CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.2.2-dev (changelog, source)
Search

Module InlineFlowTest

Provides a simple base test for flow-related tests using inline expectations.

To add this framework to a new language, add a new file (usually called InlineFlowTest.qll) with:

  • private import codeql.dataflow.test.InlineFlowTest
  • private imports of the libraries implementing DataFlow::InputSig, TaintTracking::InputSig, and InlineExpectationsTest::InlineExpectationsTestSig.
  • An implementation of the signature InputSig defined below.
  • An import of an appropriately instantiated InlineFlowTestMake module.

To declare expectations, you can use the $ hasTaintFlow or $ hasValueFlow comments within the test source files. For example, in the case of Ruby test.rb file:

s = source(1)
sink(s); // $ hasValueFlow=1
t = "foo" + taint(2);
sink(t); // $ hasTaintFlow=2

If you are only interested in value flow, then instead of importing DefaultFlowTest, you can import ValueFlowTest<DefaultFlowConfig>. Similarly, if you are only interested in taint flow, then instead of importing DefaultFlowTest, you can import TaintFlowTest<DefaultFlowConfig>. In both cases DefaultFlowConfig can be replaced by another implementation of DataFlow::ConfigSig.

If you need more fine-grained tuning, consider implementing a test using InlineExpectationsTest.

Import path

import codeql.dataflow.test.InlineFlowTest

Modules

Module signatures