Skip to content

Python: Modernize the Unreachable Except Block query #20263

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
joefarebrother merged 5 commits into from
Sep 22, 2025
Merged

Python: Modernize the Unreachable Except Block query #20263

joefarebrother merged 5 commits into from
Sep 22, 2025

Conversation

@joefarebrother
Copy link
Contributor

@joefarebrother joefarebrother commented Aug 21, 2025

Replaces use of pointsTo.
Implements modelling for subclass relations of builtin exception types.

@github-actions
Copy link
Contributor

github-actions bot commented Aug 21, 2025
edited
Loading

QHelp previews:

python/ql/src/Exceptions/IncorrectExceptOrder.qhelp

Unreachable except block

When handling an exception, Python searches the except blocks in source code order until it finds a matching except block for the exception. An except block, except E:, specifies a class E and will match any exception that is an instance of E.

If a more general except block precedes a more specific except block, then the more general block is always executed and the more specific block is never executed. An except block, except A:, is more general than another except block, except B:, if A is a super class of B.

For example: except Exception: is more general than except Error: as Exception is a super class of Error.

Recommendation

Reorganize the except blocks so that the more specific except is defined first. Alternatively, if the more specific except block is no longer required, then it should be deleted.

Example

In the following example, the except Exception: will handle AttributeError preventing the subsequent handler from ever executing.

def incorrect_except_order(val):
    try:
        val.attr
    except Exception:
        print ("Exception")
    except AttributeError:
        print ("AttributeError")

References

@joefarebrother
Copy link
Contributor Author

joefarebrother commented Sep 5, 2025

Due to a strange dataflow issue, non-builtin classes do not seem to be tracked to the type of an Except block.
This results in some FNs for this query; however they are tolerable, so this PR will be made ready for review.

@joefarebrother joefarebrother marked this pull request as ready for review September 5, 2025 23:48
@joefarebrother joefarebrother requested a review from a team as a code owner September 5, 2025 23:48
Copilot AI review requested due to automatic review settings September 5, 2025 23:48
@joefarebrother joefarebrother changed the title [Draft] Modernize the Unreachable Except Block query Modernize the Unreachable Except Block query Sep 5, 2025
Copilot AI reviewed Sep 5, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR modernizes the "Unreachable Except Block" query by replacing the outdated pointsTo mechanism with newer dataflow tracking and implementing comprehensive modeling for builtin exception type subclass relations.

  • Replaced pointsTo with modern dataflow tracking and API graphs
  • Added comprehensive builtin exception hierarchy modeling through a generated YAML file
  • Enhanced the query to handle both user-defined and builtin exception types with proper subclass tracking

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated no comments.

Show a summary per file
File Description
python/ql/src/Exceptions/IncorrectExceptOrder.ql Main query rewrite using new dataflow approach and ExceptType abstraction
python/ql/src/Exceptions/IncorrectExceptOrder.qhelp Minor documentation updates and Python 3 reference links
python/ql/src/meta/ClassHierarchy/process-builtin-exceptions.py New script to generate builtin exception hierarchy data
python/ql/lib/semmle/python/frameworks/builtins.model.yml Generated YAML file containing builtin exception subclass relationships
python/ql/test/query-tests/Exceptions/general/*.expected Updated test expectations reflecting new query behavior
python/ql/test/query-tests/Exceptions/general/exceptions_test.py Added test cases for custom exception hierarchies
python/ql/test/query-tests/Exceptions/general/IncorrectExceptOrder.qlref Updated test configuration to use inline expectations
Comments suppressed due to low confidence (3)

python/ql/src/Exceptions/IncorrectExceptOrder.ql:1

  • Inconsistent spacing: line 68 has no trailing space while line 69 has a trailing space after 'pass'.
/**

python/ql/src/Exceptions/IncorrectExceptOrder.ql:1

  • Inconsistent spacing: both lines 78 and 82 have trailing spaces after 'pass' which should be removed for consistency.
/**

python/ql/src/Exceptions/IncorrectExceptOrder.ql:1

  • Inconsistent spacing: both lines 78 and 82 have trailing spaces after 'pass' which should be removed for consistency.
/**

@joefarebrother joefarebrother changed the title Modernize the Unreachable Except Block query Python: Modernize the Unreachable Except Block query Sep 5, 2025
@joefarebrother joefarebrother added the no-change-note-required This PR does not need a change note label Sep 10, 2025
tausbn
tausbn approved these changes Sep 17, 2025
View reviewed changes
Copy link
Contributor

@tausbn tausbn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One suggestion, otherwise this looks good to me. The missing flow is annoying, but I don't see a quick fix (other than digging into the data-flow library and adding this flow).

python/ql/src/Exceptions/IncorrectExceptOrder.ql
TClass(Class c) or
TBuiltin(string name) { builtinException(name) }

class ExceptType extends TExceptType {
Copy link
Contributor

@tausbn tausbn Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The many uses of <class-stuff> or <builtin-stuff> in the various member predicates suggests that it might be better to create two separate subclasses of ExceptType that each override the (abstract) predicates on this type in a different way.

Copy link
Contributor Author

@joefarebrother joefarebrother Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps, though that approach may be a bit longer.

@joefarebrother joefarebrother merged commit 463f79b into github:main Sep 22, 2025
19 of 20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@tausbn tausbn tausbn approved these changes

Assignees

No one assigned

Labels

documentation no-change-note-required This PR does not need a change note Python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joefarebrother @tausbn