Module DataFlowPrivate

Import path

import codeql.actions.dataflow.internal.DataFlowPrivate

Predicates

additionalLambdaFlowStep	Extra data-flow steps needed for lambda flow analysis.
allowParameterReturnInSelf	Holds if flow is allowed to pass from parameter `p` and back to itself as a side-effect, resulting in a summary from `p` to itself.
clearsContent	Holds if values stored inside content `c` are cleared at node `n`. For example, any value stored inside `f` is cleared at the pre-update node associated with `x` in `x.f = newValue`.
compatibleTypes
ctxFieldReadStep	Holds if a Expression reads a field from a job (needs/jobs), step (steps) output via a read of `c` (fieldname)
envCtxLocalStep	Holds if there is a local flow step between a ${{}} expression accesing an env var and the var definition itself e.g. ${{ env.foo }}
expectsContent	Holds if the value that is being tracked is expected to be stored inside content `c` at node `n`.
fieldStoreStep	Stores an output expression (node1) into its OutputsStm node (node2) using the output variable name as the access path
forceHighPrecision
getAnOutNode	Gets a node that can read the value returned from `call` with return kind `kind`.
getContentApprox
getNodeType
inputsCtxLocalStep	Holds if there is a local flow step between a ${{}} expression accesing an input variable and the input itself e.g. ${{ inputs.foo }}
isArgumentNode
isParameterNode
isUnreachableInCall	Holds if the nodes in `nr` are unreachable when the call context is `call`.
jumpStep	Holds if data can flow from `node1` to `node2` through a non-local step that does not follow a call edge. For example, a step through a global variable. We throw away the call context and let us jump to any location AKA teleport steps local steps are preferible since they are more predictable and easier to control
knownSinkModel
knownSourceModel
lambdaCall	Holds if `call` is a lambda call of kind `kind` where `receiver` is the lambda expression.
lambdaCreation	Holds if `creation` is an expression that creates a lambda of kind `kind` for `c`.
localFlowStep	Holds if there is a local flow step from `nodeFrom` to `nodeTo`. For Actions, we dont need SSA nodes since it should be already in SSA form Local flow steps are always between two nodes in the same Cfg scope.
localMustFlowStep
matrixCtxLocalStep	Holds if there is a local flow step between a ${{}} expression accesing a matrix variable and the matrix itself e.g. ${{ matrix.foo }}
needsCtxLocalStep	Holds if there is a local flow step between a ${{ needs.xxx.outputs.yyy }} expression accesing a job output field and the step output itself. But only for those cases where the job (needs) output is defined externally in a MaD Source specification. The reason for this is that we don’t currently have a way to specify that a source starts with a non-empty access path so we cannot write a Source that stores the taint in a Content, we can only do that for steps (storeStep). The easiest thing is to add this local flow step that simulates a read step from the source node for a specific field name.
neverSkipInPathGraph	Since our model is so simple, we dont want to compress the local flow steps. This compression is normally done to not show SSA steps, casts, etc.
nodeGetEnclosingCallable
nodeIsHidden
parameterMatch
ppReprType
readStep	Holds if data can flow from `node1` to `node2` via a read of `c`. Thus, `node1` references an object with a content `c.getAReadContent()` whose value ends up in `node2`. Store steps without corresponding reads are pruned aggressively very early, since they can never contribute to a complete path.
simpleLocalFlowStep	This is the local flow predicate that is used as a building block in global data flow.
stepsCtxLocalStep	Holds if there is a local flow step between a ${{ steps.xxx.outputs.yyy }} expression accesing a step output field and the step output itself. But only for those cases where the step output is defined externally in a MaD Source specification. The reason for this is that we don’t currently have a way to specify that a source starts with a non-empty access path so we cannot write a Source that stores the taint in a Content, we can only do that for steps (storeStep). The easiest thing is to add this local flow step that simulates a read step from the source node for a specific field name.
storeStep	Holds if data can flow from `node1` to `node2` via a store into `c`. Thus, `node2` references an object with a content `c.getAStoreContent()` that contains the value of `node1`. Store steps without corresponding reads are pruned aggressively very early, since they can never contribute to a complete path.
typeStrongerThan
viableCallable	Gets a viable implementation of the target of the given `Call`.

Classes

ArgumentPosition	Made a string to match `With:` keys in the AST
CastNode	Not implemented
DataFlowCall	A call corresponds to a Uses steps where a composite action or a reusable workflow get called
DataFlowCallable	A Cfg scope that can be called
DataFlowExpr
DataFlowType	A type for a data flow node.
NodeRegion
NormalReturn
OutNode
ParameterPosition	Made a string to match the ArgumentPosition type.
PostUpdateNode	Not implemented
ReturnKind

Datatypes

TContent
TNode
TReturnKind

Aliases

ContentApprox	An entity that represents a set of `Content`s.
DataFlowSecondLevelScope	The trivial type with a single element.
LambdaCallKind