__main__.py is where all the high-level steps happen.

Step 1

Parse command line arguments.

parse_args in usage.py

Step 2

Generate the Abstract Syntax Tree (AST).

Essentially done in these lines of code with the ast module:

import ast
ast.parse(f.read())

generate_ast in ast_helper.py

Step 3

Pass the AST to create a Control Flow Graph (CFG)

Step 4

Pass the CFG to a Framework Adaptor, which will mark the arguments of certain functions as tainted sources.

Step 5

Perform (modified-)reaching definitions analysis, to know where definitions reach.

Step 6

Find vulnerabilities, by seeing where sources reach, and how.

Step 7

Remove already known vulnerabilities if a baseline (JSON file of a previous run of PyT) is provided.

Step 8

Output the results in either text or JSON form, to stdout or the output file.

Here is an image from the original thesis: