Skip to content

Python: Handle guards being compared to boolean literals #21296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yoff wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Python: Handle guards being compared to boolean literals #21296

yoff wants to merge 3 commits into from
+85 −1

Conversation

@yoff
Copy link
Contributor

@yoff yoff commented Feb 8, 2026
edited
Loading

Inspired by https://github.com/github/codeql/pull/21288/changes#diff-502cb70dbb74ee46cda83c2b3c626120ae120bcd444e146be09bc46599cf981eR194-R215

While we wait for adoption of the shared guards library (which will handle much more than this), this PR is an easy addition to the guards handling in Python.

When a guard such as isSafe(x) is defined, we now also automatically handle isSafe(x) == true and isSafe(x) != false (as well as is and is not).

@yoff yoff force-pushed the python/bool-comparison-guards branch from a80fc8c to 9c2ce6a Compare February 8, 2026 09:04
@yoff yoff marked this pull request as ready for review February 8, 2026 09:17
@yoff yoff requested a review from a team as a code owner February 8, 2026 09:17
Copilot AI review requested due to automatic review settings February 8, 2026 09:17
Copilot AI reviewed Feb 8, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends Python’s guard-node handling in the dataflow/tainttracking library so that guard calls (e.g., is_safe(x)) are recognized even when compared against boolean literals using ==, !=, is, and is not.

Changes:

  • Extend guard-node recursion to treat comparisons against boolean literals as guard nodes with appropriate polarity.
  • Add taint-tracking tests covering ==/!= and is/is not comparisons to True/False, and update expected results.
  • Add a change note documenting the enhancement.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/test_logical.py Adds a new test function covering boolean-literal comparisons for guards.
python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected Updates expected sanitizer/guard nodes for the new test cases.
python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll Extends guard-node logic to recurse through boolean-literal comparisons.
python/ql/lib/change-notes/2026-02-08-guards-compared-to-boolean-literals.md Adds a release note for the new guard-comparison handling.

python/ql/lib/change-notes/2026-02-08-guards-compared-to-boolean-literals.md
---
category: minorAnalysis
---
* When a guard such as `isSafe(x)` is defined, we now also automatically handle `isSafe(x) == true` and `isSafe(x) != false`.
Copy link

Copilot AI Feb 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change note currently documents only == true / != false, but the implementation and PR description also cover is / is not. Also, for Python-facing examples the boolean literals should be True/False (capitalized) to match Python syntax.

Suggested change
* When a guard such as `isSafe(x)` is defined, we now also automatically handle `isSafe(x) == true` and `isSafe(x) != false`.
* When a guard such as `isSafe(x)` is defined, we now also automatically handle comparisons to boolean literals such as `isSafe(x) is True`, `isSafe(x) == True`, `isSafe(x) is not False`, and `isSafe(x) != False`.

Copilot uses AI. Check for mistakes.
python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/test_logical.py
if is_safe(s) is not False:
ensure_not_tainted(s)
else:
ensure_tainted(s) # $ tainted
Copy link

Copilot AI Feb 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line has trailing whitespace after the # $ tainted marker; please remove it to keep test files clean and avoid noisy diffs/linters.

Suggested change
ensure_tainted(s) # $ tainted
ensure_tainted(s) # $ tainted

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

documentation Python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yoff