CodeQL library for Python
codeql/python-all 0.6.4 (changelog, source)
Search

Module DataFlowPublic

Provides Python-specific definitions for use in the data flow library.

Import path

import semmle.python.dataflow.new.internal.DataFlowPublic

Imports

Attributes

This module provides an API for attribute reads and writes.

LocalSources

Provides support for intra-procedural tracking of a customizable set of data flow nodes.

TypeTracker

This file acts as a wrapper for internal.TypeTracker, exposing some of the functionality with names that are more appropriate for Python.

Predicates

exprNode

Gets a node corresponding to expression e.

guardNode

Gets a node that controls whether other nodes are evaluated.

parameterNode

Gets a node corresponding to parameter p.

Classes

ArgumentNode

A data flow node that represents a call argument.

AttributeContent

An object attribute.

BarrierGuard

DEPRECATED: Use BarrierGuard module instead.

CallCfgNode

A data-flow node corresponding to a CallNode in the control-flow graph.

CfgNode

A data-flow node corresponding to a control-flow node.

Content

A data-flow value can have associated content. If the value is a collection, it can have elements, if it is an object, it can have attribute values.

ContentSet

An entity that represents a set of Contents.

DictionaryElementAnyContent

An element of a dictionary under any key.

DictionaryElementContent

An element of a dictionary under a specific key.

EssaNode

A data-flow node corresponding to an SSA variable.

ExprNode

An expression, viewed as a node in a data flow graph.

ExtractedArgumentNode

A data flow node that represents a call argument found in the source code.

ExtractedParameterNode

A parameter node found in the source code (not in a summary).

GuardNode

A node that controls whether other nodes are evaluated.

IterableElementNode

A synthetic node representing an iterable element. Used for changing content type for instance from a ListElement to a TupleElement. This would happen via a read step from the list to IterableElement followed by a store step to the tuple.

IterableSequenceNode

A synthetic node representing an iterable sequence. Used for changing content type for instance from a ListElement to a TupleElement, especially if the content is transferred via a read step which cannot be broken up into a read and a store. The read step then targets TIterableSequence, and the conversion can happen via a read step to TIterableElement followed by a store step to the target.

KwOverflowNode

The node holding the extra keyword arguments to a call. This node is passed as a dictionary to the doubly starred parameter of the callable.

KwUnpackedNode

The node representing the synthetic argument of a call that is unpacked from a dictionary argument.

ListElementContent

An element of a list.

LocalSourceParameterNode
MethodCallNode

A data-flow node corresponding to a method call, that is foo.bar(...).

ModuleVariableNode

A data flow node corresponding to a module-level (global) variable that is accessed outside of the module scope.

Node

An element, viewed as a node in a data flow graph. Either an SSA variable (EssaNode) or a control flow node (CfgNode).

ParameterNode

The value of a parameter at function entry, viewed as a node in a data flow graph.

PosOverflowNode

The node holding the extra positional arguments to a call. This node is passed as a tuple to the starred parameter of the callable.

PostUpdateNode

A node associated with an object after an operation that might have changed its state.

SetElementContent

An element of a set.

StarPatternElementNode

A synthetic node representing element content of a star pattern.

TupleElementContent

An element of a tuple at a specific index.

Datatypes

TContent

Algebraic datatype for tracking data content associated with values. Content can be collection elements or object attributes.

TNode

IPA type for data flow nodes.

Modules

BarrierGuard

Provides a set of barrier nodes for a guard that validates a node.

Predicate signatures

guardChecksSig

Holds if the guard g validates node upon evaluating to branch.