Open
Conversation
tausbn
force-pushed
the
tausbn/python-port-modification-of-locals
branch
from
32e212d to
7de29fd
Compare
Changing the `locals()` dictionary actually _does_ change the attributes of the class being defined, so we shouldn't alert in this case.
tausbn
force-pushed
the
tausbn/python-port-modification-of-locals
branch
from
d3ec1c6 to
e368844
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Ports the ModificationOfLocals.ql query to use API graphs instead of legacy points-to, and refines scope handling to avoid false positives in module and class scopes.
Changes:
- Replace legacy points-to based
locals()origin detection withsemmle.python.ApiGraphs-based modeling. - Exclude both module scope and class scope from reporting (since
locals()mutations can be effective there). - Add a new query-test case covering class-body
locals()mutation.
Show a summary per file
| File | Description |
|---|---|
| python/ql/src/Statements/ModificationOfLocals.ql | Ports locals() tracking to API graphs and excludes Module/Class scopes to improve correctness. |
| python/ql/test/query-tests/Statements/general/test.py | Adds a regression test ensuring class-scope locals() updates are treated as OK. |
Copilot's findings
- Files reviewed: 2/2 changed files
- Comments generated: 0
Contributor
Author
|
Preliminary DCA alert results look good: 11 new true positives, and 4 new false positives that should be fixed by the second commit. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
A simple rewrite using API graphs.