CodeQL library for JavaScript
codeql/javascript-all 0.6.2 ( changelog , source )

Predicate TaintTracking :: promiseStep

Holds if predsucc should be considered a taint-propagating data flow edge through a promise.

These steps consider a promise object to tainted if it can resolve to a tainted value.

Import path

import javascript
predicate promiseStep ( Node pred , Node succ )