CodeQL library for Python
codeql/python-all 2.0.1-dev (changelog, source)
Search

Module DataFlowDispatch

INTERNAL: Do not use.

TypeTracker based call-graph.

The overall scheme for resolving calls, is to notice that Python has different kinds of callables, and resolve those with different strategies. Currently we handle these completely separately:

  1. plain functions (and lambdas)
  2. methods on classes
  3. class instantiation

So we have type-trackers for each of the 3 categories above, with some considerable effort to handle different kinds of methods on classes (staticmethod, classmethod, normal), and resolving methods correctly in regards to MRO.

A goal of this library is to support modeling calls that happens by third-party libraries. For example call_later(func, arg0, arg1, foo=val), and the fact that the library might inject it’s own arguments, for example a context that will always be passed as the actual first argument to the function. Currently the aim is to provide enough predicates for such call_later function to be modeled by providing additional data-flow steps for the arguments/parameters. This means we cannot have any special logic that requires an AST call to be made before we care to figure out what callable this call might end up targeting.

Specifically this means that we cannot use type-backtrackers from the function of a CallNode, since there is no CallNode to backtrack from for func in the example above.

Note: This hasn’t been 100% realized yet, so we don’t currently expose a predicate to ask what targets any data-flow node has. But it’s still the plan to do this!

Import path

import semmle.python.dataflow.new.internal.DataFlowDispatch

Imports

Predicates

attrReadTracker

Gets a reference to the attribute read attr

classInstanceTracker

Gets a reference to an instance of the class cls.

classTracker

Gets a reference to the class cls.

clsArgumentTracker

Gets a reference to the enclosing class classWithMethod from within one of its methods, either through the cls argument from a classmethod or from type(self) from a normal method.

findFunctionAccordingToMro

Gets a potential definition of the function name according to our approximation of MRO for the class cls (see getNextClassInMro for more information).

findFunctionAccordingToMroKnownStartingClass

Gets a potential definition of the function name according to our approximation of MRO for the class cls (see getNextClassInMroKnownStartingClass for more information).

functionTracker

Gets a reference to the function func.

getADirectSubclass

Gets a direct subclass of the argument cls, if any.

getADirectSuperclass

Gets a direct superclass of the argument cls, if any.

getAnOutNode

Gets a node that can read the value returned from call with return kind kind.

getCallArg

Gets the argument arg of call at position apos, if any. Requires that we can resolve call to target with CallType type.

getNextClassInMroKnownStartingClass

Gets a class that, from an approximated MRO calculation, might be the next class after cls in the MRO for startingClass.

hasContextmanagerDecorator

Holds if the function func has a contextlib.contextmanager.

hasPropertyDecorator

Holds if the function func has a property decorator.

invokedFunctionFromClassConstruction

Gets a function, either __init__ or __new__ as specified by funcName, that will be invoked when cls is constructed – where the function lookup is based on our MRO calculation.

isClassmethod

Holds if the function func is a classmethod – either by having a @classmethod decorator or by convention (like a __new__ method on a class is a classmethod even without the decorator).

isStaticmethod

Holds if the function func is a staticmethod – either by having a @staticmethod decorator or by convention (like a __new__ method on a class is a classmethod even without the decorator).

normalCallArg

Holds if the argument of call at position apos is arg. This is just a helper predicate that maps ArgumentPositions to the arguments of the underlying CallNode.

parameterMatch

Holds if arguments at position apos match parameters at position ppos.

resolveCall

Holds if call is a call to the target, with call-type type.

resolveClassCall

Holds when call is a call to the class cls.

resolveClassInstanceCall

Holds when call is a call on a class instance, that goes to the __call__ method of the class.

selfTracker

Gets a reference to the self argument of a method on class classWithMethod. The method cannot be a staticmethod or classmethod.

superCallNoArgumentTracker

Gets a reference to the result of calling super without any argument, where the call happened in the method func (either a method or a classmethod).

superCallTwoArgumentTracker

Gets a reference to the result of calling super with 2 arguments, where the first is a reference to the class cls, and the second argument is obj.

viableCallable

Gets a viable run-time target for the call call.

Classes

ArgumentPosition

An argument position.

CallType

A type of call.

CapturedVariablesArgumentNode

A synthetic argument representing the values of the variables captured by the callable being called. This argument represents a single object where all the values are stored as attributes. This is also known as the environment part of a closure.

DataFlowCall

A call that is taken into account by the global data flow computation.

DataFlowCallable

A callable.

DataFlowClassmethod

A classmethod.

DataFlowFunction

A callable function.

DataFlowMethod

A method.

DataFlowModuleScope

A module. This is not actually a callable, but we need this so a ModuleVariableNode have an enclosing callable.

DataFlowPlainFunction

A plain (non-method) function.

DataFlowStaticmethod

A staticmethod.

ExtractedDataFlowCall

A call found in the program source (as opposed to a synthesised call).

ExtractedReturnNode

A data flow node that represents a value returned by a callable.

FlowSummaryNode

A data-flow node used to model flow summaries.

LibraryCallable

A callable defined in library code, identified by a unique string.

LibraryCallableValue
NormalCall

A resolved call in source code with an underlying CallNode.

OutNode

A data-flow node that represents the output of a call.

ParameterNodeImpl

The value of a parameter at function entry, viewed as a node in a data flow graph.

ParameterPosition

A parameter position.

PotentialLibraryCall

A potential call to a summarized callable, a LibraryCallable.

ReturnKind

A return kind. A return kind describes how a value can be returned from a callable. For Python, this is simply a method return.

ReturnNode

A data flow node that represents a value returned by a callable.

SummaryCall

A synthesized call inside a callable with a flow summary.

SummaryParameterNode

A parameter for a library callable with a flow summary.

SynthCapturedVariablesParameterNode

A synthetic parameter representing the values of the variables captured by the callable being called. This parameter represents a single object where all the values are stored as attributes. This is also known as the environment part of a closure.

YieldNodeInContextManagerFunction

A data flow node that represents the value yielded by a callable with a contextlib.contextmanager decorator. We treat this as a normal return, which makes things just work when used in a with statement – technically calling the function directly will give you a contextlib._GeneratorContextManager instance, so it’s a slight workaround solution.

Datatypes