Skip to content

Python: Hide points-to imports in python.qll #20739

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tausbn merged 22 commits into from
Dec 5, 2025
Merged

Python: Hide points-to imports in python.qll #20739

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
78c33ab
Python: Remove points-to references from `python.qll`
tausbn Oct 30, 2025
f0465f4
Python: Get rid of some `get...Object` methods
tausbn Oct 30, 2025
0a4ec2c
Python: Move some non-points-to methods out of points-to
tausbn Oct 30, 2025
2732a65
Python: Fix example snippets
tausbn Oct 30, 2025
5b63b49
Python: Fix query tests
tausbn Oct 30, 2025
85029bd
Python: Fix Python 2 tests
tausbn Oct 30, 2025
665104e
Python: Fix Python 3 tests
tausbn Oct 30, 2025
b3b87c9
Python: Fix extractor/experimental tests
tausbn Oct 30, 2025
7176898
Python: Fix library tests
tausbn Oct 30, 2025
21e74a3
Python: Fully remove points-to from `Flow.qll`
tausbn Oct 31, 2025
7328f26
Python: Fix reachability-related test failures
tausbn Oct 31, 2025
e098404
Python: Get rid of points-to from `Definitions.qll`
tausbn Oct 31, 2025
9dc774a
Python: Remove points-to dependency from parts of SSA
tausbn Oct 31, 2025
5b47fcb
Python: Remove dependence on `Builtins` from attribute module
tausbn Oct 31, 2025
b9a5b3b
Python: Remove points-to from `SSA.ql`
tausbn Nov 26, 2025
cd1619b
Python: Fix queries and tests
tausbn Nov 26, 2025
c75329d
Python: Move metrics-related API to `LegacyPointsTo` module
tausbn Nov 26, 2025
24a29f4
Python: Fix all metrics-related compilation failures
tausbn Nov 26, 2025
c6ad438
Python: Add change note
tausbn Nov 26, 2025
a7458df
Python: Appease the QLDoc checker
tausbn Nov 26, 2025
bc8ed28
Python: Make some more points-to imports private
tausbn Nov 27, 2025
ec336a0
Python: Fix list bullets in change note
tausbn Nov 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 15 additions & 2 deletions python/ql/lib/LegacyPointsTo.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,21 @@
*/

private import python
private import semmle.python.pointsto.PointsTo
private import semmle.python.objects.Modules
import semmle.python.pointsto.Base
import semmle.python.pointsto.Context
import semmle.python.pointsto.PointsTo
import semmle.python.pointsto.PointsToContext
import semmle.python.objects.ObjectAPI
import semmle.python.objects.ObjectInternal
import semmle.python.types.Object
import semmle.python.types.ClassObject
import semmle.python.types.FunctionObject
import semmle.python.types.ModuleObject
import semmle.python.types.Exceptions
import semmle.python.types.Properties
import semmle.python.types.ImportTime
import semmle.python.types.Descriptors
import semmle.python.SelfAttribute

/**
* An extension of `ControlFlowNode` that provides points-to predicates.
Expand Down
1 change: 0 additions & 1 deletion python/ql/lib/analysis/DefinitionTracking.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@

import python
private import LegacyPointsTo
import semmle.python.pointsto.PointsTo
import IDEContextual

private newtype TDefinition =
Expand Down
26 changes: 13 additions & 13 deletions python/ql/lib/python.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,22 +19,22 @@ import semmle.python.Constants
import semmle.python.Scope
import semmle.python.Comment
import semmle.python.GuardedControlFlow
import semmle.python.types.ImportTime
import semmle.python.types.Object
import semmle.python.types.ClassObject
import semmle.python.types.FunctionObject
import semmle.python.types.ModuleObject
import semmle.python.types.Version
import semmle.python.types.Descriptors
private import semmle.python.types.ImportTime
private import semmle.python.types.Object
private import semmle.python.types.ClassObject
private import semmle.python.types.FunctionObject
private import semmle.python.types.ModuleObject
private import semmle.python.types.Version
private import semmle.python.types.Descriptors
import semmle.python.SSA
import semmle.python.SelfAttribute
import semmle.python.types.Properties
private import semmle.python.SelfAttribute
private import semmle.python.types.Properties
import semmle.python.xml.XML
import semmle.python.essa.Essa
import semmle.python.pointsto.Base
import semmle.python.pointsto.Context
import semmle.python.pointsto.CallGraph
import semmle.python.objects.ObjectAPI
private import semmle.python.pointsto.Base
private import semmle.python.pointsto.Context
private import semmle.python.pointsto.CallGraph
private import semmle.python.objects.ObjectAPI
import semmle.python.Unit
import site
private import semmle.python.Overlay
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/Flow.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import python
private import semmle.python.internal.CachedStages
private import codeql.controlflow.BasicBlock as BB
private import LegacyPointsTo

/*
* Note about matching parent and child nodes and CFG splitting:
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/SSA.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
/** SSA library */

import python
private import LegacyPointsTo

/**
* A single static assignment variable.
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/SelfAttribute.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

import python
private import semmle.python.pointsto.Filters
private import LegacyPointsTo

/**
* An attribute access where the left hand side of the attribute expression
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.internal.ImportStar
private import semmle.python.dataflow.new.TypeTracking
private import semmle.python.dataflow.new.internal.DataFlowPrivate
private import semmle.python.essa.SsaDefinitions
Copy link
Copy Markdown
Contributor

@yoff yoff Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is this necessary now and not before?

Copy link
Copy Markdown
Contributor Author

@tausbn tausbn Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, this is not entirely obvious!

That module was reexported by semmle.python.pointsto.Base (see below) which was imported in python.qll, but now that import has (of course) been made private.


/**
* Python modules and the way imports are resolved are... complicated. Here's a crash course in how
Expand Down
2 changes: 1 addition & 1 deletion python/ql/lib/semmle/python/dataflow/old/Configuration.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import python
import semmle.python.dataflow.TaintTracking
private import semmle.python.objects.ObjectInternal
private import LegacyPointsTo
private import semmle.python.dataflow.Implementation

module TaintTracking {
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/dataflow/old/Files.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import python
private import LegacyPointsTo
import semmle.python.dataflow.TaintTracking

class OpenFile extends TaintKind {
Expand Down
1 change: 0 additions & 1 deletion python/ql/lib/semmle/python/dataflow/old/Implementation.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import python
private import LegacyPointsTo
import semmle.python.dataflow.TaintTracking
private import semmle.python.objects.ObjectInternal
private import semmle.python.pointsto.Filters as Filters
import semmle.python.dataflow.Legacy

Expand Down
4 changes: 1 addition & 3 deletions python/ql/lib/semmle/python/dataflow/old/StateTracking.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,7 @@
*/

import python
private import semmle.python.pointsto.PointsTo
private import semmle.python.pointsto.PointsToContext
private import semmle.python.objects.ObjectInternal
private import LegacyPointsTo

/** A state that should be tracked. */
abstract class TrackableState extends string {
Expand Down
1 change: 0 additions & 1 deletion python/ql/lib/semmle/python/dataflow/old/TaintTracking.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,6 @@
import python
private import LegacyPointsTo
private import semmle.python.pointsto.Filters as Filters
private import semmle.python.objects.ObjectInternal
private import semmle.python.dataflow.Implementation
import semmle.python.dataflow.Configuration

Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/dependencies/DependencyKind.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import semmle.python.dependencies.Dependencies
private import LegacyPointsTo

/**
* A library describing an abstract mechanism for representing dependency categories.
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/dependencies/TechInventory.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import python
import semmle.python.dependencies.Dependencies
import semmle.python.dependencies.DependencyKind
private import LegacyPointsTo

/**
* Combine the source-file and package into a single string:
Expand Down
4 changes: 3 additions & 1 deletion python/ql/lib/semmle/python/essa/Definitions.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
import python

/*
* Classification of variables. These should be non-overlapping and complete.
*
Expand All @@ -12,6 +11,9 @@ import python
* Escaping globals -- Global variables that have definitions and at least one of those definitions is in another scope.
*/

private import LegacyPointsTo
private import semmle.python.essa.SsaDefinitions

/** A source language variable, to be converted into a set of SSA variables. */
abstract class SsaSourceVariable extends @py_variable {
SsaSourceVariable() {
Expand Down
2 changes: 2 additions & 0 deletions python/ql/lib/semmle/python/essa/Essa.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import python
private import SsaCompute
import semmle.python.essa.Definitions
private import semmle.python.internal.CachedStages
private import LegacyPointsTo
private import semmle.python.essa.SsaDefinitions

/** An (enhanced) SSA variable derived from `SsaSourceVariable`. */
class EssaVariable extends TEssaDefinition {
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/essa/SsaDefinitions.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

import python
private import semmle.python.internal.CachedStages
private import LegacyPointsTo

cached
module SsaSource {
Expand Down
2 changes: 1 addition & 1 deletion python/ql/lib/semmle/python/libraries/Zope.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
/** Utilities for handling the zope libraries */

import python
private import semmle.python.pointsto.PointsTo
private import LegacyPointsTo

/** A method that belongs to a sub-class of `zope.interface.Interface` */
class ZopeInterfaceMethodValue extends PythonFunctionValue {
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/objects/Constants.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ private import semmle.python.pointsto.PointsTo
private import semmle.python.pointsto.MRO
private import semmle.python.pointsto.PointsToContext
private import semmle.python.types.Builtins
private import semmle.python.objects.ObjectAPI

/**
* A constant.
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/objects/Descriptors.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ private import semmle.python.pointsto.PointsTo
private import semmle.python.pointsto.PointsToContext
private import semmle.python.pointsto.MRO
private import semmle.python.types.Builtins
private import semmle.python.pointsto.Context

/** A property object. */
class PropertyInternal extends ObjectInternal, TProperty {
Expand Down
2 changes: 2 additions & 0 deletions python/ql/lib/semmle/python/objects/Instances.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ private import semmle.python.pointsto.PointsTo
private import semmle.python.pointsto.MRO
private import semmle.python.pointsto.PointsToContext
private import semmle.python.types.Builtins
private import semmle.python.pointsto.Context
private import semmle.python.pointsto.Base

/** A class representing instances */
abstract class InstanceObject extends ObjectInternal {
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/objects/Modules.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ private import semmle.python.pointsto.PointsTo
private import semmle.python.pointsto.MRO
private import semmle.python.pointsto.PointsToContext
private import semmle.python.types.Builtins
private import semmle.python.types.ImportTime

/** A class representing modules */
abstract class ModuleObjectInternal extends ObjectInternal {
Expand Down
3 changes: 0 additions & 3 deletions python/ql/lib/semmle/python/objects/ObjectAPI.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,6 @@
import python
private import LegacyPointsTo
private import TObject
private import semmle.python.objects.ObjectInternal
private import semmle.python.pointsto.PointsTo
private import semmle.python.pointsto.PointsToContext
private import semmle.python.pointsto.MRO
private import semmle.python.types.Builtins

Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/objects/TObject.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ private import semmle.python.objects.ObjectInternal
private import semmle.python.pointsto.PointsTo
private import semmle.python.pointsto.PointsToContext
private import semmle.python.internal.CachedStages
private import semmle.python.pointsto.Context

/**
* Internal type backing `ObjectInternal` and `Value`
Expand Down
2 changes: 2 additions & 0 deletions python/ql/lib/semmle/python/pointsto/Base.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ import python
import semmle.python.essa.SsaDefinitions
private import semmle.python.types.Builtins
private import semmle.python.internal.CachedStages
private import semmle.python.types.Object
private import semmle.python.types.ClassObject

/*
* The following predicates exist in order to provide
Expand Down
2 changes: 2 additions & 0 deletions python/ql/lib/semmle/python/pointsto/CallGraph.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@

import python
private import semmle.python.pointsto.PointsToContext
private import semmle.python.types.FunctionObject
private import semmle.python.pointsto.Context

private newtype TTInvocation =
TInvocation(FunctionObject f, Context c) {
Expand Down
5 changes: 5 additions & 0 deletions python/ql/lib/semmle/python/pointsto/PointsTo.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ private import semmle.python.pointsto.MRO
private import semmle.python.types.Builtins
private import semmle.python.types.Extensions
private import semmle.python.internal.CachedStages
private import semmle.python.types.Object
private import semmle.python.types.FunctionObject
private import semmle.python.types.ClassObject
private import semmle.python.pointsto.Base
private import semmle.python.types.ImportTime

/* Use this version for speed */
class CfgOrigin extends @py_object {
Expand Down
2 changes: 2 additions & 0 deletions python/ql/lib/semmle/python/pointsto/PointsToContext.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
import python
private import semmle.python.pointsto.PointsTo
private import semmle.python.objects.ObjectInternal
private import semmle.python.types.ImportTime
private import semmle.python.types.Version

/*
* A note on 'cost'. Cost doesn't represent the cost to compute,
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/types/Builtins.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import python
private import LegacyPointsTo

class Builtin extends @py_cobject {
Builtin() {
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/types/ClassObject.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ private import semmle.python.pointsto.PointsTo
private import semmle.python.pointsto.MRO
private import semmle.python.types.Builtins
private import semmle.python.objects.ObjectInternal
private import semmle.python.types.ImportTime

/**
* A class whose instances represents Python classes.
Expand Down
3 changes: 3 additions & 0 deletions python/ql/lib/semmle/python/types/Descriptors.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
import python
private import semmle.python.objects.ObjectInternal
private import semmle.python.types.Object
private import semmle.python.types.FunctionObject
private import semmle.python.pointsto.Context

/** A class method object. Either a decorated function or an explicit call to classmethod(f) */
class ClassMethodObject extends Object {
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/types/Extensions.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ private import semmle.python.pointsto.PointsToContext
private import semmle.python.objects.TObject
/* Make ObjectInternal visible to save extra imports in user code */
import semmle.python.objects.ObjectInternal
import semmle.python.pointsto.Context

abstract class PointsToExtension extends @py_flow_node {
string toString() { result = "PointsToExtension with missing toString" }
Expand Down
3 changes: 0 additions & 3 deletions python/ql/lib/semmle/python/types/FunctionObject.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,7 @@
import python
private import LegacyPointsTo
import semmle.python.types.Exceptions
private import semmle.python.pointsto.PointsTo
private import semmle.python.objects.Callables
private import semmle.python.libraries.Zope
private import semmle.python.objects.ObjectInternal
private import semmle.python.types.Builtins

/** A function object, whether written in Python or builtin */
Expand Down
1 change: 1 addition & 0 deletions python/ql/lib/semmle/python/types/ModuleKind.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import python
private import semmle.python.types.ModuleObject

private predicate is_normal_module(ModuleObject m) {
m instanceof BuiltinModuleObject
Expand Down
3 changes: 3 additions & 0 deletions python/ql/lib/semmle/python/types/ModuleObject.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ import python
private import semmle.python.pointsto.PointsTo
private import semmle.python.objects.ObjectInternal
private import semmle.python.types.ModuleKind
private import semmle.python.types.Object
private import semmle.python.types.ClassObject
private import semmle.python.objects.ObjectAPI

abstract class ModuleObject extends Object {
ModuleValue theModule() {
Expand Down
1 change: 0 additions & 1 deletion python/ql/lib/semmle/python/types/Object.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import python
private import LegacyPointsTo
private import semmle.python.objects.ObjectInternal
private import semmle.python.types.Builtins
private import semmle.python.internal.CachedStages

Expand Down
3 changes: 0 additions & 3 deletions python/ql/lib/semmle/python/values/StringAttributes.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
import python
private import LegacyPointsTo
private import semmle.python.types.Object
private import semmle.python.types.ClassObject
private import semmle.python.types.FunctionObject

predicate string_attribute_all(ControlFlowNodeWithPointsTo n, string attr) {
(n.getNode() instanceof Unicode or n.getNode() instanceof Bytes) and
Expand Down
1 change: 0 additions & 1 deletion python/ql/src/Expressions/ContainsNonContainer.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@

import python
private import LegacyPointsTo
import semmle.python.pointsto.PointsTo

predicate rhs_in_expr(ControlFlowNode rhs, Compare cmp) {
exists(Cmpop op, int i | cmp.getOp(i) = op and cmp.getComparator(i) = rhs.getNode() |
Expand Down
1 change: 1 addition & 0 deletions python/ql/src/Expressions/IsComparisons.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import python
private import LegacyPointsTo
private import semmle.python.objects.ObjectInternal
private import semmle.python.objects.ObjectAPI

/** Holds if the comparison `comp` uses `is` or `is not` (represented as `op`) to compare its `left` and `right` arguments. */
predicate comparison_using_is(Compare comp, ControlFlowNode left, Cmpop op, ControlFlowNode right) {
Expand Down
1 change: 1 addition & 0 deletions python/ql/src/Statements/RedundantAssignment.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@

import python
private import LegacyPointsTo
private import semmle.python.objects.ObjectAPI

predicate assignment(AssignStmt a, Expr left, Expr right) {
a.getATarget() = left and a.getValue() = right
Expand Down
1 change: 0 additions & 1 deletion python/ql/src/Variables/UndefinedGlobal.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import python
private import LegacyPointsTo
import Variables.MonkeyPatched
import Loop
import semmle.python.pointsto.PointsTo

predicate guarded_against_name_error(Name u) {
exists(Try t | t.getBody().getAnItem().contains(u) |
Expand Down
Loading