CodeQL for JavaScript¶
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from JavaScript codebases.
Basic query for JavaScript code: Learn to write and run a simple CodeQL query using LGTM.
CodeQL library for JavaScript: When you’re analyzing a JavaScript program, you can make use of the large collection of classes in the CodeQL library for JavaScript.
CodeQL library for TypeScript: When you’re analyzing a TypeScript program, you can make use of the large collection of classes in the CodeQL library for TypeScript.
Analyzing data flow in JavaScript and TypeScript: This topic describes how data flow analysis is implemented in the CodeQL libraries for JavaScript/TypeScript and includes examples to help you write your own data flow queries.
Using flow labels for precise data flow analysis: You can associate flow labels with each value tracked by the flow analysis to determine whether the flow contains potential vulnerabilities.
Specifying remote flow sources for JavaScript: You can model potential sources of untrusted user input in your code without making changes to the CodeQL standard library by specifying extra remote flow sources in an external file.
Using type tracking for API modeling: You can track data through an API by creating a model using the CodeQL type-tracking library for JavaScript.
Abstract syntax tree classes for working with JavaScript and TypeScript programs: CodeQL has a large selection of classes for representing the abstract syntax tree of JavaScript and TypeScript programs.
Data flow cheat sheet for JavaScript: This article describes parts of the JavaScript libraries commonly used for variant analysis and in data flow queries.