callgraph

package
v0.0.0-...-4f1c5a8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 16, 2025 License: AGPL-3.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PatternTypeSourceSink        = patterns.PatternTypeSourceSink
	PatternTypeMissingSanitizer  = patterns.PatternTypeMissingSanitizer
	PatternTypeDangerousFunction = patterns.PatternTypeDangerousFunction
)

Deprecated: Use patterns constants instead.

View Source 
const (
	SeverityCritical = patterns.SeverityCritical
	SeverityHigh     = patterns.SeverityHigh
	SeverityMedium   = patterns.SeverityMedium
	SeverityLow      = patterns.SeverityLow
)

Deprecated: Use patterns severity constants instead.

View Source 
const (
	// Deprecated: Use core.StatementTypeAssignment instead.
	StatementTypeAssignment = core.StatementTypeAssignment

	// Deprecated: Use core.StatementTypeCall instead.
	StatementTypeCall = core.StatementTypeCall

	// Deprecated: Use core.StatementTypeReturn instead.
	StatementTypeReturn = core.StatementTypeReturn

	// Deprecated: Use core.StatementTypeIf instead.
	StatementTypeIf = core.StatementTypeIf

	// Deprecated: Use core.StatementTypeFor instead.
	StatementTypeFor = core.StatementTypeFor

	// Deprecated: Use core.StatementTypeWhile instead.
	StatementTypeWhile = core.StatementTypeWhile

	// Deprecated: Use core.StatementTypeWith instead.
	StatementTypeWith = core.StatementTypeWith

	// Deprecated: Use core.StatementTypeTry instead.
	StatementTypeTry = core.StatementTypeTry

	// Deprecated: Use core.StatementTypeRaise instead.
	StatementTypeRaise = core.StatementTypeRaise

	// Deprecated: Use core.StatementTypeImport instead.
	StatementTypeImport = core.StatementTypeImport

	// Deprecated: Use core.StatementTypeExpression instead.
	StatementTypeExpression = core.StatementTypeExpression
)
View Source 
const BlockTypeCatch = cfg.BlockTypeCatch

Deprecated: Use cfg.BlockTypeCatch instead. This constant will be removed in a future version.

View Source 
const BlockTypeConditional = cfg.BlockTypeConditional

Deprecated: Use cfg.BlockTypeConditional instead. This constant will be removed in a future version.

View Source 
const BlockTypeEntry = cfg.BlockTypeEntry

Deprecated: Use cfg.BlockTypeEntry instead. This constant will be removed in a future version.

View Source 
const BlockTypeExit = cfg.BlockTypeExit

Deprecated: Use cfg.BlockTypeExit instead. This constant will be removed in a future version.

View Source 
const BlockTypeFinally = cfg.BlockTypeFinally

Deprecated: Use cfg.BlockTypeFinally instead. This constant will be removed in a future version.

View Source 
const BlockTypeLoop = cfg.BlockTypeLoop

Deprecated: Use cfg.BlockTypeLoop instead. This constant will be removed in a future version.

View Source 
const BlockTypeNormal = cfg.BlockTypeNormal

Deprecated: Use cfg.BlockTypeNormal instead. This constant will be removed in a future version.

View Source 
const BlockTypeSwitch = cfg.BlockTypeSwitch

Deprecated: Use cfg.BlockTypeSwitch instead. This constant will be removed in a future version.

View Source 
const BlockTypeTry = cfg.BlockTypeTry

Deprecated: Use cfg.BlockTypeTry instead. This constant will be removed in a future version.

Variables

This section is empty.

Functions

func AnalyzeIntraProceduralTaint 

func AnalyzeIntraProceduralTaint(
	functionFQN string,
	statements []*core.Statement,
	defUseChain *core.DefUseChain,
	sources []string,
	sinks []string,
	sanitizers []string,
) *core.TaintSummary

AnalyzeIntraProceduralTaint performs forward taint analysis on a function. Deprecated: Use taint.AnalyzeIntraProceduralTaint instead.

func BuildCallGraph deprecated 

func BuildCallGraph(codeGraph *graph.CodeGraph, registry *core.ModuleRegistry, projectRoot string) (*core.CallGraph, error)

BuildCallGraph constructs the complete call graph for a Python project.

Deprecated: Use builder.BuildCallGraph instead.

func BuildModuleRegistry 

func BuildModuleRegistry(rootPath string) (*core.ModuleRegistry, error)

BuildModuleRegistry is a convenience wrapper. Deprecated: Use registry.BuildModuleRegistry instead.

func ExtractCallSites 

func ExtractCallSites(filePath string, sourceCode []byte, importMap *core.ImportMap) ([]*core.CallSite, error)

ExtractCallSites extracts all function/method call sites from a Python file. Deprecated: Use resolution.ExtractCallSites instead.

func ExtractClassAttributes 

func ExtractClassAttributes(
	filePath string,
	sourceCode []byte,
	modulePath string,
	typeEngine *resolution.TypeInferenceEngine,
	attrRegistry *registry.AttributeRegistry,
) error

ExtractClassAttributes extracts class attributes from Python file. Deprecated: Use extraction.ExtractClassAttributes instead.

func ExtractImports 

func ExtractImports(filePath string, sourceCode []byte, registry *core.ModuleRegistry) (*core.ImportMap, error)

ExtractImports extracts all import statements from a Python file and builds an ImportMap. Deprecated: Use resolution.ExtractImports instead.

func ExtractStatements 

func ExtractStatements(filePath string, sourceCode []byte, functionNode *sitter.Node) ([]*core.Statement, error)

ExtractStatements extracts all statements from a Python function body. Deprecated: Use extraction.ExtractStatements instead.

func ExtractVariableAssignments 

func ExtractVariableAssignments(
	filePath string,
	sourceCode []byte,
	typeEngine *resolution.TypeInferenceEngine,
	registry *core.ModuleRegistry,
	builtinRegistry *registry.BuiltinRegistry,
) error

ExtractVariableAssignments extracts variable assignments from a Python file. Deprecated: Use extraction.ExtractVariableAssignments instead.

func GetFrameworkCategory 

func GetFrameworkCategory(fqn string) string

GetFrameworkCategory is a convenience wrapper. Deprecated: Use core.GetFrameworkCategory instead.

func GetFrameworkName 

func GetFrameworkName(fqn string) string

GetFrameworkName is a convenience wrapper. Deprecated: Use core.GetFrameworkName instead.

func InitializeCallGraph 

func InitializeCallGraph(codeGraph *graph.CodeGraph, projectRoot string) (*CallGraph, *ModuleRegistry, *PatternRegistry, error)

InitializeCallGraph builds the call graph from a code graph. This integrates the 3-pass algorithm into the main initialization pipeline.

Algorithm:

  1. Build module registry from project directory
  2. Build call graph from code graph using registry
  3. Load default security patterns
  4. Return integrated result

Parameters:

  • codeGraph: the parsed code graph from Initialize()
  • projectRoot: absolute path to project root directory

Returns:

  • CallGraph: complete call graph with edges and call sites
  • ModuleRegistry: module path mappings
  • PatternRegistry: loaded security patterns
  • error: if any step fails

func IsDjangoORMPattern 

func IsDjangoORMPattern(target string) (bool, string)

IsDjangoORMPattern checks if a call target matches Django ORM pattern. Deprecated: Use resolution.IsDjangoORMPattern instead.

func IsORMPattern 

func IsORMPattern(target string) (bool, string, string)

IsORMPattern detects if target is any recognized ORM pattern. Deprecated: Use resolution.IsORMPattern instead.

func IsSQLAlchemyORMPattern 

func IsSQLAlchemyORMPattern(target string) (bool, string)

IsSQLAlchemyORMPattern checks if a call target matches SQLAlchemy ORM pattern. Deprecated: Use resolution.IsSQLAlchemyORMPattern instead.

func ParseChain 

func ParseChain(target string) []resolution.ChainStep

ParseChain parses a method chain into individual steps. Deprecated: Use resolution.ParseChain instead.

func ParsePythonFile 

func ParsePythonFile(sourceCode []byte) (*sitter.Tree, error)

ParsePythonFile parses a Python source file using tree-sitter. Deprecated: Use extraction.ParsePythonFile instead.

func PrintAttributeFailureStats 

func PrintAttributeFailureStats()

PrintAttributeFailureStats prints statistics about attribute resolution failures. Deprecated: Use resolution.PrintAttributeFailureStats instead.

func ResolveAttributePlaceholders 

func ResolveAttributePlaceholders(
	attrRegistry *registry.AttributeRegistry,
	typeEngine *resolution.TypeInferenceEngine,
	moduleRegistry *core.ModuleRegistry,
	codeGraph *graph.CodeGraph,
)

ResolveAttributePlaceholders resolves __ATTR__ placeholders in call targets. Deprecated: Use resolution.ResolveAttributePlaceholders instead.

func ResolveChainedCall 

func ResolveChainedCall(
	target string,
	typeEngine *resolution.TypeInferenceEngine,
	builtins *registry.BuiltinRegistry,
	moduleRegistry *core.ModuleRegistry,
	codeGraph *graph.CodeGraph,
	callerFQN string,
	currentModule string,
	callGraph *core.CallGraph,
) (string, bool, *core.TypeInfo)

ResolveChainedCall resolves a method chain by walking each step and tracking types. Deprecated: Use resolution.ResolveChainedCall instead.

func ResolveDjangoORMCall 

func ResolveDjangoORMCall(target string, modulePath string, registry *core.ModuleRegistry, codeGraph *graph.CodeGraph) (string, bool)

ResolveDjangoORMCall resolves Django ORM call to a synthetic FQN. Deprecated: Use resolution.ResolveDjangoORMCall instead.

func ResolveORMCall 

func ResolveORMCall(target string, modulePath string, registry *core.ModuleRegistry, codeGraph *graph.CodeGraph) (string, bool)

ResolveORMCall detects and resolves ORM calls. Deprecated: Use resolution.ResolveORMCall instead.

func ResolveSQLAlchemyORMCall 

func ResolveSQLAlchemyORMCall(target string, modulePath string) (string, bool)

ResolveSQLAlchemyORMCall resolves SQLAlchemy ORM call to a synthetic FQN. Deprecated: Use resolution.ResolveSQLAlchemyORMCall instead.

func ResolveSelfAttributeCall 

func ResolveSelfAttributeCall(
	target string,
	callerFQN string,
	typeEngine *resolution.TypeInferenceEngine,
	builtins *registry.BuiltinRegistry,
	callGraph *core.CallGraph,
) (string, bool, *core.TypeInfo)

ResolveSelfAttributeCall resolves self.attr.method() calls using attribute registry. Deprecated: Use resolution.ResolveSelfAttributeCall instead.

func ValidateDjangoModel 

func ValidateDjangoModel(modelName string, codeGraph *graph.CodeGraph) bool

ValidateDjangoModel validates that a Django model exists in the code graph. Deprecated: Use resolution.ValidateDjangoModel instead.

Types

type Argument deprecated 

type Argument = core.Argument

Deprecated: Use core.Argument instead. This alias will be removed in a future version.

type AttributeRegistry deprecated 

type AttributeRegistry = registry.AttributeRegistry

Deprecated: Use registry.AttributeRegistry instead. This alias will be removed in a future version.

func NewAttributeRegistry 

func NewAttributeRegistry() *AttributeRegistry

NewAttributeRegistry creates a new empty AttributeRegistry. Deprecated: Use registry.NewAttributeRegistry instead.

type BasicBlock deprecated 

type BasicBlock = cfg.BasicBlock

Deprecated: Use cfg.BasicBlock instead. This alias will be removed in a future version.

type BlockType deprecated 

type BlockType = cfg.BlockType

Deprecated: Use cfg.BlockType instead. This alias will be removed in a future version.

type BuiltinMethod deprecated 

type BuiltinMethod = registry.BuiltinMethod

Deprecated: Use registry.BuiltinMethod instead. This alias will be removed in a future version.

type BuiltinRegistry deprecated 

type BuiltinRegistry = registry.BuiltinRegistry

Deprecated: Use registry.BuiltinRegistry instead. This alias will be removed in a future version.

func NewBuiltinRegistry 

func NewBuiltinRegistry() *BuiltinRegistry

NewBuiltinRegistry creates and initializes a registry with Python builtin types. Deprecated: Use registry.NewBuiltinRegistry instead.

type BuiltinType deprecated 

type BuiltinType = registry.BuiltinType

Deprecated: Use registry.BuiltinType instead. This alias will be removed in a future version.

type CallGraph deprecated 

type CallGraph = core.CallGraph

Deprecated: Use core.CallGraph instead. This alias will be removed in a future version.

func NewCallGraph 

func NewCallGraph() *CallGraph

NewCallGraph is a convenience wrapper. Deprecated: Use core.NewCallGraph instead.

type CallSite deprecated 

type CallSite = core.CallSite

Deprecated: Use core.CallSite instead. This alias will be removed in a future version.

type ChainStep 

type ChainStep = resolution.ChainStep

ChainStep represents one step in a method chain. Deprecated: Use resolution.ChainStep instead.

type ClassAttribute deprecated 

type ClassAttribute = core.ClassAttribute

Deprecated: Use core.ClassAttribute instead. This alias will be removed in a future version.

type ClassAttributes deprecated 

type ClassAttributes = core.ClassAttributes

Deprecated: Use core.ClassAttributes instead. This alias will be removed in a future version.

type ControlFlowGraph deprecated 

type ControlFlowGraph = cfg.ControlFlowGraph

Deprecated: Use cfg.ControlFlowGraph instead. This alias will be removed in a future version.

func NewControlFlowGraph deprecated 

func NewControlFlowGraph(functionFQN string) *ControlFlowGraph

Deprecated: Use cfg.NewControlFlowGraph instead. This wrapper will be removed in a future version.

type DefUseChain deprecated 

type DefUseChain = core.DefUseChain

Deprecated: Use core.DefUseChain instead. This alias will be removed in a future version.

func BuildDefUseChains 

func BuildDefUseChains(statements []*Statement) *DefUseChain

BuildDefUseChains is a convenience wrapper. Deprecated: Use core.BuildDefUseChains instead.

func NewDefUseChain 

func NewDefUseChain() *DefUseChain

NewDefUseChain is a convenience wrapper. Deprecated: Use core.NewDefUseChain instead.

type DefUseStats deprecated 

type DefUseStats = core.DefUseStats

Deprecated: Use core.DefUseStats instead. This alias will be removed in a future version.

type FrameworkDefinition deprecated 

type FrameworkDefinition = core.FrameworkDefinition

Deprecated: Use core.FrameworkDefinition instead. This alias will be removed in a future version.

func IsKnownFramework 

func IsKnownFramework(fqn string) (bool, *FrameworkDefinition)

IsKnownFramework is a convenience wrapper. Deprecated: Use core.IsKnownFramework instead.

func LoadFrameworks 

func LoadFrameworks() []FrameworkDefinition

LoadFrameworks is a convenience wrapper. Deprecated: Use core.LoadFrameworks instead.

type FunctionParam deprecated 

type FunctionParam = core.FunctionParam

Deprecated: Use core.FunctionParam instead. This alias will be removed in a future version.

type FunctionScope deprecated 

type FunctionScope = resolution.FunctionScope

Deprecated: Use resolution.FunctionScope instead.

func NewFunctionScope 

func NewFunctionScope(functionFQN string) *FunctionScope

NewFunctionScope creates a new function scope. Deprecated: Use resolution.NewFunctionScope instead.

type ImportMap deprecated 

type ImportMap = core.ImportMap

Deprecated: Use core.ImportMap instead. This alias will be removed in a future version.

func NewImportMap 

func NewImportMap(filePath string) *ImportMap

NewImportMap is a convenience wrapper. Deprecated: Use core.NewImportMap instead.

type ImportMapCache deprecated 

type ImportMapCache = cgbuilder.ImportMapCache

ImportMapCache is a type alias for backward compatibility.

Deprecated: Use builder.ImportMapCache instead. This type alias will be removed in a future version.

func NewImportMapCache deprecated 

func NewImportMapCache() *ImportMapCache

NewImportMapCache creates a new empty import map cache.

Deprecated: Use builder.NewImportMapCache instead.

type Location deprecated 

type Location = core.Location

Deprecated: Use core.Location instead. This alias will be removed in a future version.

type Manifest deprecated 

type Manifest = core.Manifest

Deprecated: Use core.Manifest instead. This alias will be removed in a future version.

type ModuleEntry deprecated 

type ModuleEntry = core.ModuleEntry

Deprecated: Use core.ModuleEntry instead. This alias will be removed in a future version.

type ModuleRegistry deprecated 

type ModuleRegistry = core.ModuleRegistry

Deprecated: Use core.ModuleRegistry instead. This alias will be removed in a future version.

func NewModuleRegistry 

func NewModuleRegistry() *ModuleRegistry

NewModuleRegistry is a convenience wrapper. Deprecated: Use core.NewModuleRegistry instead.

type Pattern deprecated 

type Pattern = patterns.Pattern

Deprecated: Use patterns.Pattern instead.

type PatternMatch 

type PatternMatch struct {
	PatternID   string   // Pattern identifier
	PatternName string   // Human-readable name
	Description string   // What was detected
	Severity    Severity // Risk level
	CWE         string   // CWE identifier
	OWASP       string   // OWASP category

	// Vulnerability location details
	SourceFQN  string // Fully qualified name of the source function
	SourceCall string // The actual dangerous call (e.g., "input", "request.GET")
	SourceFile string // File path where source is located
	SourceLine uint32 // Line number of source function
	SourceCode string // Code snippet of source function

	SinkFQN  string // Fully qualified name of the sink function
	SinkCall string // The actual dangerous call (e.g., "eval", "exec")
	SinkFile string // File path where sink is located
	SinkLine uint32 // Line number of sink function
	SinkCode string // Code snippet of sink function

	DataFlowPath []string // Complete path from source to sink (FQNs)
}

PatternMatch represents a detected security pattern in the code.

func AnalyzePatterns 

func AnalyzePatterns(callGraph *CallGraph, patternRegistry *PatternRegistry) []PatternMatch

AnalyzePatterns runs pattern matching against the call graph. Returns a list of matched patterns with their details.

type PatternMatchDetails deprecated 

type PatternMatchDetails = patterns.PatternMatchDetails

Deprecated: Use patterns.PatternMatchDetails instead.

func MatchPattern 

func MatchPattern(pattern *Pattern, callGraph *CallGraph) *PatternMatchDetails

MatchPattern checks if a call graph matches a pattern. Deprecated: Use PatternRegistry.MatchPattern from patterns package instead.

type PatternRegistry deprecated 

type PatternRegistry = patterns.PatternRegistry

Deprecated: Use patterns.PatternRegistry instead.

func NewPatternRegistry deprecated 

func NewPatternRegistry() *PatternRegistry

Deprecated: Use patterns.NewPatternRegistry instead.

type PatternType deprecated 

type PatternType = patterns.PatternType

Deprecated: Use patterns.PatternType instead.

type PythonVersionInfo deprecated 

type PythonVersionInfo = core.PythonVersionInfo

Deprecated: Use core.PythonVersionInfo instead. This alias will be removed in a future version.

type RegistryStats deprecated 

type RegistryStats = core.RegistryStats

Deprecated: Use core.RegistryStats instead. This alias will be removed in a future version.

type Severity deprecated 

type Severity = patterns.Severity

Deprecated: Use patterns.Severity instead.

type Statement deprecated 

type Statement = core.Statement

Deprecated: Use core.Statement instead. This alias will be removed in a future version.

type StatementType deprecated 

type StatementType = core.StatementType

Deprecated: Use core.StatementType instead. This alias will be removed in a future version.

type StdlibAttribute deprecated 

type StdlibAttribute = core.StdlibAttribute

Deprecated: Use core.StdlibAttribute instead. This alias will be removed in a future version.

type StdlibClass deprecated 

type StdlibClass = core.StdlibClass

Deprecated: Use core.StdlibClass instead. This alias will be removed in a future version.

type StdlibConstant deprecated 

type StdlibConstant = core.StdlibConstant

Deprecated: Use core.StdlibConstant instead. This alias will be removed in a future version.

type StdlibFunction deprecated 

type StdlibFunction = core.StdlibFunction

Deprecated: Use core.StdlibFunction instead. This alias will be removed in a future version.

type StdlibModule deprecated 

type StdlibModule = core.StdlibModule

Deprecated: Use core.StdlibModule instead. This alias will be removed in a future version.

type StdlibRegistry deprecated 

type StdlibRegistry = core.StdlibRegistry

Deprecated: Use core.StdlibRegistry instead. This alias will be removed in a future version.

func NewStdlibRegistry 

func NewStdlibRegistry() *StdlibRegistry

NewStdlibRegistry is a convenience wrapper. Deprecated: Use core.NewStdlibRegistry instead.

type StdlibRegistryLoader deprecated 

type StdlibRegistryLoader = registry.StdlibRegistryLoader

Deprecated: Use registry.StdlibRegistryLoader instead. This alias will be removed in a future version.

func NewStdlibRegistryLoader 

func NewStdlibRegistryLoader(registryPath string) *StdlibRegistryLoader

NewStdlibRegistryLoader creates a new stdlib registry loader. Deprecated: Use registry.StdlibRegistryLoader directly.

type StdlibRegistryRemote deprecated 

type StdlibRegistryRemote = registry.StdlibRegistryRemote

Deprecated: Use registry.StdlibRegistryRemote instead. This alias will be removed in a future version.

func NewStdlibRegistryRemote 

func NewStdlibRegistryRemote(baseURL, pythonVersion string) *StdlibRegistryRemote

NewStdlibRegistryRemote creates a new remote registry loader. Deprecated: Use registry.NewStdlibRegistryRemote instead.

type TaintInfo deprecated 

type TaintInfo = core.TaintInfo

Deprecated: Use core.TaintInfo instead. This alias will be removed in a future version.

type TaintState deprecated 

type TaintState = taint.TaintState

Deprecated: Use taint.TaintState instead. This alias will be removed in a future version.

func NewTaintState 

func NewTaintState() *TaintState

NewTaintState creates an empty taint state. Deprecated: Use taint.NewTaintState instead.

type TaintSummary deprecated 

type TaintSummary = core.TaintSummary

Deprecated: Use core.TaintSummary instead. This alias will be removed in a future version.

func NewTaintSummary 

func NewTaintSummary(functionFQN string) *TaintSummary

NewTaintSummary is a convenience wrapper. Deprecated: Use core.NewTaintSummary instead.

type TypeInferenceEngine deprecated 

type TypeInferenceEngine = resolution.TypeInferenceEngine

Deprecated: Use resolution.TypeInferenceEngine instead.

func NewTypeInferenceEngine 

func NewTypeInferenceEngine(registry *core.ModuleRegistry) *TypeInferenceEngine

NewTypeInferenceEngine creates a new type inference engine. Deprecated: Use resolution.NewTypeInferenceEngine instead.

type TypeInfo deprecated 

type TypeInfo = core.TypeInfo

Deprecated: Use core.TypeInfo instead.

type VariableBinding deprecated 

type VariableBinding = resolution.VariableBinding

Deprecated: Use resolution.VariableBinding instead.

Source Files

View all Source files

Directories

Path Synopsis
analysis
taint
Package taint provides intra-procedural taint analysis for detecting data flow from sources to sinks.
 Package taint provides intra-procedural taint analysis for detecting data flow from sources to sinks.
Package builder provides call graph construction orchestration.
 Package builder provides call graph construction orchestration.
Package cfg provides control flow graph (CFG) construction and analysis.
 Package cfg provides control flow graph (CFG) construction and analysis.
Package core provides foundational type definitions for the callgraph analyzer.
 Package core provides foundational type definitions for the callgraph analyzer.
Package extraction provides AST-based code extraction utilities for Python source code.
 Package extraction provides AST-based code extraction utilities for Python source code.
Package patterns provides security and framework pattern detection.
 Package patterns provides security and framework pattern detection.
Package registry provides module, type, and attribute registry functionality for Python code analysis.
 Package registry provides module, type, and attribute registry functionality for Python code analysis.
Package resolution provides type information structures for type resolution and inference.
 Package resolution provides type information structures for type resolution and inference.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.