You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,13 +14,13 @@ A data extension for JavaScript is a YAML file of form:
14
14
extensions:
15
15
- addsTo:
16
16
pack: codeql/javascript-all
17
-
extensible: <name of extension point>
17
+
extensible: <name of extensible predicate>
18
18
data:
19
19
- <tuple1>
20
20
- <tuple2>
21
21
- ...
22
22
23
-
The data extension can contribute to the following extension points:
23
+
The data extension can contribute to the following extensible predicates:
24
24
25
25
- **sourceModel**\(type, path, kind)
26
26
- **sinkModel**\(type, path, kind)
@@ -56,7 +56,7 @@ This can be achieved with the following data extension:
56
56
57
57
To break this down:
58
58
59
-
- Since we're adding a new sink, we add a tuple to the **sinkModel** extension point.
59
+
- Since we're adding a new sink, we add a tuple to the **sinkModel** extensible predicate.
60
60
- The first column, **"execa"**, identifies a set of values from which to begin the search for the sink.
61
61
The string **"execa"** means we start at the places where the codebase imports the NPM package **execa**.
62
62
- The second column is an access path that is evaluated from left to right, starting at the values that were identified by the first column.
@@ -94,7 +94,7 @@ This source is already known by the CodeQL JS analysis, but we'll show how it co
94
94
95
95
To break this down:
96
96
97
-
- Since we're adding a new taint source, we add a tuple to the **sourceModel** extension point.
97
+
- Since we're adding a new taint source, we add a tuple to the **sourceModel** extensible predicate.
98
98
- The first column, **"global"**, begins the search at references to the global object (also known as **window** in browser contexts). This is a special JavaScript object that contains all global variables and methods.
99
99
- **Member[addEventListener]** selects accesses to the **addEventListener** member.
100
100
- **Argument[1]** selects the second argument of calls to that member (the argument containing the callback).
@@ -193,7 +193,7 @@ Using a **typeModel** tuple we can tell our model that this function returns an
193
193
194
194
To break this down:
195
195
196
-
- Since we're providing type information, we add a tuple to the **typeModel** extension point.
196
+
- Since we're providing type information, we add a tuple to the **typeModel** extensible predicate.
197
197
- The first column, **"mysql.Connection"**, names the type that we're adding a new definition for.
198
198
- The second column, **"@example/db"**, begins the search at imports of the hypothetical NPM package **@example/db**.
199
199
- **Member[getConnection]** selects references to the **getConnection** member from that package.
@@ -238,7 +238,7 @@ This flow is already recognized by the CodeQL JS analysis, but this is how it co
238
238
239
239
To break this down:
240
240
241
-
- Since we're adding flow *through* a function call, we add a tuple to the **summaryModel** extension point.
241
+
- Since we're adding flow *through* a function call, we add a tuple to the **summaryModel** extensible predicate.
242
242
- The first column, **"global"**, begins the search for relevant calls at references to the global object.
243
243
In JavaScript, global variables are properties of the global object, so this lets us access global variables or functions.
244
244
- The second column, **Member[decodeURIComponent]**, is a path leading to the function calls we wish to model.
@@ -277,7 +277,7 @@ This flow is already recognized by the CodeQL JS analysis, but we'll show how it
277
277
278
278
To break this down:
279
279
280
-
- Since we're adding flow *through* a function call, we add a tuple to the **summaryModel** extension point.
280
+
- Since we're adding flow *through* a function call, we add a tuple to the **summaryModel** extensible predicate.
281
281
- The first column, **"underscore"**, begins the search for relevant calls at places where the **underscore** package is imported.
282
282
- The second column, **Member[forEach]**, selects references to the **forEach** member from the **underscore** package.
283
283
- The third column specifies the input of the flow:
@@ -296,10 +296,10 @@ To break this down:
296
296
Reference material
297
297
------------------
298
298
299
-
The following sections provide reference material for extension points, access paths, types, and kinds.
299
+
The following sections provide reference material for extensible predicates, access paths, types, and kinds.
300
300
301
-
Extension points
302
-
----------------
301
+
Extensible predicates
302
+
---------------------
303
303
304
304
sourceModel(type, path, kind)
305
305
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -397,7 +397,7 @@ Types
397
397
-----
398
398
399
399
A type is a string that identifies a set of values.
400
-
In each of the extension points mentioned above, the first column is always the name of a type.
400
+
In each of the extensible predicates mentioned above, the first column is always the name of a type.
401
401
A type can be defined by adding **typeModel** tuples for that type. Additionally, the following built-in types are available:
402
402
403
403
- The name of an NPM package matches imports of that package. For example, the type **express** matches the expression **require("express")**. If the package name includes dots, it must be surrounded by single quotes, such as in **'lodash.escape'**.
0 commit comments