You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst
+4-6Lines changed: 4 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -44,9 +44,7 @@ In this example, we'll show how to add the following argument, passed to **execa
44
44
import { shell } from"execa";
45
45
shell(cmd); // <-- add 'cmd' as a taint sink
46
46
47
-
This sink is already recognized by the CodeQL JS analysis, but for the sake of this example we'll show how it could be added as an extension.
48
-
49
-
This can be achieved with the following data extension:
47
+
Note that this sink is already recognized by the CodeQL JS analysis, but for this example, you could use the following data extension:
50
48
51
49
.. code-block:: yaml
52
50
@@ -79,7 +77,7 @@ In this example, we'll show how the **event.data** expression below could be mar
79
77
let data =event.data; // <-- add 'event.data' as a taint source
80
78
});
81
79
82
-
This source is already known by the CodeQL JS analysis, but we'll show how it could be added as an extension. This can be achieved with the following extension:
80
+
Note that this source is already known by the CodeQL JS analysis, but for this example, you could use the following data extension:
83
81
84
82
.. code-block:: yaml
85
83
@@ -220,7 +218,7 @@ In this example, we'll show how to add flow through calls to `decodeURIComponent
220
218
221
219
let y =decodeURIComponent(x); // add taint flow from 'x' to 'y'
222
220
223
-
This flow is already recognized by the CodeQL JS analysis, but this is how it could be added with an extension:
221
+
Note that this flow is already recognized by the CodeQL JS analysis, but for this example, you could use the following data extension:
224
222
225
223
.. code-block:: yaml
226
224
@@ -258,7 +256,7 @@ In this example, we'll show how to add flow through calls to **forEach** from th
258
256
259
257
require('underscore').forEach([x, y], (v) => { ... }); // add value flow from 'x' and 'y' to 'v'
260
258
261
-
This flow is already recognized by the CodeQL JS analysis, but we'll show how it could be added with an extension.
259
+
Note that this flow is already recognized by the CodeQL JS analysis, but for this example, you could use the following data extension:
0 commit comments