Skip to content

Commit a97d345

Browse files
committed
JS: Add DataFlow::SharedFlowStep to future-proof the tutorial
1 parent d74e84a commit a97d345

File tree

2 files changed

+50
-1
lines changed

2 files changed

+50
-1
lines changed

docs/codeql/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -456,7 +456,7 @@ to wrap it in a new subclass of ``TaintTracking::SharedTaintStep`` like this:
456456
If we add this definition to the standard library, it will be picked up by all taint-tracking configurations. Obviously, one has to be
457457
careful when adding such new additional taint steps to ensure that they really make sense for `all` configurations.
458458
459-
Analogous to ``TaintTracking::SharedTaintStep``, there is also a class ``DataFlow::AdditionalFlowStep`` that can be extended to add
459+
Analogous to ``TaintTracking::SharedTaintStep``, there is also a class ``DataFlow::SharedFlowStep`` that can be extended to add
460460
extra steps to all data-flow configurations, and hence also to all taint-tracking configurations.
461461
462462
Exercises

javascript/ql/src/semmle/javascript/dataflow/Configuration.qll

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,7 @@ private import javascript
7272
private import internal.FlowSteps
7373
private import internal.AccessPaths
7474
private import internal.CallGraphs
75+
private import internal.Unit
7576
private import semmle.javascript.internal.CachedStages
7677

7778
/**
@@ -609,6 +610,54 @@ abstract class AdditionalFlowStep extends DataFlow::Node {
609610
}
610611
}
611612

613+
/**
614+
* A data flow edge that should be added to all data flow configurations in
615+
* addition to standard data flow edges.
616+
*
617+
* This class is a singleton, and thus subclasses do not need to specify a characteristic predicate.
618+
*
619+
* Note: For performance reasons, all subclasses of this class should be part
620+
* of the standard library. Override `Configuration::isAdditionalFlowStep`
621+
* for analysis-specific flow steps.
622+
*/
623+
class SharedFlowStep extends Unit {
624+
/**
625+
* Holds if `pred` → `succ` should be considered a data flow edge.
626+
*/
627+
predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() }
628+
629+
/**
630+
* Holds if `pred` → `succ` should be considered a data flow edge
631+
* transforming values with label `predlbl` to have label `succlbl`.
632+
*/
633+
predicate step(
634+
DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
635+
DataFlow::FlowLabel succlbl
636+
) {
637+
none()
638+
}
639+
}
640+
641+
/**
642+
* Contributes subclasses of `SharedFlowStep` to `AdditionalFlowStep`.
643+
*
644+
* This is a placeholder until we migrate to the `SharedFlowStep` class and deprecate `AdditionalFlowStep`.
645+
*/
646+
private class SharedStepAsAdditionalFlowStep extends AdditionalFlowStep {
647+
SharedStepAsAdditionalFlowStep() {
648+
any(SharedFlowStep st).step(_, this) or
649+
any(SharedFlowStep st).step(_, this, _, _)
650+
}
651+
652+
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
653+
any(SharedFlowStep st).step(pred, succ) and succ = this
654+
}
655+
656+
override predicate step(DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, DataFlow::FlowLabel succlbl) {
657+
any(SharedFlowStep st).step(pred, succ, predlbl, succlbl) and succ = this
658+
}
659+
}
660+
612661
/**
613662
* A collection of pseudo-properties that are used in multiple files.
614663
*

0 commit comments

Comments
 (0)