github · yoff · Oct 20, 2020 · Oct 16, 2020 · Oct 19, 2020 · Oct 19, 2020
@@ -504,6 +504,29 @@ predicate jumpStep(Node nodeFrom, Node nodeTo) {
   or
   // Module variable write
   nodeFrom = nodeTo.(ModuleVariableNode).getAWrite()
+  or
+  // Read of module attribute:
+  exists(AttrRead r, ModuleValue mv |
+    r.getObject().asCfgNode().pointsTo(mv) and
+    module_export(mv.getScope(), r.getAttributeName(), nodeFrom) and
+    nodeTo = r
+  )
+}
+
+/**
+ * Holds if the module `m` defines a name `name` by assigning `defn` to it. This is an
+ * overapproximation, as `name` may not in fact be exported (e.g. by defining an `__all__` that does
+ * not include `name`).
+ */
+private predicate module_export(Module m, string name, CfgNode defn) {
+  exists(EssaVariable v |
+    v.getName() = name and
+    v.getAUse() = m.getANormalExit()
+  |
+    defn.getNode() = v.getDefinition().(AssignmentDefinition).getValue()
+    or
+    defn.getNode() = v.getDefinition().(ArgumentRefinement).getArgument()
+  )
 }
 
 //--------

@@ -0,0 +1 @@
+pass
@@ -0,0 +1 @@
+bar = "bar"
@@ -0,0 +1 @@
+foo = "foo"
@@ -0,0 +1,16 @@
+from .moduleY import spam
+from .moduleY import spam as ham
+from . import moduleY
+from ..subpackage1 import moduleY
+from ..subpackage2.moduleZ import eggs
+from ..moduleA import foo
+
+try:
+    from ...package import bar
+except Exception as e:
+    print(e)
+
+try:
+    from ...sys import path
+except Exception as e:
+    print(e)
@@ -0,0 +1,16 @@
+from .moduleY import spam
+from .moduleY import spam as ham
+from . import moduleY
+from ..subpackage1 import moduleY
+from ..subpackage2.moduleZ import eggs
+from ..moduleA import foo
+
+try:
+    from ...package import bar
+except Exception as e:
+    print(e)
+
+try:
+    from ...sys import path
+except Exception as e:
+    print(e)
@@ -0,0 +1 @@
+spam = "spam"
@@ -0,0 +1 @@
+pass
@@ -0,0 +1 @@
+eggs = "eggs"
@@ -0,0 +1 @@
+import package.subpackage1.moduleX
@@ -1,3 +1,7 @@
+| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:89:10:89:10 | ControlFlowNode for t |
+| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:106:10:106:14 | ControlFlowNode for Attribute |
+| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:111:10:111:12 | ControlFlowNode for Attribute |
+| module.py:1:13:1:18 | ControlFlowNode for SOURCE | test.py:156:6:156:11 | ControlFlowNode for unsafe |
 | module.py:6:12:6:17 | ControlFlowNode for SOURCE | test.py:101:10:101:10 | ControlFlowNode for t |
 | test.py:3:10:3:15 | ControlFlowNode for SOURCE | test.py:3:10:3:15 | ControlFlowNode for SOURCE |
 | test.py:6:9:6:14 | ControlFlowNode for SOURCE | test.py:7:10:7:10 | ControlFlowNode for s |

@@ -86,7 +86,7 @@ def test12():
 
 def test13():
     t = module.dangerous
-    SINK(t)  # Flow not found
+    SINK(t)
 
 def test14():
     t = module.safe
@@ -108,13 +108,13 @@ def x_sink(arg):
 def test17():
     t = C()
     t.x = module.dangerous
-    SINK(t.x)  # Flow not found
+    SINK(t.x)
 
 def test18():
     t = C()
     t.x = module.dangerous
     t = hub(t)
-    x_sink(t)  # Flow not found
+    x_sink(t)
 
 def test19():
     t = CUSTOM_SOURCE
@@ -153,7 +153,7 @@ def test22(cond):
         SINK(t)
 
 from module import dangerous as unsafe
-SINK(unsafe)  # Flow not found
+SINK(unsafe)
 
 def test23():
     with SOURCE as t:

@@ -2,3 +2,6 @@
 
 def func():
     return tracked # $tracked
+
+z = tracked # $tracked
+some_func(z) # $tracked
@@ -51,9 +51,10 @@ def global_var_write_test():
 
 def test_import():
     import mymodule
-    mymodule.x # $f-:tracked
+    mymodule.x # $tracked
     y = mymodule.func() # $tracked
     y # $tracked
+    mymodule.z # $tracked
 
 # ------------------------------------------------------------------------------