How to write a query to find the function call path in python

[BaiChienKao]

I am writing a query to find the call path about the imported functions/methods.
I have try the solution in "How to write query to get Call Graph in python? #8063"
#8063
Basically I would like to find out the call relationship like functionA calls functionB, as well as the Scope location of funtionA/B.
I think it's like the Java's method "A.calls(B)"
The python code is like:

from http.server import HTTPServer,BaseHTTPRequestHandler
import yaml
from nvflare.lighter import provision
class helloHandler(BaseHTTPRequestHandler):
		def do_GET(self): ...
                provision.main() ...
                project_data = yaml.safe_load(...) ...
def main():
    server = HTTPServer(("0.0.0.0",8000),helloHandler)
    server.serve_forever()
if __name__ == '__main__':
    main()

The query as below:

from Value val, CallNode call, Scope scope
where val.getACall() = call and
  call.getLocation().getFile().toString().matches("%/VersionTestProject1/%") and
  (scope = val.(CallableValue).getScope() or
   scope = val.(ClassValue).getScope() ) 
select call, val, scope

The query can only find the main().
All other function call and method call are not found.
I have tried to enumerate all CallableValue like below:

from CallableValue call
where call.getACall().getLocation().getFile().toString().matches("%/VersionTestProject1/%")
select call

The query only shows the main() and some build-in functions such as str() len() open()...
and no function like "def do_GET()" and import methods like "provision.main()","yaml.safe_load()" or "HTTPServer()" shows up.

I have tried CallableValue, MethodCallNode::flowsTo() and all of them failed to find the function call.
Then I tried InterProceduralPointsTo::call as below:

from Call call1, PointsToContext caller, ObjectInternal value
where call1.getLocation().getFile().toString().matches("%/VersionTestProject1/%") and
      InterProceduralPointsTo::call(call1.getAFlowNode(),caller,value)
select call1,caller, value

it can find the call of "provision.main()" as "call: Attribute(), caller: runtime, value: Unknown value"
Then I cannot find a way to extract information about this call like the location of "provision.main()".
(provision.main() should be located in "VersionTestProject1\venv\Lib\site-packages\nvflare\lighter\provision.py" )

I was wondering if there is a way to find the CALL to the import function properly as well as get the location information of that import function.

Thank you so much

[BaiChienKao]

Thanks to @atorralba for helping on the editing.
I found another related problem which is the CodeQL didn't extract the non built-in method from site-packages such as "nvflare" and "yaml".
I got the log as:
[build-stdout] Excluding the following directories from extraction, since they look like virtual environments: ['C:\Users\Administrator\PycharmProjects\VersionTestProject1\venv']
This indicated all the packages installed in "venv\Lib\site-packages" are not extracted.

It might be the reason I cannot find any non built-in functions and methods via the various value classes like BoundMethodValue, CallableValue, FunctionValue, ModuleValue and PythonFunctionValue.

Not sure how to make the "venv/" folder being included during the database generating process.
And I still have the problem to find the call path.

Does any one can help on these two problem?
Thank you so much.

[BaiChienKao]

Reply to myself.
To disable the exclusion of virtual environments, added a system variable:
CODEQL_EXTRACTOR_PYTHON_DISABLE_AUTOMATIC_VENV_EXCLUDE = 1

Rebuild the Code database, then the site-packages will be extracted into the database.
And, the query in the first post is working fine to find the call path.
I updated the query as below:

import python
from Value val, CallNode caller, Scope callee
where
  val.getACall() = caller and
  ( callee = val.(CallableValue).getScope() or
    callee = val.(ClassValue).getScope() ) 
select 
       caller.getFunction().getScope().toString(), 
       caller.getFunction().getScope().getLocation().toString(),
       callee.toString(), 
       callee.getLocation().toString()