CodeQL library for JavaScript

Module BackwardDataFlow

Provides machinery for performing backward data-flow exploration.

Importing this module effectively makes all data-flow and taint-tracking configurations ignore their isSource predicate. Instead, flow is tracked from any initial node (that is, a node without incoming flow) to a sink node. All initial nodes are then treated as source nodes.

Data-flow exploration cannot be used with configurations depending on other configurations.

NOTE: This library should only be used for debugging and exploration, not in production code. Backward exploration in particular does not scale on non-trivial code bases and hence is of limited usefulness as it stands.

Import path

import semmle.javascript.explore.BackwardDataFlow



Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.