Skip to content

Python: Modernise weak file permissions query #9200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 15, 2022
Merged

Python: Modernise weak file permissions query #9200

merged 2 commits into from
Jun 15, 2022

Conversation

tausbn
Copy link
Contributor

@tausbn tausbn commented May 17, 2022

Using API graphs instead of points-to.

Unfortunately, some results will be lost because of this, due to the fact that points-to tracks bitwise operations on small numbers (i.e. flags), whereas API graphs does no such thing. This means using something like stat.S_IWUSR | stat.S_IWGRP will not work.

A custom type tracker (like the one used for re flags) could be used to recapture this behaviour, but I think that's best left as future work, as it's not clear to me that this query is actually worth the effort it would take to implement this.

As this is just modernising a somewhat minor query, I don't think it needs a change note (but I'll happily add one if necessary).

@tausbn
Python: Modernise weak file permissions query
b2fe615 
Using API graphs instead of points-to.

Unfortunately, some results will be lost because of this, due to the
fact that points-to tracks bitwise operations on small numbers (i.e.
flags), whereas API graphs does no such thing. This means using
something like `stat.S_IWUSR | stat.S_IWGRP` will not work.

A custom type tracker (like the one used for `re` flags) could be used
to recapture this behaviour, but I think that's best left as future
work, as it's not clear to me that this query is actually worth the
effort it would take to implement this.
@tausbn tausbn added the no-change-note-required This PR does not need a change note label May 17, 2022
@tausbn tausbn requested a review from a team as a code owner May 17, 2022 20:26
yoff
yoff reviewed May 23, 2022
View reviewed changes
Copy link
Contributor

@yoff yoff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am generally happy with rewriting pointsTo to getAValueReachingRhs. We do need to look into the version-dependence, though...

@tausbn tausbn requested a review from yoff June 15, 2022 11:11
yoff
yoff approved these changes Jun 15, 2022
View reviewed changes
Copy link
Contributor

@yoff yoff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bit crude, but fine in this case

@yoff yoff merged commit f14a90f into github:main Jun 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yoff yoff yoff approved these changes

Assignees
No one assigned
Labels
no-change-note-required This PR does not need a change note Python
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tausbn @yoff