CodeQL library for Python
codeql/python-all 0.11.13 (changelog, source)
Index
Search

Member predicate TypeTracker::smallstep

Gets the summary that corresponds to having taken a forwards local, heap and/or inter-procedural step from nodeFrom to nodeTo.

Unlike TypeTracker::step, this predicate exposes all edges in the flow graph, and not just the edges between Nodes. It may therefore be less performant.

Type tracking predicates using small steps typically take the following form:

DataFlow::Node myType(DataFlow::TypeTracker t) {
  t.start() and
  result = < source of myType >
  or
  exists (DataFlow::TypeTracker t2 |
    t = t2.smallstep(myType(t2), result)
  )
}

DataFlow::Node myType() {
  result = myType(DataFlow::TypeTracker::end())
}
TypeTracker smallstep(Node nodeFrom, Node nodeTo)