callgraph

package
v0.0.0-...-480d8ff Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 16, 2025 License: AGPL-3.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Deprecated: Use core.StatementTypeAssignment instead.
	StatementTypeAssignment = core.StatementTypeAssignment

	// Deprecated: Use core.StatementTypeCall instead.
	StatementTypeCall = core.StatementTypeCall

	// Deprecated: Use core.StatementTypeReturn instead.
	StatementTypeReturn = core.StatementTypeReturn

	// Deprecated: Use core.StatementTypeIf instead.
	StatementTypeIf = core.StatementTypeIf

	// Deprecated: Use core.StatementTypeFor instead.
	StatementTypeFor = core.StatementTypeFor

	// Deprecated: Use core.StatementTypeWhile instead.
	StatementTypeWhile = core.StatementTypeWhile

	// Deprecated: Use core.StatementTypeWith instead.
	StatementTypeWith = core.StatementTypeWith

	// Deprecated: Use core.StatementTypeTry instead.
	StatementTypeTry = core.StatementTypeTry

	// Deprecated: Use core.StatementTypeRaise instead.
	StatementTypeRaise = core.StatementTypeRaise

	// Deprecated: Use core.StatementTypeImport instead.
	StatementTypeImport = core.StatementTypeImport

	// Deprecated: Use core.StatementTypeExpression instead.
	StatementTypeExpression = core.StatementTypeExpression
)
View Source 
const BlockTypeCatch = cfg.BlockTypeCatch

Deprecated: Use cfg.BlockTypeCatch instead. This constant will be removed in a future version.

View Source 
const BlockTypeConditional = cfg.BlockTypeConditional

Deprecated: Use cfg.BlockTypeConditional instead. This constant will be removed in a future version.

View Source 
const BlockTypeEntry = cfg.BlockTypeEntry

Deprecated: Use cfg.BlockTypeEntry instead. This constant will be removed in a future version.

View Source 
const BlockTypeExit = cfg.BlockTypeExit

Deprecated: Use cfg.BlockTypeExit instead. This constant will be removed in a future version.

View Source 
const BlockTypeFinally = cfg.BlockTypeFinally

Deprecated: Use cfg.BlockTypeFinally instead. This constant will be removed in a future version.

View Source 
const BlockTypeLoop = cfg.BlockTypeLoop

Deprecated: Use cfg.BlockTypeLoop instead. This constant will be removed in a future version.

View Source 
const BlockTypeNormal = cfg.BlockTypeNormal

Deprecated: Use cfg.BlockTypeNormal instead. This constant will be removed in a future version.

View Source 
const BlockTypeSwitch = cfg.BlockTypeSwitch

Deprecated: Use cfg.BlockTypeSwitch instead. This constant will be removed in a future version.

View Source 
const BlockTypeTry = cfg.BlockTypeTry

Deprecated: Use cfg.BlockTypeTry instead. This constant will be removed in a future version.

Variables

This section is empty.

Functions

func AnalyzeIntraProceduralTaint 

func AnalyzeIntraProceduralTaint(
	functionFQN string,
	statements []*core.Statement,
	defUseChain *core.DefUseChain,
	sources []string,
	sinks []string,
	sanitizers []string,
) *core.TaintSummary

AnalyzeIntraProceduralTaint performs forward taint analysis on a function. Deprecated: Use taint.AnalyzeIntraProceduralTaint instead.

func BuildCallGraph 

func BuildCallGraph(codeGraph *graph.CodeGraph, registry *core.ModuleRegistry, projectRoot string) (*core.CallGraph, error)

BuildCallGraph constructs the complete call graph for a Python project. This is Pass 3 of the 3-pass algorithm:

  • Pass 1: BuildModuleRegistry - map files to modules
  • Pass 2: ExtractImports + ExtractCallSites - parse imports and calls
  • Pass 3: BuildCallGraph - resolve calls and build graph

Algorithm:

  1. For each Python file in the project: a. Extract imports to build ImportMap b. Extract call sites from AST c. Extract function definitions from main graph
  2. For each call site: a. Resolve target name using ImportMap b. Find target function definition in registry c. Add edge from caller to callee d. Store detailed call site information

Parameters:

  • codeGraph: the existing code graph with parsed AST nodes
  • registry: module registry mapping files to modules
  • projectRoot: absolute path to project root

Returns:

  • CallGraph: complete call graph with edges and call sites
  • error: if any step fails

Example: 

Given:
  File: myapp/views.py
    def get_user():
        sanitize(data)  # call to myapp.utils.sanitize

Creates:
  edges: {"myapp.views.get_user": ["myapp.utils.sanitize"]}
  reverseEdges: {"myapp.utils.sanitize": ["myapp.views.get_user"]}
  callSites: {"myapp.views.get_user": [CallSite{Target: "sanitize", ...}]}

func BuildModuleRegistry 

func BuildModuleRegistry(rootPath string) (*core.ModuleRegistry, error)

BuildModuleRegistry is a convenience wrapper. Deprecated: Use registry.BuildModuleRegistry instead.

func ExtractCallSites 

func ExtractCallSites(filePath string, sourceCode []byte, importMap *core.ImportMap) ([]*core.CallSite, error)

ExtractCallSites extracts all function/method call sites from a Python file. Deprecated: Use resolution.ExtractCallSites instead.

func ExtractClassAttributes 

func ExtractClassAttributes(
	filePath string,
	sourceCode []byte,
	modulePath string,
	typeEngine *resolution.TypeInferenceEngine,
	attrRegistry *registry.AttributeRegistry,
) error

ExtractClassAttributes extracts class attributes from Python file. Deprecated: Use extraction.ExtractClassAttributes instead.

func ExtractImports 

func ExtractImports(filePath string, sourceCode []byte, registry *core.ModuleRegistry) (*core.ImportMap, error)

ExtractImports extracts all import statements from a Python file and builds an ImportMap. Deprecated: Use resolution.ExtractImports instead.

func ExtractStatements 

func ExtractStatements(filePath string, sourceCode []byte, functionNode *sitter.Node) ([]*core.Statement, error)

ExtractStatements extracts all statements from a Python function body. Deprecated: Use extraction.ExtractStatements instead.

func ExtractVariableAssignments 

func ExtractVariableAssignments(
	filePath string,
	sourceCode []byte,
	typeEngine *resolution.TypeInferenceEngine,
	registry *core.ModuleRegistry,
	builtinRegistry *registry.BuiltinRegistry,
) error

ExtractVariableAssignments extracts variable assignments from a Python file. Deprecated: Use extraction.ExtractVariableAssignments instead.

func GetFrameworkCategory 

func GetFrameworkCategory(fqn string) string

GetFrameworkCategory is a convenience wrapper. Deprecated: Use core.GetFrameworkCategory instead.

func GetFrameworkName 

func GetFrameworkName(fqn string) string

GetFrameworkName is a convenience wrapper. Deprecated: Use core.GetFrameworkName instead.

func InitializeCallGraph 

func InitializeCallGraph(codeGraph *graph.CodeGraph, projectRoot string) (*CallGraph, *ModuleRegistry, *PatternRegistry, error)

InitializeCallGraph builds the call graph from a code graph. This integrates the 3-pass algorithm into the main initialization pipeline.

Algorithm:

  1. Build module registry from project directory
  2. Build call graph from code graph using registry
  3. Load default security patterns
  4. Return integrated result

Parameters:

  • codeGraph: the parsed code graph from Initialize()
  • projectRoot: absolute path to project root directory

Returns:

  • CallGraph: complete call graph with edges and call sites
  • ModuleRegistry: module path mappings
  • PatternRegistry: loaded security patterns
  • error: if any step fails

func IsDjangoORMPattern 

func IsDjangoORMPattern(target string) (bool, string)

IsDjangoORMPattern checks if a call target matches Django ORM pattern. Django ORM pattern: ModelName.objects.<method>

Examples:

  • "Task.objects.filter" → true
  • "User.objects.get" → true
  • "Annotation.objects.all" → true
  • "task.save" → false (instance method, not manager)

Parameters:

  • target: call target string (e.g., "Task.objects.filter")

Returns:

  • true if it matches Django ORM pattern
  • the method name if matched (e.g., "filter")

func IsORMPattern 

func IsORMPattern(target string) (bool, string, string)

IsORMPattern checks if a call target matches any known ORM pattern.

Parameters:

  • target: call target string

Returns:

  • true if it matches any ORM pattern
  • the ORM pattern name (e.g., "Django ORM")
  • the method name (e.g., "filter")

func IsSQLAlchemyORMPattern 

func IsSQLAlchemyORMPattern(target string) (bool, string)

IsSQLAlchemyORMPattern checks if a call target matches SQLAlchemy ORM pattern. SQLAlchemy patterns are more varied, but common ones include:

  • session.query(Model).filter(...)
  • db.session.query(Model).all()
  • Model.query.filter_by(...)

Parameters:

  • target: call target string

Returns:

  • true if it matches SQLAlchemy ORM pattern
  • the method name if matched

func ParsePythonFile 

func ParsePythonFile(sourceCode []byte) (*sitter.Tree, error)

ParsePythonFile parses a Python source file using tree-sitter. Deprecated: Use extraction.ParsePythonFile instead.

func PrintAttributeFailureStats 

func PrintAttributeFailureStats()

PrintAttributeFailureStats prints detailed statistics about attribute chain failures.

func ResolveAttributePlaceholders 

func ResolveAttributePlaceholders(
	registry *registry.AttributeRegistry,
	typeEngine *TypeInferenceEngine,
	moduleRegistry *ModuleRegistry,
	codeGraph *graph.CodeGraph,
)

ResolveAttributePlaceholders resolves placeholder types in the attribute registry Placeholders are created during extraction when we can't determine the exact type:

  • class:User → resolve to fully qualified class name
  • call:calculate → resolve to function return type
  • param:User → resolve to fully qualified class name

This is Pass 3 of the attribute extraction algorithm.

Parameters:

  • registry: attribute registry with placeholder types
  • typeEngine: type inference engine with return types
  • moduleRegistry: module registry for resolving class names
  • codeGraph: code graph for finding class definitions

func ResolveDjangoORMCall 

func ResolveDjangoORMCall(target string, modulePath string, registry *ModuleRegistry, codeGraph *graph.CodeGraph) (string, bool)

ResolveDjangoORMCall attempts to resolve a Django ORM call pattern. It constructs a synthetic FQN for the ORM method even though it doesn't exist in source code, because Django generates these methods at runtime.

Parameters:

  • target: the call target (e.g., "Task.objects.filter")
  • modulePath: the current module path
  • registry: module registry
  • codeGraph: the parsed code graph (for model validation)

Returns:

  • fully qualified name for the ORM call
  • true if successfully resolved as Django ORM

func ResolveORMCall 

func ResolveORMCall(target string, modulePath string, registry *ModuleRegistry, codeGraph *graph.CodeGraph) (string, bool)

ResolveORMCall attempts to resolve any ORM pattern.

Parameters:

  • target: the call target
  • modulePath: the current module path
  • registry: module registry
  • codeGraph: the parsed code graph

Returns:

  • fully qualified name for the ORM call
  • true if successfully resolved as any ORM pattern

func ResolveSQLAlchemyORMCall 

func ResolveSQLAlchemyORMCall(target string, modulePath string) (string, bool)

ResolveSQLAlchemyORMCall attempts to resolve a SQLAlchemy ORM call pattern.

Parameters:

  • target: the call target
  • modulePath: the current module path

Returns:

  • fully qualified name for the ORM call
  • true if successfully resolved as SQLAlchemy ORM

func ValidateDjangoModel 

func ValidateDjangoModel(modelName string, codeGraph *graph.CodeGraph) bool

ValidateDjangoModel checks if a name is likely a Django model by examining the code graph for the class definition and checking if it inherits from django.db.models.Model or has "Model" in its name.

This is a heuristic check since we can't always definitively determine if something is a Django model without runtime information.

Parameters:

  • modelName: the name to check (e.g., "Task", "User")
  • codeGraph: the parsed code graph

Returns:

  • true if the name is likely a Django model

Types

type Argument deprecated 

type Argument = core.Argument

Deprecated: Use core.Argument instead. This alias will be removed in a future version.

type AttributeRegistry deprecated 

type AttributeRegistry = registry.AttributeRegistry

Deprecated: Use registry.AttributeRegistry instead. This alias will be removed in a future version.

func NewAttributeRegistry 

func NewAttributeRegistry() *AttributeRegistry

NewAttributeRegistry creates a new empty AttributeRegistry. Deprecated: Use registry.NewAttributeRegistry instead.

type BasicBlock deprecated 

type BasicBlock = cfg.BasicBlock

Deprecated: Use cfg.BasicBlock instead. This alias will be removed in a future version.

type BlockType deprecated 

type BlockType = cfg.BlockType

Deprecated: Use cfg.BlockType instead. This alias will be removed in a future version.

type BuiltinMethod deprecated 

type BuiltinMethod = registry.BuiltinMethod

Deprecated: Use registry.BuiltinMethod instead. This alias will be removed in a future version.

type BuiltinRegistry deprecated 

type BuiltinRegistry = registry.BuiltinRegistry

Deprecated: Use registry.BuiltinRegistry instead. This alias will be removed in a future version.

func NewBuiltinRegistry 

func NewBuiltinRegistry() *BuiltinRegistry

NewBuiltinRegistry creates and initializes a registry with Python builtin types. Deprecated: Use registry.NewBuiltinRegistry instead.

type BuiltinType deprecated 

type BuiltinType = registry.BuiltinType

Deprecated: Use registry.BuiltinType instead. This alias will be removed in a future version.

type CallGraph deprecated 

type CallGraph = core.CallGraph

Deprecated: Use core.CallGraph instead. This alias will be removed in a future version.

func NewCallGraph 

func NewCallGraph() *CallGraph

NewCallGraph is a convenience wrapper. Deprecated: Use core.NewCallGraph instead.

type CallSite deprecated 

type CallSite = core.CallSite

Deprecated: Use core.CallSite instead. This alias will be removed in a future version.

type ChainStep 

type ChainStep struct {
	Expression string    // The full expression for this step (e.g., "create_builder()")
	MethodName string    // Just the method/function name (e.g., "create_builder")
	IsCall     bool      // True if this step is a function call (has parentheses)
	Type       *TypeInfo // Resolved type after this step
}

ChainStep represents a single step in a method chain. For example, in "obj.method1().method2()", there are 2 steps:

  • Step 1: obj.method1() → returns some type
  • Step 2: result.method2() → returns some type

func ParseChain 

func ParseChain(target string) []ChainStep

ParseChain parses a method chain into individual steps.

Examples:

  • "create_builder().append()" → ["create_builder()", "append()"]
  • "text.strip().upper().split()" → ["text.strip()", "upper()", "split()"]
  • "obj.attr.method()" → ["obj.attr.method()"] (not a chain, just nested attribute)

A chain is identified by the pattern "().": a call followed by more method access.

Parameters:

  • target: the full target string from call site

Returns:

  • []ChainStep: parsed chain steps, or nil if not a chain

type ClassAttribute deprecated 

type ClassAttribute = core.ClassAttribute

Deprecated: Use core.ClassAttribute instead. This alias will be removed in a future version.

type ClassAttributes deprecated 

type ClassAttributes = core.ClassAttributes

Deprecated: Use core.ClassAttributes instead. This alias will be removed in a future version.

type ControlFlowGraph deprecated 

type ControlFlowGraph = cfg.ControlFlowGraph

Deprecated: Use cfg.ControlFlowGraph instead. This alias will be removed in a future version.

func NewControlFlowGraph deprecated 

func NewControlFlowGraph(functionFQN string) *ControlFlowGraph

Deprecated: Use cfg.NewControlFlowGraph instead. This wrapper will be removed in a future version.

type DefUseChain deprecated 

type DefUseChain = core.DefUseChain

Deprecated: Use core.DefUseChain instead. This alias will be removed in a future version.

func BuildDefUseChains 

func BuildDefUseChains(statements []*Statement) *DefUseChain

BuildDefUseChains is a convenience wrapper. Deprecated: Use core.BuildDefUseChains instead.

func NewDefUseChain 

func NewDefUseChain() *DefUseChain

NewDefUseChain is a convenience wrapper. Deprecated: Use core.NewDefUseChain instead.

type DefUseStats deprecated 

type DefUseStats = core.DefUseStats

Deprecated: Use core.DefUseStats instead. This alias will be removed in a future version.

type FailureStats 

type FailureStats struct {
	TotalAttempts          int
	NotSelfPrefix          int
	DeepChains             int // 3+ levels
	ClassNotFound          int
	AttributeNotFound      int
	MethodNotInBuiltins    int
	CustomClassUnsupported int

	// Pattern samples for analysis
	DeepChainSamples         []string
	AttributeNotFoundSamples []string
	CustomClassSamples       []string
}

FailureStats tracks why attribute chain resolution fails.

type FrameworkDefinition deprecated 

type FrameworkDefinition = core.FrameworkDefinition

Deprecated: Use core.FrameworkDefinition instead. This alias will be removed in a future version.

func IsKnownFramework 

func IsKnownFramework(fqn string) (bool, *FrameworkDefinition)

IsKnownFramework is a convenience wrapper. Deprecated: Use core.IsKnownFramework instead.

func LoadFrameworks 

func LoadFrameworks() []FrameworkDefinition

LoadFrameworks is a convenience wrapper. Deprecated: Use core.LoadFrameworks instead.

type FunctionParam deprecated 

type FunctionParam = core.FunctionParam

Deprecated: Use core.FunctionParam instead. This alias will be removed in a future version.

type FunctionScope deprecated 

type FunctionScope = resolution.FunctionScope

Deprecated: Use resolution.FunctionScope instead.

func NewFunctionScope 

func NewFunctionScope(functionFQN string) *FunctionScope

NewFunctionScope creates a new function scope. Deprecated: Use resolution.NewFunctionScope instead.

type ImportMap deprecated 

type ImportMap = core.ImportMap

Deprecated: Use core.ImportMap instead. This alias will be removed in a future version.

func NewImportMap 

func NewImportMap(filePath string) *ImportMap

NewImportMap is a convenience wrapper. Deprecated: Use core.NewImportMap instead.

type ImportMapCache 

type ImportMapCache struct {
	// contains filtered or unexported fields
}

ImportMapCache provides thread-safe caching of ImportMap instances. This avoids re-parsing imports from the same file multiple times.

The cache uses a read-write mutex to allow concurrent reads while ensuring safe writes. This is critical for performance since:

  • Import extraction involves tree-sitter parsing (expensive)
  • Many files may import the same modules
  • Build call graph processes files sequentially (for now)

Example usage: 

cache := NewImportMapCache()
importMap := cache.GetOrExtract(filePath, sourceCode, registry)

func NewImportMapCache 

func NewImportMapCache() *ImportMapCache

NewImportMapCache creates a new empty import map cache.

func (*ImportMapCache) Get 

func (c *ImportMapCache) Get(filePath string) (*core.ImportMap, bool)

Get retrieves an ImportMap from the cache if it exists.

Parameters:

  • filePath: absolute path to the Python file

Returns:

  • ImportMap and true if found in cache, nil and false otherwise

func (*ImportMapCache) GetOrExtract 

func (c *ImportMapCache) GetOrExtract(filePath string, sourceCode []byte, registry *core.ModuleRegistry) (*core.ImportMap, error)

GetOrExtract retrieves an ImportMap from cache or extracts it if not cached. This is the main entry point for using the cache.

Parameters:

  • filePath: absolute path to the Python file
  • sourceCode: file contents (only used if extraction needed)
  • registry: module registry for resolving imports

Returns:

  • ImportMap from cache or newly extracted
  • error if extraction fails (cache misses only)

Thread-safety:

  • Multiple goroutines can safely call GetOrExtract concurrently
  • First caller for a file will extract and cache
  • Subsequent callers will get cached result

func (*ImportMapCache) Put 

func (c *ImportMapCache) Put(filePath string, importMap *core.ImportMap)

Put stores an ImportMap in the cache.

Parameters:

  • filePath: absolute path to the Python file
  • importMap: the extracted ImportMap to cache

type Location deprecated 

type Location = core.Location

Deprecated: Use core.Location instead. This alias will be removed in a future version.

type Manifest deprecated 

type Manifest = core.Manifest

Deprecated: Use core.Manifest instead. This alias will be removed in a future version.

type ModuleEntry deprecated 

type ModuleEntry = core.ModuleEntry

Deprecated: Use core.ModuleEntry instead. This alias will be removed in a future version.

type ModuleRegistry deprecated 

type ModuleRegistry = core.ModuleRegistry

Deprecated: Use core.ModuleRegistry instead. This alias will be removed in a future version.

func NewModuleRegistry 

func NewModuleRegistry() *ModuleRegistry

NewModuleRegistry is a convenience wrapper. Deprecated: Use core.NewModuleRegistry instead.

type ORMPattern 

type ORMPattern struct {
	Name        string   // Pattern name (e.g., "Django ORM")
	MethodNames []string // Common ORM method names
	Description string   // Human-readable description
}

ORMPattern represents a recognized ORM pattern (e.g., Django ORM, SQLAlchemy). These patterns are dynamically generated at runtime and won't be found in source code, but we can still resolve them by recognizing the pattern.

type Pattern 

type Pattern struct {
	ID          string      // Unique identifier (e.g., "SQL-INJECTION-001")
	Name        string      // Human-readable name
	Description string      // What this pattern detects
	Type        PatternType // Pattern category
	Severity    Severity    // Risk level

	// Sources are function names that introduce tainted data
	Sources []string

	// Sinks are function names that consume tainted data dangerously
	Sinks []string

	// Sanitizers are function names that clean tainted data
	Sanitizers []string

	// DangerousFunctions for PatternTypeDangerousFunction
	DangerousFunctions []string

	CWE   string // Common Weakness Enumeration
	OWASP string // OWASP Top 10 category
}

Pattern represents a security pattern to detect in the call graph.

type PatternMatch 

type PatternMatch struct {
	PatternID   string   // Pattern identifier
	PatternName string   // Human-readable name
	Description string   // What was detected
	Severity    Severity // Risk level
	CWE         string   // CWE identifier
	OWASP       string   // OWASP category

	// Vulnerability location details
	SourceFQN  string // Fully qualified name of the source function
	SourceCall string // The actual dangerous call (e.g., "input", "request.GET")
	SourceFile string // File path where source is located
	SourceLine uint32 // Line number of source function
	SourceCode string // Code snippet of source function

	SinkFQN  string // Fully qualified name of the sink function
	SinkCall string // The actual dangerous call (e.g., "eval", "exec")
	SinkFile string // File path where sink is located
	SinkLine uint32 // Line number of sink function
	SinkCode string // Code snippet of sink function

	DataFlowPath []string // Complete path from source to sink (FQNs)
}

PatternMatch represents a detected security pattern in the code.

func AnalyzePatterns 

func AnalyzePatterns(callGraph *CallGraph, patternRegistry *PatternRegistry) []PatternMatch

AnalyzePatterns runs pattern matching against the call graph. Returns a list of matched patterns with their details.

type PatternMatchDetails 

type PatternMatchDetails struct {
	Matched           bool
	IsIntraProcedural bool     // true if source and sink are in the same function
	SourceFQN         string   // Fully qualified name of function containing the source call
	SourceCall        string   // The actual dangerous call (e.g., "input", "request.GET")
	SinkFQN           string   // Fully qualified name of function containing the sink call
	SinkCall          string   // The actual dangerous call (e.g., "eval", "exec")
	DataFlowPath      []string // Complete path from source to sink
}

PatternMatchDetails contains detailed information about a pattern match.

type PatternRegistry 

type PatternRegistry struct {
	Patterns       map[string]*Pattern        // Pattern ID -> Pattern
	PatternsByType map[PatternType][]*Pattern // Type -> Patterns
}

PatternRegistry manages security patterns.

func NewPatternRegistry 

func NewPatternRegistry() *PatternRegistry

NewPatternRegistry creates a new pattern registry.

func (*PatternRegistry) AddPattern 

func (pr *PatternRegistry) AddPattern(pattern *Pattern)

AddPattern registers a pattern in the registry.

func (*PatternRegistry) GetPattern 

func (pr *PatternRegistry) GetPattern(id string) (*Pattern, bool)

GetPattern retrieves a pattern by ID.

func (*PatternRegistry) GetPatternsByType 

func (pr *PatternRegistry) GetPatternsByType(patternType PatternType) []*Pattern

GetPatternsByType retrieves all patterns of a specific type.

func (*PatternRegistry) LoadDefaultPatterns 

func (pr *PatternRegistry) LoadDefaultPatterns()

LoadDefaultPatterns loads the hardcoded example pattern. Additional patterns will be loaded from queries in future PRs.

func (*PatternRegistry) MatchPattern 

func (pr *PatternRegistry) MatchPattern(pattern *Pattern, callGraph *CallGraph) *PatternMatchDetails

MatchPattern checks if a call graph matches a pattern. Returns detailed match information if a vulnerability is found.

type PatternType 

type PatternType string

PatternType categorizes security patterns for analysis. 

const (
	// PatternTypeSourceSink detects tainted data flow from source to sink.
	PatternTypeSourceSink PatternType = "source-sink"

	// PatternTypeMissingSanitizer detects missing sanitization between source and sink.
	PatternTypeMissingSanitizer PatternType = "missing-sanitizer"

	// PatternTypeDangerousFunction detects calls to dangerous functions.
	PatternTypeDangerousFunction PatternType = "dangerous-function"
)

type PythonVersionInfo deprecated 

type PythonVersionInfo = core.PythonVersionInfo

Deprecated: Use core.PythonVersionInfo instead. This alias will be removed in a future version.

type RegistryStats deprecated 

type RegistryStats = core.RegistryStats

Deprecated: Use core.RegistryStats instead. This alias will be removed in a future version.

type Severity 

type Severity string

Severity indicates the risk level of a security pattern match. 

const (
	SeverityCritical Severity = "critical"
	SeverityHigh     Severity = "high"
	SeverityMedium   Severity = "medium"
	SeverityLow      Severity = "low"
)

type Statement deprecated 

type Statement = core.Statement

Deprecated: Use core.Statement instead. This alias will be removed in a future version.

type StatementType deprecated 

type StatementType = core.StatementType

Deprecated: Use core.StatementType instead. This alias will be removed in a future version.

type StdlibAttribute deprecated 

type StdlibAttribute = core.StdlibAttribute

Deprecated: Use core.StdlibAttribute instead. This alias will be removed in a future version.

type StdlibClass deprecated 

type StdlibClass = core.StdlibClass

Deprecated: Use core.StdlibClass instead. This alias will be removed in a future version.

type StdlibConstant deprecated 

type StdlibConstant = core.StdlibConstant

Deprecated: Use core.StdlibConstant instead. This alias will be removed in a future version.

type StdlibFunction deprecated 

type StdlibFunction = core.StdlibFunction

Deprecated: Use core.StdlibFunction instead. This alias will be removed in a future version.

type StdlibModule deprecated 

type StdlibModule = core.StdlibModule

Deprecated: Use core.StdlibModule instead. This alias will be removed in a future version.

type StdlibRegistry deprecated 

type StdlibRegistry = core.StdlibRegistry

Deprecated: Use core.StdlibRegistry instead. This alias will be removed in a future version.

func NewStdlibRegistry 

func NewStdlibRegistry() *StdlibRegistry

NewStdlibRegistry is a convenience wrapper. Deprecated: Use core.NewStdlibRegistry instead.

type StdlibRegistryLoader deprecated 

type StdlibRegistryLoader = registry.StdlibRegistryLoader

Deprecated: Use registry.StdlibRegistryLoader instead. This alias will be removed in a future version.

func NewStdlibRegistryLoader 

func NewStdlibRegistryLoader(registryPath string) *StdlibRegistryLoader

NewStdlibRegistryLoader creates a new stdlib registry loader. Deprecated: Use registry.StdlibRegistryLoader directly.

type StdlibRegistryRemote deprecated 

type StdlibRegistryRemote = registry.StdlibRegistryRemote

Deprecated: Use registry.StdlibRegistryRemote instead. This alias will be removed in a future version.

func NewStdlibRegistryRemote 

func NewStdlibRegistryRemote(baseURL, pythonVersion string) *StdlibRegistryRemote

NewStdlibRegistryRemote creates a new remote registry loader. Deprecated: Use registry.NewStdlibRegistryRemote instead.

type TaintInfo deprecated 

type TaintInfo = core.TaintInfo

Deprecated: Use core.TaintInfo instead. This alias will be removed in a future version.

type TaintState deprecated 

type TaintState = taint.TaintState

Deprecated: Use taint.TaintState instead. This alias will be removed in a future version.

func NewTaintState 

func NewTaintState() *TaintState

NewTaintState creates an empty taint state. Deprecated: Use taint.NewTaintState instead.

type TaintSummary deprecated 

type TaintSummary = core.TaintSummary

Deprecated: Use core.TaintSummary instead. This alias will be removed in a future version.

func NewTaintSummary 

func NewTaintSummary(functionFQN string) *TaintSummary

NewTaintSummary is a convenience wrapper. Deprecated: Use core.NewTaintSummary instead.

type TypeInferenceEngine deprecated 

type TypeInferenceEngine = resolution.TypeInferenceEngine

Deprecated: Use resolution.TypeInferenceEngine instead.

func NewTypeInferenceEngine 

func NewTypeInferenceEngine(registry *core.ModuleRegistry) *TypeInferenceEngine

NewTypeInferenceEngine creates a new type inference engine. Deprecated: Use resolution.NewTypeInferenceEngine instead.

type TypeInfo deprecated 

type TypeInfo = core.TypeInfo

Deprecated: Use core.TypeInfo instead.

func ResolveChainedCall 

func ResolveChainedCall(
	target string,
	typeEngine *TypeInferenceEngine,
	builtins *registry.BuiltinRegistry,
	moduleRegistry *ModuleRegistry,
	codeGraph *graph.CodeGraph,
	callerFQN string,
	currentModule string,
	callGraph *CallGraph,
) (string, bool, *TypeInfo)

ResolveChainedCall resolves a method chain by walking each step and tracking types.

Algorithm:

  1. Parse chain into individual steps
  2. Resolve first step: - If it's a call: resolve as function call, get return type - If it's a variable: look up type in scopes
  3. For each subsequent step: - Use previous step's type to resolve method - Get method's return type from builtins or return type registry - Track confidence through the chain (multiply confidences)
  4. Return final type and resolution status

Parameters:

  • target: the full target string (e.g., "create_builder().append().upper()")
  • typeEngine: type inference engine with scopes and return types
  • builtins: builtin registry for builtin method lookups
  • registry: module registry for validation
  • codeGraph: code graph for function lookups
  • callerFQN: FQN of the calling function (for scope lookups)
  • currentModule: current module path
  • callGraph: call graph for function lookups

Returns:

  • targetFQN: the fully qualified name of the final call
  • resolved: true if chain was successfully resolved
  • typeInfo: type information for the final result

func ResolveSelfAttributeCall 

func ResolveSelfAttributeCall(
	target string,
	callerFQN string,
	typeEngine *TypeInferenceEngine,
	builtins *registry.BuiltinRegistry,
	callGraph *CallGraph,
) (string, bool, *TypeInfo)

ResolveSelfAttributeCall resolves self.attribute.method() patterns This is the core of Phase 3 Task 12 - using extracted attributes to resolve calls.

Algorithm:

  1. Detect pattern: target starts with "self." and has 2+ dots
  2. Parse: self.attr.method → attr="attr", method="method"
  3. Find containing class from callerFQN
  4. Lookup attribute type in AttributeRegistry
  5. Resolve method on inferred type

Example: 

Input: self.value.upper (caller: test_chaining.StringBuilder.process)
Steps:
  1. Parse → attr="value", method="upper"
  2. Extract class → test_chaining.StringBuilder
  3. Lookup value type → builtins.str
  4. Resolve upper on str → builtins.str.upper
Output: (builtins.str.upper, true, TypeInfo{builtins.str, 1.0, "self_attribute"})

Parameters:

  • target: call target string (e.g., "self.value.upper")
  • callerFQN: fully qualified name of calling function
  • typeEngine: type inference engine with attribute registry
  • builtins: builtin registry for method lookup
  • callGraph: call graph for class lookup

Returns:

  • resolvedFQN: fully qualified method name
  • resolved: true if resolution succeeded
  • typeInfo: inferred type information

type VariableBinding deprecated 

type VariableBinding = resolution.VariableBinding

Deprecated: Use resolution.VariableBinding instead.

Source Files

View all Source files

Directories

Path Synopsis
analysis
taint
Package taint provides intra-procedural taint analysis for detecting data flow from sources to sinks.
 Package taint provides intra-procedural taint analysis for detecting data flow from sources to sinks.
Package cfg provides control flow graph (CFG) construction and analysis.
 Package cfg provides control flow graph (CFG) construction and analysis.
Package core provides foundational type definitions for the callgraph analyzer.
 Package core provides foundational type definitions for the callgraph analyzer.
Package extraction provides AST-based code extraction utilities for Python source code.
 Package extraction provides AST-based code extraction utilities for Python source code.
Package registry provides module, type, and attribute registry functionality for Python code analysis.
 Package registry provides module, type, and attribute registry functionality for Python code analysis.
Package resolution provides type information structures for type resolution and inference.
 Package resolution provides type information structures for type resolution and inference.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.