Skip to content

Commit 331f308

Browse files
authored
Merge pull request github#13692 from Marcono1234/patch-1
Mention needed imports at top of "Analyzing data flow in Java"
2 parents dcc2b2c + e124b07 commit 331f308

File tree

1 file changed

+15
-2
lines changed

1 file changed

+15
-2
lines changed

docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,13 @@ Local data flow is data flow within a single method or callable. Local data flow
2727
Using local data flow
2828
~~~~~~~~~~~~~~~~~~~~~
2929

30-
The local data flow library is in the module ``DataFlow``, which defines the class ``Node`` denoting any element that data can flow through. ``Node``\ s are divided into expression nodes (``ExprNode``) and parameter nodes (``ParameterNode``). You can map between data flow nodes and expressions/parameters using the member predicates ``asExpr`` and ``asParameter``:
30+
To use the data flow library you need the following import:
31+
32+
.. code-block:: ql
33+
34+
import semmle.code.java.dataflow.DataFlow
35+
36+
The ``DataFlow`` module defines the class ``Node`` denoting any element that data can flow through. ``Node``\ s are divided into expression nodes (``ExprNode``) and parameter nodes (``ParameterNode``). You can map between data flow nodes and expressions/parameters using the member predicates ``asExpr`` and ``asParameter``:
3137

3238
.. code-block:: ql
3339
@@ -75,7 +81,14 @@ Local taint tracking extends local data flow by including non-value-preserving f
7581
7682
If ``x`` is a tainted string then ``y`` is also tainted.
7783

78-
The local taint tracking library is in the module ``TaintTracking``. Like local data flow, a predicate ``localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo)`` holds if there is an immediate taint propagation edge from the node ``nodeFrom`` to the node ``nodeTo``. You can apply the predicate recursively by using the ``+`` and ``*`` operators, or by using the predefined recursive predicate ``localTaint``, which is equivalent to ``localTaintStep*``.
84+
85+
To use the taint tracking library you need the following import:
86+
87+
.. code-block:: ql
88+
89+
import semmle.code.java.dataflow.TaintTracking
90+
91+
Like local data flow, a predicate ``localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo)`` holds if there is an immediate taint propagation edge from the node ``nodeFrom`` to the node ``nodeTo``. You can apply the predicate recursively by using the ``+`` and ``*`` operators, or by using the predefined recursive predicate ``localTaint``, which is equivalent to ``localTaintStep*``.
7992

8093
For example, you can find taint propagation from a parameter ``source`` to an expression ``sink`` in zero or more local steps:
8194

0 commit comments

Comments
 (0)