module
Noir::PythonCalleeExtractor
Overview
Walks a Python source snippet (typically a function body) and returns
the 1-hop callees inside it. Used by analyzers that want to expose
Endpoint.callees for AI code reviewers.
Intentionally simple: identifier and attribute callees only. Calls
made through getattr, __import__, globals()[...], etc. are out
of scope — callees is a useful prior, not a complete graph.
Defined in:
miniparsers/python_callee_extractor.crConstant Summary
-
BUILTINS =
Set {"print", "len", "range", "int", "str", "list", "dict", "tuple", "set", "bool", "float", "type", "isinstance", "issubclass", "id", "hash", "enumerate", "zip", "map", "filter", "sorted", "reversed", "min", "max", "sum", "abs", "round", "pow", "divmod", "iter", "next", "open", "input", "getattr", "setattr", "hasattr", "delattr", "any", "all", "vars", "dir", "locals", "globals", "callable", "format", "repr", "ascii", "ord", "chr", "hex", "oct", "bin", "super"} -
Builtins and small stdlib helpers carry no security signal; filtering them keeps the list short enough to fit in an AI context window. Anything framework-specific (Flask
request.*,jsonify,abort,redirect, …) is intentionally kept — those tell a reviewer how the endpoint shapes input and output.
Class Method Summary
-
.calls_in(source : String) : Array(Tuple(String, Int32))
Parse
sourceas Python and return every callee inside the first function body found.
Class Method Detail
Parse source as Python and return every callee inside the first
function body found. Each entry is {name, 0-based row within source}.
The caller is responsible for converting rows to absolute file lines.