-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathWrongNameForArgumentInClassInstantiation.ql
More file actions
49 lines (45 loc) · 1.5 KB
/
WrongNameForArgumentInClassInstantiation.ql
File metadata and controls
49 lines (45 loc) · 1.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
/**
* @name Wrong name for an argument in a class instantiation
* @description Using a named argument whose name does not correspond to a
* parameter of the __init__ method of the class being
* instantiated, will result in a TypeError at runtime.
* @kind problem
* @tags quality
* reliability
* correctness
* external/cwe/cwe-628
* @problem.severity error
* @sub-severity low
* @precision very-high
* @id py/call/wrong-named-class-argument
*/
import python
private import semmle.python.dataflow.new.internal.DataFlowDispatch
/**
* Holds if `name` is a legal argument name for calling `init`.
*/
bindingset[name]
predicate isLegalArgumentName(Function init, string name) {
exists(init.getArgByName(name))
or
init.hasKwArg()
}
/**
* Holds if `call` constructs class `cls` and passes a keyword argument `name`
* that does not correspond to any parameter of `cls.__init__`.
*/
predicate illegally_named_parameter(Call call, Class cls, string name) {
exists(Function init |
resolveClassCall(call.getAFlowNode(), cls) and
init = DuckTyping::getInit(cls) and
name = call.getANamedArgumentName() and
not isLegalArgumentName(init, name)
)
}
from Call call, Class cls, string name, Function init
where
illegally_named_parameter(call, cls, name) and
not DuckTyping::hasUnreliableMro(cls) and
init = DuckTyping::getInit(cls)
select call, "Keyword argument '" + name + "' is not a supported parameter name of $@.", init,
init.getQualifiedName()