Module EndpointNaming

Provides predicates for generating names for classes and functions that are part of the public API of a library.

When possible, we try to use the qualified name by which a class/function can be accessed from client code.

However, there are cases where classes and functions can be exposed to client code without being accessible as a qualified name. For example;

// 'Foo' is internal, but clients can call its methods, e.g. `getFoo().m()`
class Foo {
  m() {}
}
export function getFoo() {
  return new Foo();
}

// Clients can call m() via getObj().m()
export function getObj() {
  return {
    m() {}
  }
}

In these cases, we try to make up human-readable names for the endpoints. We make an effort to make these unambiguous in practice, though this is not always guaranteed.

Import path

import semmle.javascript.endpoints.EndpointNaming

Predicates

aliasDefinition	Holds if `(package, name)` is an alias for `(targetPackage, targetName)`, defined at `aliasDef`.
functionHasPrimaryName	Holds if `(package, name)` is the primary name for the given `function`.
isPrivateLike	Holds if `node` is the sink node corresponding to the right-hand side of a private declaration, like a private field (`#field`) or class member with the `private` modifier.
nodeReachingSink	Gets a source node that can flow to `sink` without using a return step.
renderName	Converts a `(package, name)` pair to a string of form `(package).name`.
sinkHasPrimaryName	Holds if `(package, name)` is the primary name to associate with `node`.

Modules

Debug

Contains query predicates for emitting debugging information about endpoint naming.