CodeQL for JavaScript and TypeScript¶
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from JavaScript and TypeScript codebases.
Basic query for JavaScript and TypeScript code: Learn to write and run a simple CodeQL query.
CodeQL library for JavaScript: When you’re analyzing a JavaScript program, you can make use of the large collection of classes in the CodeQL library for JavaScript.
CodeQL library for TypeScript: When you’re analyzing a TypeScript program, you can make use of the large collection of classes in the CodeQL library for TypeScript.
CodeQL CTF: XSS-unsafe jQuery plugins: Follow the steps that members of GitHub Security Lab went through to find cross-site scripting vulnerabilities in Bootstrap’s jQuery plugins.
Analyzing data flow in JavaScript and TypeScript: This topic describes how data flow analysis is implemented in the CodeQL libraries for JavaScript/TypeScript and includes examples to help you write your own data flow queries.
Using flow labels for precise data flow analysis: You can associate flow labels with each value tracked by the flow analysis to determine whether the flow contains potential vulnerabilities.
Using type tracking for API modeling: You can track data through an API by creating a model using the CodeQL type-tracking library for JavaScript.
Abstract syntax tree classes for working with JavaScript and TypeScript programs: CodeQL has a large selection of classes for representing the abstract syntax tree of JavaScript and TypeScript programs.
Data flow cheat sheet for JavaScript: This article describes parts of the JavaScript libraries commonly used for variant analysis and in data flow queries.
Customizing library models for JavaScript: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs.
Migrating JavaScript dataflow queries: Guide on migrating data flow queries to the new data flow library.