CodeQL library for Python
codeql/python-all 2.2.0 (changelog, source)
Search

Module DataFlow4

Provides a library for local (intra-procedural) and global (inter-procedural) data flow analysis: deciding whether data can flow from a source to a sink.

Unless configured otherwise, flow means that the exact value of the source may reach the sink. We do not track flow across pointer dereferences or array indexing. To track these types of flow, where the exact value may not be preserved, import semmle.python.dataflow.new.TaintTracking.

To use global (interprocedural) data flow, extend the class DataFlow::Configuration as documented on that class. To use local (intraprocedural) data flow, call DataFlow::localFlow or DataFlow::localFlowStep with arguments of type DataFlow::Node.

Import path

import semmle.python.dataflow.new.DataFlow4

Modules

DataFlow4

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.