Module DataFlow

Provides classes implementing a simple intra-procedural flow analysis for inferring abstract values of nodes in the data-flow graph representation of the program.

INTERNAL. DO NOT USE.

Gets a (default) import of the given dependency dep, such as require("lodash") in a context where a package.json file includes "lodash" as a dependency.

INTERNAL. DO NOT USE.

INTERNAL: Use ExceptionalFunctionReturnNode instead.

INTERNAL: Use ExceptionalInvocationReturnNode instead.

Gets the CommonJS/AMD exports variable for module m.

Gets the data flow node corresponding to e.

INTERNAL: Do not use outside standard library.

Holds if the function in succ forwards all its arguments to a call to pred and returns its result. This can thus be seen as a step pred -> succ used for tracking function values through “wrapper functions”, since the succ function partially replicates behavior of pred.

Holds if the function in succ forwards all its arguments to a call to pred. This can thus be seen as a step pred -> succ used for tracking function values through “wrapper functions”, since the succ function partially replicates behavior of pred.

INTERNAL: Use FunctionReturnNode instead.

INTERNAL. DO NOT USE.

Gets a data flow node corresponding to an access to the global object, including this expressions outside functions, references to global variables window and global, and uses of the global npm package.

Gets a data flow node corresponding to an access to global variable name, either directly, through window or global, or through the global npm package.

Holds if there is a path without unmatched return steps from source to sink.

Holds if the flow information for the node nd.

Holds if there is a step from pred to succ through a field accessed through this in a class.

Holds if data can flow from pred to succ in one local step.

Gets the data flow node corresponding the given l-value expression, if such a node exists.

Gets a (default) import of the module with the given path, such as require("fs") or import * as fs from "fs".

Gets a data flow node that either imports m from the module with the given path, or accesses m as a member on a default or namespace import from path.

Gets the CommonJS/AMD module variable for module m.

Gets the node corresponding to the initialization of parameter p.

INTERNAL: Use parameterNode(Parameter) instead.

Gets a data flow node representing the underlying call performed by the given call to Function.prototype.call or Function.prototype.apply.

Gets the data flow node corresponding to ssa.

INTERNAL: Use thisNode(StmtContainer container) instead.

Gets the node representing the receiver of the given function, or this in the given top-level.

Gets the data flow node corresponding to nd.

A BarrierGuardNode that controls which data flow configurations it is used in.

A data flow node that should be considered a sink for some specific configuration, in addition to any other sinks that configuration may recognize.

A data flow node that should be considered a source for some specific configuration, in addition to any other sources that configuration may recognize.

A data flow node corresponding to a new Array() or Array() invocation.

A data flow node corresponding to the creation or a new array, either through an array literal, an invocation of the Array constructor, or the Array.from method.

A data flow node corresponding to an array literal expression.

A node that can act as a barrier when appearing in a condition.

A data flow node corresponding to a function call without new.

A data flow node corresponding to a class definition or a function definition acting as a class.

A data flow tracking configuration for finding inter-procedural paths from sources to sinks.

A data flow node representing the exceptions thrown by a function.

A data flow node representing the exceptions thrown by the callee of an invocation.

A data flow node corresponding to an expression.

A label describing the kind of information tracked by a flow configuration.

A data flow node corresponding to a function definition.

A data flow node representing the values returned by a function.

A data flow node corresponding to a global variable access through a simple identifier.

A data flow node representing an HTML attribute.

A classification of flows that are not modeled, or only modeled incompletely, by DataFlowNode:

A data flow node corresponding to a function invocation (with or without new).

A guard node that only blocks specific labels.

The string method, getter, or setter, representing the kind of a function member in a class.

A data flow node corresponding to a method call, that is, a call of form x.m(...).

A path node corresponding to an intermediate node on a path from a source to a sink.

A data flow node representing an import of a module, either through an import declaration, a call to require, or an AMD dependency parameter.

A data flow node corresponding to a new expression.

A node in the data flow graph.

A data flow node corresponding to an object literal expression.

A data flow node corresponding to a parameter.

A data flow node that performs a partial function application.

A data-flow node on an inter-procedural path from a source to a sink.

A data flow node that reads an object property.

A data flow node that reads or writes an object property or class member.

A data flow node that writes to an object property.

A representative for a set of property names.

A data flow node representing the arguments object given to a function.

An invocation of the RegExp constructor.

A data flow node corresponding to a regular expression literal or an invocation of the RegExp constructor.

A data-flow node corresponding to a regular-expression literal.

A data flow edge that should be added to all data flow configurations in addition to standard data flow edges.

A data flow edge that should be followed by type tracking.

A path node corresponding to a flow sink.

A source node for local data flow, that is, a node from which local data flow is tracked.

A path node corresponding to a flow source.

A node in the data flow graph which corresponds to an SSA variable definition.

A standard flow label, that is, either FlowLabel::data() or FlowLabel::taint().

A data flow node representing the value plugged into a template tag.

A data flow node corresponding to the this parameter in a function or this at the top-level.

A summary of the steps needed to back-track a use of a value to a given dataflow node.

A summary of the steps needed to track a value to a given dataflow node.

A node in the data flow graph which corresponds to an expression, destructuring pattern, or declaration of a function, class, namespace, or enum.

A guard node for a variable in a negative condition, such as x in if(!x). Can be added to a isBarrier in a data-flow configuration to block flow through such checks.

Provides classes representing various kinds of calls.

Provides the query predicates needed to include a graph in a path-problem query.

A collection of pseudo-properties that are used in multiple files.

Contains predicates for accessing the steps contributed by SharedFlowStep subclasses.

Provides access to the steps contributed by subclasses of SharedTypeTrackingStep.

An alias for SourceNode.

A kind of taint tracked by a taint-tracking configuration.

Holds if arg is passed as an argument into parameter parm through invocation invk of function f.

Holds if taint propagates from pred to succ in one local (intra-procedural) step. DEPRECATED: Use TaintTracking::sharedTaintStep and DataFlow::Node::getALocalSource() instead.