed By: fahndrich Differential Revision: D16672643 fbshipit-source-id: 92ff7bcf0863514ab5da670ed6f9e8474e78799e
- Loading branch information
1 parent
69e6ec4
commit f942add
Showing
9 changed files
with
255 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,29 +1,51 @@ | ||
# @nolint | ||
|
||
from typing import Type | ||
from typing import Type, Optional | ||
|
||
|
||
class C: | ||
tainted_attribute: List[int] = [] | ||
tainted_class_attribute: List[int] = [] | ||
not_tainted = 2 | ||
|
||
|
||
class D(C): | ||
pass | ||
|
||
|
||
def tainted_attribute_flow(c: C) -> None: | ||
def tainted_attribute_flow_issue(c: C) -> None: | ||
c.tainted_attribute = __test_source() | ||
|
||
|
||
def untainted_flow(c: C) -> None: | ||
def untainted_flow_not_issue(c: C) -> None: | ||
c.not_tainted = __test_source() | ||
|
||
|
||
def tainted_attribute_for_class(c: Type[C]) -> None: | ||
def tainted_attribute_for_class_not_issue(c: Type[C]) -> None: | ||
c.tainted_attribute = __test_source() | ||
|
||
|
||
def tainted_attribute_through_inheritance(d: D) -> None: | ||
def tainted_attribute_through_inheritance_not_issue(d: D) -> None: | ||
# TODO(T47337940): Support this. | ||
d.tainted_attribute = __test_source() | ||
|
||
|
||
def tainted_class_attribute_through_instance_not_issue(c: C) -> None: | ||
c.tainted_class_attribute = __test_source() | ||
|
||
|
||
def tainted_class_attribute_through_class_issue(class_object: Type[C]) -> None: | ||
class_object.tainted_class_attribute = __test_source() | ||
|
||
|
||
def tainted_class_attribute_through_double_underscore_class_issue(c: C) -> None: | ||
c.__class__.tainted_class_attribute = __test_source() | ||
|
||
|
||
def tainted_class_attribute_through_optional_class_issue(class_object: Optional[Type[C]]) -> None: | ||
if class_object is not None: | ||
class_object.tainted_class_attribute = __test_source() | ||
|
||
|
||
def global_class_attribute_issue() -> None: | ||
C.tainted_class_attribute = __test_source() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,11 @@ | ||
@generated | ||
Call dependencies | ||
class_flows.tainted_attribute_flow (fun) -> [__test_source (fun)] | ||
class_flows.tainted_attribute_for_class (fun) -> [__test_source (fun)] | ||
class_flows.tainted_attribute_through_inheritance (fun) -> [__test_source (fun)] | ||
class_flows.untainted_flow (fun) -> [__test_source (fun)] | ||
class_flows.global_class_attribute_issue (fun) -> [__test_source (fun)] | ||
class_flows.tainted_attribute_flow_issue (fun) -> [__test_source (fun)] | ||
class_flows.tainted_attribute_for_class_not_issue (fun) -> [__test_source (fun)] | ||
class_flows.tainted_attribute_through_inheritance_not_issue (fun) -> [__test_source (fun)] | ||
class_flows.tainted_class_attribute_through_class_issue (fun) -> [__test_source (fun)] | ||
class_flows.tainted_class_attribute_through_double_underscore_class_issue (fun) -> [__test_source (fun) object::__class__ (method)] | ||
class_flows.tainted_class_attribute_through_instance_not_issue (fun) -> [__test_source (fun)] | ||
class_flows.tainted_class_attribute_through_optional_class_issue (fun) -> [__test_source (fun)] | ||
class_flows.untainted_flow_not_issue (fun) -> [__test_source (fun)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
class_flows.C.tainted_attribute: TaintSink[Test] = ... | ||
class_flows.C.__class__.tainted_class_attribute: TaintSink[Test] = ... | ||
def list.append(self, element: TaintInTaintOut[Updates[self]]): ... |
Oops, something went wrong.