CodeQL library for JavaScript
codeql/javascript-all 0.2.2 (changelog, source)
Search

Module PromiseTypeTracking

A module for supporting promises in type-tracking predicates. The PromiseTypeTracking::promiseStep predicate is used for type tracking in and out of promises, and is included in the standard type-tracking steps (SourceNode::track). The TypeTracker::startInPromise() predicate can be used to initiate a type-tracker where the tracked value is a promise.

The below is an example of a type-tracking predicate where the initial value is a promise:

DataFlow::SourceNode myType(DataFlow::TypeTracker t) {
 t.startInPromise() and
 result = <the promise value> and
 or
 exists(DataFlow::TypeTracker t2 | result = myType(t2).track(t2, t))
}

The type-tracking predicate above will only end (t = DataFlow::TypeTracker::end()) after the tracked value has been extracted from the promise.

The PromiseTypeTracking::promiseStep predicate can be used instead of SourceNode::track to get type-tracking only for promise steps.

Replace t.startInPromise() in the above example with t.start() to create a type-tracking predicate where the value is not initially inside a promise.

Import path

import javascript

Predicates

promiseStep

Gets the result from a single step through a promise, from pred to result summarized by summary. This can be loading a resolved value from a promise, storing a value in a promise, or copying a resolved value from one promise to another.

promiseStep

Gets the result from a single step through a promise, from pred with tracker t2 to result with tracker t. This can be loading a resolved value from a promise, storing a value in a promise, or copying a resolved value from one promise to another.