CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.1.1 (changelog, source)
Search

Module DataFlow

Import path

import javascript

Imports

TypeInference

Provides classes implementing a simple intra-procedural flow analysis for inferring abstract values of nodes in the data-flow graph representation of the program.

Predicates

capturedVariableNode

INTERNAL. DO NOT USE.

dependencyModuleImport

Gets a (default) import of the given dependency dep, such as require("lodash") in a context where a package.json file includes "lodash" as a dependency.

destructuredModuleImportNode

INTERNAL. DO NOT USE.

exceptionalFunctionReturnNode

INTERNAL: Use ExceptionalFunctionReturnNode instead.

exceptionalInvocationReturnNode

INTERNAL: Use ExceptionalInvocationReturnNode instead.

exportsVarNode

Gets the CommonJS/AMD exports variable for module m.

exprNode

Gets the data flow node corresponding to e.

fieldDeclarationNode

INTERNAL: Do not use outside standard library.

functionForwardingStep

Holds if the function in succ forwards all its arguments to a call to pred and returns its result. This can thus be seen as a step pred -> succ used for tracking function values through “wrapper functions”, since the succ function partially replicates behavior of pred.

functionOneWayForwardingStep

Holds if the function in succ forwards all its arguments to a call to pred. This can thus be seen as a step pred -> succ used for tracking function values through “wrapper functions”, since the succ function partially replicates behavior of pred.

functionReturnNode

INTERNAL: Use FunctionReturnNode instead.

globalAccessPathRootPseudoNode

INTERNAL. DO NOT USE.

globalObjectRef

Gets a data flow node corresponding to an access to the global object, including this expressions outside functions, references to global variables window and global, and uses of the global npm package.

globalVarRef

Gets a data flow node corresponding to an access to global variable name, either directly, through window or global, or through the global npm package.

hasPathWithoutUnmatchedReturn

Holds if there is a path without unmatched return steps from source to sink.

isIncomplete

Holds if the flow information for the node nd.

localFieldStep

Holds if there is a step from pred to succ through a field accessed through this in a class.

localFlowStep

Holds if data can flow from pred to succ in one local step.

lvalueNode

Gets the data flow node corresponding the given l-value expression, if such a node exists.

moduleImport

Gets a (default) import of the module with the given path, such as require("fs") or import * as fs from "fs".

moduleMember

Gets a data flow node that either imports m from the module with the given path, or accesses m as a member on a default or namespace import from path.

moduleVarNode

Gets the CommonJS/AMD module variable for module m.

parameterNode

Gets the node corresponding to the initialization of parameter p.

parameterNode

INTERNAL: Use parameterNode(Parameter) instead.

reflectiveCallNode

Gets a data flow node representing the underlying call performed by the given call to Function.prototype.call or Function.prototype.apply.

ssaDefinitionNode

Gets the data flow node corresponding to ssa.

thisNode

Gets the node representing the receiver of the given function, or this in the given top-level.

thisNode

INTERNAL: Use thisNode(StmtContainer container) instead.

valueNode

Gets the data flow node corresponding to nd.

Classes

AdditionalBarrierGuardNode

A BarrierGuardNode that controls which data flow configurations it is used in.

AdditionalSink

A data flow node that should be considered a sink for some specific configuration, in addition to any other sinks that configuration may recognize.

AdditionalSource

A data flow node that should be considered a source for some specific configuration, in addition to any other sources that configuration may recognize.

ArrayConstructorInvokeNode

A data flow node corresponding to a new Array() or Array() invocation.

ArrayCreationNode

A data flow node corresponding to the creation or a new array, either through an array literal, an invocation of the Array constructor, or the Array.from method.

ArrayLiteralNode

A data flow node corresponding to an array literal expression.

BarrierGuardNode

A node that can act as a barrier when appearing in a condition.

CallNode

A data flow node corresponding to a function call without new.

ClassNode

A data flow node corresponding to a class definition or a function definition acting as a class.

Configuration

A data flow tracking configuration for finding inter-procedural paths from sources to sinks.

ExceptionalFunctionReturnNode

A data flow node representing the exceptions thrown by a function.

ExceptionalInvocationReturnNode

A data flow node representing the exceptions thrown by the callee of an invocation.

ExprNode

A data flow node corresponding to an expression.

FlowLabel

A label describing the kind of information tracked by a flow configuration.

FunctionNode

A data flow node corresponding to a function definition.

FunctionReturnNode

A data flow node representing the values returned by a function.

GlobalVarRefNode

A data flow node corresponding to a global variable access through a simple identifier.

HtmlAttributeNode

A data flow node representing an HTML attribute.

Incompleteness

A classification of flows that are not modeled, or only modeled incompletely, by DataFlowNode:

InvokeNode

A data flow node corresponding to a function invocation (with or without new).

LabeledBarrierGuardNode

A guard node that only blocks specific labels.

MemberKind

The string method, getter, or setter, representing the kind of a function member in a class.

MethodCallNode

A data flow node corresponding to a method call, that is, a call of form x.m(...).

MidPathNode

A path node corresponding to an intermediate node on a path from a source to a sink.

ModuleImportNode

A data flow node representing an import of a module, either through an import declaration, a call to require, or an AMD dependency parameter.

NewNode

A data flow node corresponding to a new expression.

Node

A node in the data flow graph.

ObjectLiteralNode

A data flow node corresponding to an object literal expression.

ParameterNode

A data flow node corresponding to a parameter.

PartialInvokeNode

A data flow node that performs a partial function application.

PathNode

A data-flow node on an inter-procedural path from a source to a sink.

PropRead

A data flow node that reads an object property.

PropRef

A data flow node that reads or writes an object property or class member.

PropWrite

A data flow node that writes to an object property.

PropertySet

A representative for a set of property names.

ReflectiveParametersNode

A data flow node representing the arguments object given to a function.

RegExpConstructorInvokeNode

An invocation of the RegExp constructor.

RegExpCreationNode

A data flow node corresponding to a regular expression literal or an invocation of the RegExp constructor.

RegExpLiteralNode

A data-flow node corresponding to a regular-expression literal.

SharedFlowStep

A data flow edge that should be added to all data flow configurations in addition to standard data flow edges.

SharedTypeTrackingStep

A data flow edge that should be followed by type tracking.

SinkPathNode

A path node corresponding to a flow sink.

SourceNode

A source node for local data flow, that is, a node from which local data flow is tracked.

SourcePathNode

A path node corresponding to a flow source.

SsaDefinitionNode

A node in the data flow graph which corresponds to an SSA variable definition.

StandardFlowLabel

A standard flow label, that is, either FlowLabel::data() or FlowLabel::taint().

TemplatePlaceholderTagNode

A data flow node representing the value plugged into a template tag.

ThisNode

A data flow node corresponding to the this parameter in a function or this at the top-level.

TypeBackTracker

A summary of the steps needed to back-track a use of a value to a given dataflow node.

TypeTracker

A summary of the steps needed to track a value to a given dataflow node.

ValueNode

A node in the data flow graph which corresponds to an expression, destructuring pattern, or declaration of a function, class, namespace, or enum.

VarAccessBarrier

A guard node for a variable in a negative condition, such as x in if(!x). Can be added to a isBarrier in a data-flow configuration to block flow through such checks.

XmlAttributeNode

A data flow node representing an XML attribute.

Modules

ClassNode
FlowLabel
Impl

Provides classes representing various kinds of calls.

MemberKind
ModuleImportNode
PartialInvokeNode
PathGraph

Provides the query predicates needed to include a graph in a path-problem query.

PseudoProperties

A collection of pseudo-properties that are used in multiple files.

SharedFlowStep

Contains predicates for accessing the steps contributed by SharedFlowStep subclasses.

SharedTypeTrackingStep

Provides access to the steps contributed by subclasses of SharedTypeTrackingStep.

SourceNode
TypeBackTracker
TypeTracker

Aliases

LocalSourceNode

An alias for SourceNode.

TaintKind

A kind of taint tracked by a taint-tracking configuration.

argumentPassingStep

Holds if arg is passed as an argument into parameter parm through invocation invk of function f.