Class DataFlow::TypeTracker
A summary of the steps needed to track a value to a given dataflow node.
This can be used to track objects that implement a certain API in order to recognize calls to that API. Note that type-tracking does not by itself provide a source/sink relation, that is, it may determine that a node has a given type, but it won’t determine where that type came from.
It is recommended that all uses of this type are written in the following form,
for tracking some type myType
:
DataFlow::SourceNode myType(DataFlow::TypeTracker t) {
t.start() and
result = < source of myType >
or
exists (DataFlow::TypeTracker t2 |
result = myType(t2).track(t2, t)
)
}
DataFlow::SourceNode myType() { result = myType(DataFlow::TypeTracker::end()) }
Instead of result = myType(t2).track(t2, t)
, you can also use the equivalent
t = t2.step(myType(t2), result)
. If you additionally want to track individual
intra-procedural steps, use t = t2.smallstep(myCallback(t2), result)
.
To track values backwards, which can be useful for tracking the type of a callback,
use the TypeBackTracker
class instead.
Import path
import javascript
Direct supertypes
Predicates
append | Gets the summary resulting from appending |
call | Holds if this is the starting point of type tracking when tracking a parameter into a call, but not out of it. |
continue | Gets a type tracker that starts where this one has left off to allow continued tracking. |
end | Holds if this is the end point of type tracking. |
hasCall | INTERNAL. DO NOT USE. |
smallstep | Gets the summary that corresponds to having taken a forwards local, heap and/or inter-procedural step from |
start | Holds if this is the starting point of type tracking. |
startInPromise | Holds if this is the starting point of type tracking, and the initial value is a promise. The type tracking only ends after the value has been extracted from the promise. |
startInProp | Holds if this is the starting point of type tracking, and the value starts in the property named |
step | Gets the summary that corresponds to having taken a forwards heap and/or inter-procedural step from |
toString | Gets a textual representation of this summary. |