Skip to content

Commit 3f4ecd5

Browse files
asgerfasgerf
committed
JS: Add underscore.forEach example
1 parent cfdac73 commit 3f4ecd5

File tree

1 file changed

+44
-0
lines changed

1 file changed

+44
-0
lines changed

docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -255,6 +255,50 @@ To break this down:
255255
- The last column, **taint**, indicates the kind of flow to add. The value **taint** means the output is not necessarily equal
256256
to the input, but was was derived from the input in a taint-preserving way.
257257

258+
Example: Adding flow through 'underscore.forEach'
259+
-------------------------------------------------
260+
261+
In this example, we'll show how to add flow through calls to **forEach** from the **underscore** package:
262+
263+
.. code-block:: js
264+
265+
require('underscore').forEach([x, y], (v) => { ... }); // add value flow from 'x' and 'y' to 'v'
266+
267+
This flow is already recognized by the CodeQL JS analysis, but we'll show how it could be added with an extension.
268+
269+
.. code-block:: yaml
270+
271+
extensions:
272+
- addsTo:
273+
pack: codeql/javascript-all
274+
extensible: summaryModel
275+
data:
276+
- [
277+
"underscore",
278+
"Member[forEach]",
279+
"Argument[0].ArrayElement",
280+
"Argument[1].Parameter[0]",
281+
"value",
282+
]
283+
284+
To break this down:
285+
286+
- Since we're adding flow *through* a function call, we add a tuple to the **summaryModel** extension point.
287+
- The first column, **"underscore"**, begins the search for relevant calls at places where the **underscore** package is imported.
288+
- The second column, **Member[forEach]**, selects references to the **forEach** member from the **underscore** package.
289+
- The third column specifies the input of the flow:
290+
291+
- **Argument[0]** selects the first argument of **forEach**, which is the array being iterated over.
292+
- **ArrayElement** selects the elements of that array (the expressions **x** and **y**).
293+
294+
- The fourth column specifies the output of the flow:
295+
296+
- **Argument[1]** selects the second argument of **forEach** (the argument containing the callback function).
297+
- **Parameter[0]** selects the first parameter of the callback function (the parameter named **v**).
298+
299+
- The last column, **value**, indicates the kind of flow to add. The value **value** means the input value is unchanged as
300+
it flows to the output.
301+
258302
Reference material
259303
------------------
260304

0 commit comments

Comments
 (0)