github · tausbn · Feb 18, 2026 · Feb 19, 2026 · Feb 20, 2026 · Feb 20, 2026
@@ -433,38 +433,6 @@ private predicate exits_early(BasicBlock b) {
 
 /** The metrics for a function that require points-to analysis */
 class FunctionMetricsWithPointsTo extends FunctionMetrics {
-  /**
-   * Gets the cyclomatic complexity of the function:
-   * The number of linearly independent paths through the source code.
-   * Computed as     E - N + 2P,
-   * where
-   *  E = the number of edges of the graph.
-   *  N = the number of nodes of the graph.
-   *  P = the number of connected components, which for a single function is 1.
-   */
-  int getCyclomaticComplexity() {
-    exists(int e, int n |
-      n = count(BasicBlockWithPointsTo b | b = this.getABasicBlock() and b.likelyReachable()) and
-      e =
-        count(BasicBlockWithPointsTo b1, BasicBlockWithPointsTo b2 |
-          b1 = this.getABasicBlock() and
-          b1.likelyReachable() and
-          b2 = this.getABasicBlock() and
-          b2.likelyReachable() and
-          b2 = b1.getASuccessor() and
-          not b1.unlikelySuccessor(b2)
-        )
-    |
-      result = e - n + 2
-    )
-  }
-
-  private BasicBlock getABasicBlock() {
-    result = this.getEntryNode().getBasicBlock()
-    or
-    exists(BasicBlock mid | mid = this.getABasicBlock() and result = mid.getASuccessor())
-  }
-
   /**
    * Dependency of Callables
    * One callable "this" depends on another callable "result"

@@ -1,5 +1,6 @@
 import python
 private import semmle.python.SelfAttribute
+private import semmle.python.dataflow.new.internal.DataFlowDispatch
 
 /** The metrics for a function */
 class FunctionMetrics extends Function {
@@ -27,6 +28,32 @@ class FunctionMetrics extends Function {
   int getStatementNestingDepth() { result = max(Stmt s | s.getScope() = this | getNestingDepth(s)) }
 
   int getNumberOfCalls() { result = count(Call c | c.getScope() = this) }
+
+  /**
+   * Gets the cyclomatic complexity of the function:
+   * The number of linearly independent paths through the source code.
+   * Computed as     E - N + 2P,
+   * where
+   *  E = the number of edges of the graph.
+   *  N = the number of nodes of the graph.
+   *  P = the number of connected components, which for a single function is 1.
+   */
+  int getCyclomaticComplexity() {
+    exists(int n, int e |
+      n = count(BasicBlock b | b.getScope() = this and Reachability::likelyReachable(b)) and
+      e =
+        count(BasicBlock b1, BasicBlock b2 |
+          b1.getScope() = this and
+          Reachability::likelyReachable(b1) and
+          b2.getScope() = this and
+          Reachability::likelyReachable(b2) and
+          b2 = b1.getASuccessor() and
+          not Reachability::unlikelySuccessor(b1.getLastNode(), b2.firstNode())
+        )
+    |
+      result = e - n + 2
+    )
+  }
 }
 
 /** The metrics for a class */

@@ -32,7 +32,9 @@ module Builtins {
         "UnicodeDecodeError", "UnicodeEncodeError", "UnicodeError", "UnicodeTranslateError",
         "UnicodeWarning", "UserWarning", "ValueError", "Warning", "ZeroDivisionError",
         // Added for compatibility
-        "exec"
+        "exec",
+        // Added by the `site` module (available by default unless `-S` is used)
+        "copyright", "credits", "exit", "quit"
       ]
     or
     // Built-in constants shared between Python 2 and 3
@@ -51,8 +53,8 @@ module Builtins {
     or
     // Python 2 only
     result in [
-        "basestring", "cmp", "execfile", "file", "long", "raw_input", "reduce", "reload", "unichr",
-        "unicode", "xrange"
+        "apply", "basestring", "cmp", "execfile", "file", "long", "raw_input", "reduce", "reload",
+        "unichr", "unicode", "xrange"
       ]
   }