For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

Base

Module Base

Combined points-to and type-inference for “run-time” (as opposed to “import-time” values) The main relation runtime_points_to(node, object, cls, origin) relates a control flow node to the possible objects it points-to the inferred types of those objects and the ‘origin’ of those objects. The ‘origin’ is the point in source code that the object can be traced back to.

This file contains non-layered parts of the points-to analysis.

Import path


                                import semmle.python.pointsto.Base

Imports

SsaDefinitions	Provides classes and predicates for determining the uses and definitions of variables for ESSA form.
python

Predicates

baseless_is_new_style	Holds if `cls` is a new-style class if it were to have no explicit base classes
bitwise_expression_node	Holds if `bit` is a binary expression node with a bitwise operator. Helper for `this_binary_expr_points_to`.
builtin_name_points_to
class_declares_attribute	Holds if this class (not on a super-class) declares name
collectionsAbcClass
contains_interesting_expression_within_test	Hold if outer contains inner, both are contained within a test and inner is a use is a plain use or an attribute lookup
function_can_never_return	Holds if it can be determined from the control flow graph alone that this function can never return
import_from_dot_in_init	Holds if `f` is an import of the form `from .[...] import ...` and the enclosing scope is an init module
kwargs_points_to	Gets the kwargs parameter (`**kwargs`). In a function definition this is always a dict.
live_import_from_dot_in_init	Holds if `f` is an import of the form `from .[...] import name` and the enclosing scope is an init module
potential_builtin_points_to	Gets the `value, cls, origin` that `f` would refer to if it has not been assigned some other value
refinement_test	Holds if `test` is a test (a branch), `use` is within that test and `def` is an edge from that test with `sense`
safe_return_node	Gets a return value CFG node, provided that is safe to track across returns
simple_points_to	Points-to for syntactic elements where context is not relevant
simple_types	Gets the class of the object for simple cases, namely constants, functions, comprehensions and built-in objects.
test_contains	Hold if `expr` is a test (a branch) and `use` is within that test
theTypeNewMethod
undefinedVariable	Gets the pseudo-object representing the value referred to by an undefined variable
unknownValue	Gets the pseudo-object representing an unknown value
varargs_points_to	Gets the varargs parameter (`*varargs`). In a function definition this is always a tuple.
version_tuple_compare	Compares the given tuple object to both the maximum and minimum possible sys.version_info values
version_tuple_value

Modules

BaseFlow
BasePointsTo