You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst
+15-14Lines changed: 15 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,18 +17,6 @@ The following sections describe how to use the libraries for local data flow, gl
17
17
18
18
For a more general introduction to modeling data flow, see ":ref:`About data flow analysis <about-data-flow-analysis>`."
19
19
20
-
For data flow you need the following import:
21
-
22
-
.. code-block:: ql
23
-
24
-
import semmle.code.java.dataflow.DataFlow
25
-
26
-
For taint tracking you need this import:
27
-
28
-
.. code-block:: ql
29
-
30
-
import semmle.code.java.dataflow.TaintTracking
31
-
32
20
Local data flow
33
21
---------------
34
22
@@ -37,7 +25,13 @@ Local data flow is data flow within a single method or callable. Local data flow
37
25
Using local data flow
38
26
~~~~~~~~~~~~~~~~~~~~~
39
27
40
-
The local data flow library is in the module ``DataFlow``, which defines the class ``Node`` denoting any element that data can flow through. ``Node``\ s are divided into expression nodes (``ExprNode``) and parameter nodes (``ParameterNode``). You can map between data flow nodes and expressions/parameters using the member predicates ``asExpr`` and ``asParameter``:
28
+
To use the data flow library you need the following import:
29
+
30
+
.. code-block:: ql
31
+
32
+
import semmle.code.java.dataflow.DataFlow
33
+
34
+
The ``DataFlow`` module defines the class ``Node`` denoting any element that data can flow through. ``Node``\ s are divided into expression nodes (``ExprNode``) and parameter nodes (``ParameterNode``). You can map between data flow nodes and expressions/parameters using the member predicates ``asExpr`` and ``asParameter``:
41
35
42
36
.. code-block:: ql
43
37
@@ -85,7 +79,14 @@ Local taint tracking extends local data flow by including non-value-preserving f
85
79
86
80
If ``x`` is a tainted string then ``y`` is also tainted.
87
81
88
-
The local taint tracking library is in the module ``TaintTracking``. Like local data flow, a predicate ``localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo)`` holds if there is an immediate taint propagation edge from the node ``nodeFrom`` to the node ``nodeTo``. You can apply the predicate recursively by using the ``+`` and ``*`` operators, or by using the predefined recursive predicate ``localTaint``, which is equivalent to ``localTaintStep*``.
82
+
83
+
To use the taint tracking library you need the following import:
84
+
85
+
.. code-block:: ql
86
+
87
+
import semmle.code.java.dataflow.TaintTracking
88
+
89
+
Like local data flow, a predicate ``localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo)`` holds if there is an immediate taint propagation edge from the node ``nodeFrom`` to the node ``nodeTo``. You can apply the predicate recursively by using the ``+`` and ``*`` operators, or by using the predefined recursive predicate ``localTaint``, which is equivalent to ``localTaintStep*``.
89
90
90
91
For example, you can find taint propagation from a parameter ``source`` to an expression ``sink`` in zero or more local steps:
0 commit comments