CodeQL library for Python
codeql/python-all 2.1.1 (changelog, source)
Search

Predicate flowsToStoreStep

Holds if nodeFrom is being written to the content of the object in nodeTo.

Note that nodeTo will always be a local source node that flows to the place where the content is written in basicStoreStep. This may lead to the flow of information going “back in time” from the point of view of the execution of the program.

For instance, if we interpret attribute writes in Python as writing to content with the same name as the attribute and consider the following snippet

def foo(y):
   x = Foo()
   bar(x)
   x.attr = y
   baz(x)

def bar(x):
   z = x.attr

for the attribute write x.attr = y, we will have content being the literal string "attr", nodeFrom will be y, and nodeTo will be the object Foo() created on the first line of the function. This means we will track the fact that x.attr can have the type of y into the assignment to z inside bar, even though this attribute write happens after bar is called.

Import path

import semmle.python.dataflow.new.internal.TypeTracker
predicate flowsToStoreStep(Node nodeFrom, TypeTrackingNode nodeTo, TypeTrackerContent content)