CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.2.1-dev (changelog, source)
Search

Module ApiGraphModelsSpecific

Contains the language-specific part of the models-as-data implementation found in ApiGraphModels.qll.

It must export the following members:

class Unit // a unit type
class InvokeNode // a type representing an invocation connected to the API graph
module API // the API graph module
predicate isPackageUsed(string package)
API::Node getExtraNodeFromPath(string package, string type, string path, int n)
API::Node getExtraSuccessorFromNode(API::Node node, AccessPathTokenBase token)
API::Node getExtraSuccessorFromInvoke(InvokeNode node, AccessPathTokenBase token)
predicate invocationMatchesExtraCallSiteFilter(InvokeNode invoke, AccessPathTokenBase token)
InvokeNode getAnInvocationOf(API::Node node)
predicate isExtraValidTokenNameInIdentifyingAccessPath(string name)
predicate isExtraValidNoArgumentTokenInIdentifyingAccessPath(string name)
predicate isExtraValidTokenArgumentInIdentifyingAccessPath(string name, string argument)

Import path

import semmle.javascript.frameworks.data.internal.ApiGraphModelsSpecific

Predicates

apiGraphHasEdge

Holds if the edge pred -> succ labelled with path exists in the API graph.

getAFuzzySuccessor
getAnInvocationOf

Gets an InvokeNode corresponding to an invocation of node.

getExtraNodeFromPath

Gets a JavaScript-specific interpretation of the (type, path) tuple after resolving the first n access path tokens.

getExtraNodeFromType

Gets a JavaScript-specific interpretation of the (package, type) tuple.

getExtraSuccessorFromInvoke

Gets a JavaScript-specific API graph successor of node reachable by resolving token.

getExtraSuccessorFromNode

Gets a JavaScript-specific API graph successor of node reachable by resolving token.

hasImplicitTypeModel

Holds if type can be obtained from an instance of otherType due to language semantics modeled by getExtraNodeFromType.

invocationMatchesExtraCallSiteFilter

Holds if invoke matches the JS-specific call site filter in token.

isExtraValidNoArgumentTokenInIdentifyingAccessPath

Holds if name is a valid name for an access path token with no arguments, occurring in an identifying access path.

isExtraValidTokenArgumentInIdentifyingAccessPath

Holds if argument is a valid argument to an access path token with the given name, occurring in an identifying access path.

isExtraValidTokenNameInIdentifyingAccessPath

Holds if name is a valid name for an access path token in the identifying access path.

isPackageUsed

Holds if models describing package may be relevant for the analysis of this database.

isTypeUsed
parseTypeString

Holds if rawType represents the JavaScript type qualifiedName from the given NPM package.

sourceFlowsToSink

Holds if the value of source is exposed at sink.

summaryStep

Holds if a CSV summary contributed the step pred -> succ of the given kind.

Modules

Aliases

API

Provides classes and predicates for working with the API boundary between the current codebase and external libraries.

DataFlow
InvokeNode

An InvokeNode that is connected to the API graph.

Location

A location as given by a file, a start line, a start column, an end line, and an end column.