You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Since we're adding a new sink, we add a tuple to the **sinkModel** extension point.
61
+
- Since we're adding a new sink, we add a tuple to the **sinkModel** extensible predicate.
62
62
- The first column, **"execa"**, identifies a set of values from which to begin the search for the sink.
63
63
The string **"execa"** means we start at the places where the codebase imports the NPM package **execa**.
64
64
- The second column is an access path that is evaluated from left to right, starting at the values that were identified by the first column.
@@ -95,7 +95,7 @@ This source is already known by the CodeQL JS analysis, but we'll show how it co
95
95
]
96
96
97
97
98
-
- Since we're adding a new taint source, we add a tuple to the **sourceModel** extension point.
98
+
- Since we're adding a new taint source, we add a tuple to the **sourceModel** extensible predicate.
99
99
- The first column, **"global"**, begins the search at references to the global object (also known as **window** in browser contexts). This is a special JavaScript object that contains all global variables and methods.
100
100
- **Member[addEventListener]** selects accesses to the **addEventListener** member.
101
101
- **Argument[1]** selects the second argument of calls to that member (the argument containing the callback).
@@ -192,7 +192,7 @@ Using a **typeModel** tuple we can tell our model that this function returns an
- Since we're providing type information, we add a tuple to the **typeModel** extension point.
195
+
- Since we're providing type information, we add a tuple to the **typeModel** extensible predicate.
196
196
- The first column, **"mysql.Connection"**, names the type that we're adding a new definition for.
197
197
- The second column, **"@example/db"**, begins the search at imports of the hypothetical NPM package **@example/db**.
198
198
- **Member[getConnection]** selects references to the **getConnection** member from that package.
@@ -236,7 +236,7 @@ This flow is already recognized by the CodeQL JS analysis, but this is how it co
236
236
]
237
237
238
238
239
-
- Since we're adding flow through a function call, we add a tuple to the **summaryModel** extension point.
239
+
- Since we're adding flow through a function call, we add a tuple to the **summaryModel** extensible predicate.
240
240
- The first column, **"global"**, begins the search for relevant calls at references to the global object.
241
241
In JavaScript, global variables are properties of the global object, so this lets us access global variables or functions.
242
242
- The second column, **Member[decodeURIComponent]**, is a path leading to the function calls we wish to model.
@@ -274,7 +274,7 @@ This flow is already recognized by the CodeQL JS analysis, but we'll show how it
274
274
]
275
275
276
276
277
-
- Since we're adding flow through a function call, we add a tuple to the **summaryModel** extension point.
277
+
- Since we're adding flow through a function call, we add a tuple to the **summaryModel** extensible predicate.
278
278
- The first column, **"underscore"**, begins the search for relevant calls at places where the **underscore** package is imported.
279
279
- The second column, **Member[forEach]**, selects references to the **forEach** member from the **underscore** package.
280
280
- The third column specifies the input of the flow:
@@ -293,10 +293,10 @@ This flow is already recognized by the CodeQL JS analysis, but we'll show how it
293
293
Reference material
294
294
------------------
295
295
296
-
The following sections provide reference material for extension points, access paths, types, and kinds.
296
+
The following sections provide reference material for extensible predicates, access paths, types, and kinds.
297
297
298
-
Extension points
299
-
----------------
298
+
Extensible predicates
299
+
---------------------
300
300
301
301
sourceModel(type, path, kind)
302
302
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -394,7 +394,7 @@ Types
394
394
-----
395
395
396
396
A type is a string that identifies a set of values.
397
-
In each of the extension points mentioned above, the first column is always the name of a type.
397
+
In each of the extensible predicates mentioned above, the first column is always the name of a type.
398
398
A type can be defined by adding **typeModel** tuples for that type. Additionally, the following built-in types are available:
399
399
400
400
- The name of an NPM package matches imports of that package. For example, the type **express** matches the expression **require("express")**. If the package name includes dots, it must be surrounded by single quotes, such as in **'lodash.escape'**.
0 commit comments