CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.2.2-dev (changelog, source)
Search

Class TypeTracking::TypeBackTracker

A summary of the steps needed to back-track a use of a value to a given dataflow node.

This can for example be used to track callbacks that are passed to a certain API, so we can model specific parameters of that callback as having a certain type.

Note that type back-tracking does not provide a source/sink relation, that is, it may determine that a node will be used in an API call somewhere, but it won’t determine exactly where that use was, or the path that led to the use.

It is recommended that all uses of this type are written in the following form, for back-tracking some callback type myCallback:

Node myCallback(TypeBackTracker t) {
  t.start() and
  result = (< some API call >).getArgument(< n >).getALocalSource()
  or
  exists(TypeBackTracker t2 |
    t = t2.step(result, myCallback(t2))
  )
}

Node myCallback() { result = myCallback(TypeBackTracker::end()) }

If you want to track individual intra-procedural steps, use t2.smallstep instead of t2.step.

Import path

import codeql.typetracking.internal.TypeTrackingImpl

Direct supertypes

Predicates

continue

Gets a type tracker that starts where this one has left off to allow continued tracking.

end

Holds if this is the end point of type tracking.

getACompatibleTypeTracker

Gets a forwards summary that is compatible with this backwards summary. That is, if this summary describes the steps needed to back-track a value from sink to mid, and the result is a valid summary of the steps needed to track a value from source to mid, then the value from source may also flow to sink.

smallstep

Gets the summary that corresponds to having taken a backwards local, heap and/or inter-procedural step from nodeTo to nodeFrom.

start

Holds if this is the starting point of type tracking.

step

Gets the summary that corresponds to having taken a backwards heap and/or inter-procedural step from nodeTo to nodeFrom.

toString

Gets a textual representation of this summary.

Charpred