Class TypeTracker
A summary of the steps needed to track a value to a given dataflow node.
This can be used to track objects that implement a certain API in order to recognize calls to that API. Note that type-tracking does not by itself provide a source/sink relation, that is, it may determine that a node has a given type, but it won’t determine where that type came from.
It is recommended that all uses of this type are written in the following form,
for tracking some type myType:
Node myType(TypeTracker tt) {
tt.start() and
result = < source of myType >
or
exists(TypeTracker tt2 |
tt = tt2.step(myType(tt2), result)
)
}
Node myType() { myType(TypeTracker::end()).flowsTo(result) }
If you want to track individual intra-procedural steps, use tt2.smallstep
instead of tt2.step.
Import path
import semmle.python.dataflow.new.TypeTrackingDirect supertypes
Indirect supertypes
Predicates
| getAttr | INTERNAL. DO NOT USE. |
| startInAttr | Holds if this is the starting point of type tracking, and the value starts in the attribute named |
Inherited predicates
| call | Holds if this is the starting point of type tracking when tracking a parameter into a call, but not out of it. | from TypeTracker |
| continue | Gets a type tracker that starts where this one has left off to allow continued tracking. | from TypeTracker |
| end | Holds if this is the end point of type tracking. | from TypeTracker |
| getContent | INTERNAL. DO NOT USE. | from TypeTracker |
| smallstep | Gets the summary that corresponds to having taken a forwards local, heap and/or inter-procedural step from | from TypeTracker |
| start | Holds if this is the starting point of type tracking. | from TypeTracker |
| startInContent | Holds if this is the starting point of type tracking, and the value starts in the content named | from TypeTracker |
| step | Gets the summary that corresponds to having taken a forwards heap and/or inter-procedural step from | from TypeTracker |
| toString | Gets a textual representation of this summary. | from TypeTracker |