CodeQL for JavaScript and TypeScript¶
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from JavaScript and TypeScript codebases.
- Basic query for JavaScript and TypeScript code: Learn to write and run a simple CodeQL query.
- CodeQL library for JavaScript: When you’re analyzing a JavaScript program, you can make use of the large collection of classes in the CodeQL library for JavaScript.
- CodeQL library for TypeScript: When you’re analyzing a TypeScript program, you can make use of the large collection of classes in the CodeQL library for TypeScript.
- CodeQL CTF: XSS-unsafe jQuery plugins: Follow the steps that members of GitHub Security Lab went through to find cross-site scripting vulnerabilities in Bootstrap’s jQuery plugins.
- Analyzing data flow in JavaScript and TypeScript: This topic describes how data flow analysis is implemented in the CodeQL libraries for JavaScript/TypeScript and includes examples to help you write your own data flow queries.
- Using flow labels for precise data flow analysis: You can associate flow labels with each value tracked by the flow analysis to determine whether the flow contains potential vulnerabilities.
- Using type tracking for API modeling: You can track data through an API by creating a model using the CodeQL type-tracking library for JavaScript.
- Abstract syntax tree classes for working with JavaScript and TypeScript programs: CodeQL has a large selection of classes for representing the abstract syntax tree of JavaScript and TypeScript programs.
- Data flow cheat sheet for JavaScript: This article describes parts of the JavaScript libraries commonly used for variant analysis and in data flow queries.
- Customizing library models for JavaScript: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs.