hohn/codeql-info
1
0
Fork 0
mirror of https://github.com/hohn/codeql-info.git synced 2025-12-16 20:53:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
codeql-info/ql/docs/language/learn-ql/build.html-5f4acb8/codeql-language-guides/data-flow-cheat-sheet-for-javascript.html
Michael Hohn e52393de06 Build class-based dataflow documentation
2023-11-20 11:57:03 -08:00

547 lines
53 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en" data-content_root="../">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Data flow cheat sheet for JavaScript &#8212; CodeQL</title>
<link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="../_static/alabaster.css?v=93459777" />
<script src="../_static/documentation_options.js?v=5929fcd5"></script>
<script src="../_static/doctools.js?v=888ff710"></script>
<script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
<link rel="icon" href="../_static/favicon.ico"/>
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="CodeQL for Python" href="codeql-for-python.html" />
<link rel="prev" title="Abstract syntax tree classes for working with JavaScript and TypeScript programs" href="abstract-syntax-tree-classes-for-working-with-javascript-and-typescript-programs.html" />
<title>CodeQL docs</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
<link rel="stylesheet" href="../_static/primer.css" type="text/css" />
</head><body>
<header class="Header">
<div class="Header-item--full">
<a href="https://codeql.github.com/docs" class="Header-link f2 d-flex flex-items-center">
<!-- <%= octicon "mark-github", class: "mr-2", height: 32 %> -->
<svg height="32" class="octicon octicon-mark-github mr-2" viewBox="0 0 16 16" version="1.1" width="32"
aria-hidden="true">
<path fill-rule="evenodd"
d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0 0 16 8c0-4.42-3.58-8-8-8z">
</path>
</svg>
<span class="hide-sm">CodeQL documentation</span>
</a>
</div>
<div class="Header-item hide-sm hide-md">
<script src="https://addsearch.com/js/?key=93b4d287e2fc079a4089412b669785d5&categories=!0xhelp.semmle.com,0xcodeql.github.com,1xdocs,1xcodeql-standard-libraries,1xcodeql-query-help"></script>
</div>
<div class="Header-item">
<details class="dropdown details-reset details-overlay d-inline-block">
<summary class="btn bg-gray-dark text-white border" aria-haspopup="true">
CodeQL resources
<div class="dropdown-caret"></div>
</summary>
<ul class="dropdown-menu dropdown-menu-se dropdown-menu-dark">
<li><a class="dropdown-item" href="https://codeql.github.com/docs/codeql-overview">CodeQL overview</a></li>
<li class="dropdown-divider" role="separator"></li>
<div class="dropdown-header">
CodeQL tools
</div>
<li><a class="dropdown-item" href="https://codeql.github.com/docs/codeql-for-visual-studio-code">CodeQL for VS Code</a>
<li><a class="dropdown-item" href="https://codeql.github.com/docs/codeql-cli">CodeQL CLI</a>
</li>
<li class="dropdown-divider" role="separator"></li>
<div class="dropdown-header">
CodeQL guides
</div>
<li><a class="dropdown-item" href="https://codeql.github.com/docs/writing-codeql-queries">Writing CodeQL queries</a></li>
<li><a class="dropdown-item" href="https://codeql.github.com/docs/codeql-language-guides">CodeQL language guides</a>
<li class="dropdown-divider" role="separator"></li>
<div class="dropdown-header">
Reference docs
</div>
<li><a class="dropdown-item" href="https://codeql.github.com/docs/ql-language-reference/">QL language
reference</a>
<li><a class="dropdown-item" href="https://codeql.github.com/codeql-standard-libraries">CodeQL
standard-libraries</a>
<li><a class="dropdown-item" href="https://codeql.github.com/codeql-query-help">CodeQL
query help</a>
<li class="dropdown-divider" role="separator"></li>
<div class="dropdown-header">
Source files
</div>
<li><a class="dropdown-item" href="https://github.com/github/codeql">CodeQL repository</a>
</ul>
</details>
</div>
</header>
<main class="bg-gray-light clearfix">
<nav class="SideNav position-sticky top-0 col-lg-3 col-md-3 float-left p-4 hide-sm hide-md overflow-y-auto">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../codeql-overview/index.html">CodeQL overview</a></li>
<li class="toctree-l1"><a class="reference internal" href="../codeql-for-visual-studio-code/index.html">CodeQL for Visual Studio Code</a></li>
<li class="toctree-l1"><a class="reference internal" href="../codeql-cli/index.html">CodeQL CLI</a></li>
<li class="toctree-l1"><a class="reference internal" href="../writing-codeql-queries/index.html">Writing CodeQL queries</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">CodeQL language guides</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="codeql-for-cpp.html">CodeQL for C and C++</a></li>
<li class="toctree-l2"><a class="reference internal" href="codeql-for-csharp.html">CodeQL for C#</a></li>
<li class="toctree-l2"><a class="reference internal" href="codeql-for-go.html">CodeQL for Go</a></li>
<li class="toctree-l2"><a class="reference internal" href="codeql-for-java.html">CodeQL for Java</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="codeql-for-javascript.html">CodeQL for JavaScript</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="basic-query-for-javascript-code.html">Basic query for JavaScript code</a></li>
<li class="toctree-l3"><a class="reference internal" href="codeql-library-for-javascript.html">CodeQL library for JavaScript</a></li>
<li class="toctree-l3"><a class="reference internal" href="codeql-library-for-typescript.html">CodeQL library for TypeScript</a></li>
<li class="toctree-l3"><a class="reference internal" href="analyzing-data-flow-in-javascript-and-typescript.html">Analyzing data flow in JavaScript and TypeScript</a></li>
<li class="toctree-l3"><a class="reference internal" href="using-flow-labels-for-precise-data-flow-analysis.html">Using flow labels for precise data flow analysis</a></li>
<li class="toctree-l3"><a class="reference internal" href="specifying-additional-remote-flow-sources-for-javascript.html">Specifying additional remote flow sources for JavaScript</a></li>
<li class="toctree-l3"><a class="reference internal" href="using-type-tracking-for-api-modeling.html">Using type tracking for API modeling</a></li>
<li class="toctree-l3"><a class="reference internal" href="abstract-syntax-tree-classes-for-working-with-javascript-and-typescript-programs.html">Abstract syntax tree classes for working with JavaScript and TypeScript programs</a></li>
<li class="toctree-l3 current"><a class="current reference internal" href="#">Data flow cheat sheet for JavaScript</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="codeql-for-python.html">CodeQL for Python</a></li>
<li class="toctree-l2"><a class="reference internal" href="codeql-for-ruby.html">CodeQL for Ruby</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../ql-language-reference/index.html">QL language reference</a></li>
</ul>
</nav>
<div class="body col-sm-12 col-md-9 col-lg-9 float-left border-left">
<div class="hide-lg hide-xl px-4 pt-4">
<div class="related" role="navigation" aria-label="related navigation">
<ul>
<li class="nav-item nav-item-0"><a href="../contents.html">CodeQL</a> &#187;</li>
<li class="nav-item nav-item-1"><a href="index.html"
>CodeQL language guides</a> &#187;</li>
<li class="nav-item nav-item-2"><a href="codeql-for-javascript.html"
accesskey="U">CodeQL for JavaScript</a> &#187;</li>
</ul>
</div>
</div>
<article class="p-4 col-lg-10 col-md-10 col-sm-12">
<section id="data-flow-cheat-sheet-for-javascript">
<span id="id1"></span><h1>Data flow cheat sheet for JavaScript<a class="headerlink" href="#data-flow-cheat-sheet-for-javascript" title="Link to this heading"></a></h1>
<p>This article describes parts of the JavaScript libraries commonly used for variant analysis and in data flow queries.</p>
<section id="taint-tracking-path-queries">
<h2>Taint tracking path queries<a class="headerlink" href="#taint-tracking-path-queries" title="Link to this heading"></a></h2>
<p>Use the following template to create a taint tracking path query:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>/**
* @kind path-problem
*/
import javascript
import DataFlow
import DataFlow::PathGraph
class MyConfig extends TaintTracking::Configuration {
MyConfig() { this = &quot;MyConfig&quot; }
override predicate isSource(Node node) { ... }
override predicate isSink(Node node) { ... }
override predicate isAdditionalTaintStep(Node pred, Node succ) { ... }
}
from MyConfig cfg, PathNode source, PathNode sink
where cfg.hasFlowPath(source, sink)
select sink.getNode(), source, sink, &quot;taint from $@.&quot;, source.getNode(), &quot;here&quot;
</pre></div>
</div>
<p>This query reports flow paths which:</p>
<ul class="simple">
<li><p>Begin at a node matched by <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Configuration.qll/predicate.Configuration$Configuration$isSource.1.html">isSource</a>.</p></li>
<li><p>Step through variables, function calls, properties, strings, arrays, promises, exceptions, and steps added by <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/TaintTracking.qll/predicate.TaintTracking$TaintTracking$Configuration$isAdditionalTaintStep.2.html">isAdditionalTaintStep</a>.</p></li>
<li><p>End at a node matched by <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Configuration.qll/predicate.Configuration$Configuration$isSink.1.html">isSink</a>.</p></li>
</ul>
<p>See also: “<a class="reference external" href="https://codeql.github.com/docs/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript/#global-data-flow">Global data flow</a>” and “<a class="reference internal" href="../writing-codeql-queries/creating-path-queries.html#creating-path-queries"><span class="std std-ref">Creating path queries</span></a>.”</p>
</section>
<section id="dataflow-module">
<h2>DataFlow module<a class="headerlink" href="#dataflow-module" title="Link to this heading"></a></h2>
<p>Use data flow nodes to match program elements independently of syntax. See also: “<a class="reference internal" href="analyzing-data-flow-in-javascript-and-typescript.html"><span class="doc">Analyzing data flow in JavaScript and TypeScript</span></a>.”</p>
<p>Predicates in the <code class="docutils literal notranslate"><span class="pre">DataFlow::</span></code> module:</p>
<ul class="simple">
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$moduleImport.1.html">moduleImport</a> finds uses of a module</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$moduleMember.2.html">moduleMember</a> finds uses of a module member</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$globalVarRef.1.html">globalVarRef</a> finds uses of a global variable</p></li>
</ul>
<p>Classes and member predicates in the <code class="docutils literal notranslate"><span class="pre">DataFlow::</span></code> module:</p>
<ul class="simple">
<li><dl class="simple">
<dt><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/type.DataFlow$DataFlow$Node.html">Node</a> something that can have a value, such as an expression, declaration, or SSA variable</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$Node$getALocalSource.0.html">getALocalSource</a> find the node that this came from</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$Node$getTopLevel.0.html">getTopLevel</a> top-level scope enclosing this node</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$Node$getFile.0.html">getFile</a> file containing this node</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$Node$getIntValue.0.html">getIntValue</a> value of this node if its is an integer constant</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$Node$getStringValue.0.html">getStringValue</a> value of this node if its is a string constant</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$Node$mayHaveBooleanValue.1.html">mayHaveBooleanValue</a> check if the value is <code class="docutils literal notranslate"><span class="pre">true</span></code> or <code class="docutils literal notranslate"><span class="pre">false</span></code></p></li>
</ul>
</dd>
</dl>
</li>
<li><dl class="simple">
<dt><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/type.Sources$SourceNode.html">SourceNode</a> extends <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/type.DataFlow$DataFlow$Node.html">Node</a> function call, parameter, object creation, or reference to a property or global variable</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/predicate.Sources$SourceNode$getALocalUse.0.html">getALocalUse</a> find nodes whose value came from this node</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/predicate.Sources$SourceNode$getACall.0.html">getACall</a> find calls with this as the callee</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/predicate.Sources$SourceNode$getAnInstantiation.0.html">getAnInstantiation</a> find <code class="docutils literal notranslate"><span class="pre">new</span></code>-calls with this as the callee</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/predicate.Sources$SourceNode$getAnInvocation.0.html">getAnInvocation</a> find calls or <code class="docutils literal notranslate"><span class="pre">new</span></code>-calls with this as the callee</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/predicate.Sources$SourceNode$getAMethodCall.1.html">getAMethodCall</a> find method calls with this as the receiver</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/predicate.Sources$SourceNode$getAMemberCall.1.html">getAMemberCall</a> find calls with a member of this as the callee</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/predicate.Sources$SourceNode$getAPropertyRead.1.html">getAPropertyRead</a> find property reads with this as the base</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/predicate.Sources$SourceNode$getAPropertyWrite.1.html">getAPropertyWrite</a> find property writes with this as the base</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/predicate.Sources$SourceNode$getAPropertySource.1.html">getAPropertySource</a> find nodes flowing into a property of this node</p></li>
</ul>
</dd>
</dl>
</li>
<li><dl class="simple">
<dt><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/type.Nodes$InvokeNode.html">InvokeNode</a>, <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/type.Nodes$NewNode.html">NewNode</a>, <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/type.Nodes$CallNode.html">CallNode</a>, <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/type.Nodes$MethodCallNode.html">MethodCallNode</a> extends <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/type.Sources$SourceNode.html">SourceNode</a> call to a function or constructor</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$InvokeNode$getArgument.1.html">getArgument</a> an argument to the call</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$InvokeNode$getCalleeNode.0.html">getCalleeNode</a> node being invoked as a function</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$InvokeNode$getCalleeName.0.html">getCalleeName</a> name of the variable or property being called</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$InvokeNode$getOptionArgument.2.html">getOptionArgument</a> a “named argument” passed in through an object literal</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$InvokeNode$getCallback.1.html">getCallback</a> a function passed as a callback</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$InvokeNode$getACallee.0.html">getACallee</a> - a function being called here</p></li>
<li><p>(MethodCallNode).<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$MethodCallNode$getMethodName.0.html">getMethodName</a> name of the method being invoked</p></li>
<li><p>(MethodCallNode).<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$CallNode$getReceiver.0.html">getReceiver</a> receiver of the method call</p></li>
</ul>
</dd>
</dl>
</li>
<li><dl class="simple">
<dt><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/type.Nodes$FunctionNode.html">FunctionNode</a> extends <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/type.Sources$SourceNode.html">SourceNode</a> definition of a function, including closures, methods, and class constructors</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$FunctionNode$getName.0.html">getName</a> name of the function, derived from a variable or property name</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$FunctionNode$getParameter.1.html">getParameter</a> a parameter of the function</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$FunctionNode$getReceiver.0.html">getReceiver</a> the node representing the value of <code class="docutils literal notranslate"><span class="pre">this</span></code></p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$FunctionNode$getAReturn.0.html">getAReturn</a> get a returned expression</p></li>
</ul>
</dd>
</dl>
</li>
<li><dl class="simple">
<dt><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/type.Nodes$ParameterNode.html">ParameterNode</a> extends <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/type.Sources$SourceNode.html">SourceNode</a> parameter of a function</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$ParameterNode$getName.0.html">getName</a> the parameter name, if it has one</p></li>
</ul>
</dd>
</dl>
</li>
<li><dl class="simple">
<dt><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/type.Nodes$ClassNode.html">ClassNode</a> extends <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/type.Sources$SourceNode.html">SourceNode</a> class declaration or function that acts as a class</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$ClassNode$getName.0.html">getName</a> name of the class, derived from a variable or property name</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$ClassNode$getConstructor.0.html">getConstructor</a> the constructor function</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$ClassNode$getInstanceMethod.1.html">getInstanceMethod</a> get an instance method by name</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$ClassNode$getStaticMethod.1.html">getStaticMethod</a> get a static method by name</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$ClassNode$getAnInstanceReference.0.html">getAnInstanceReference</a> find references to an instance of the class</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$ClassNode$getAClassReference.0.html">getAClassReference</a> find references to the class itself</p></li>
</ul>
</dd>
</dl>
</li>
<li><dl class="simple">
<dt><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/type.Nodes$ObjectLiteralNode.html">ObjectLiteralNode</a> extends <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/type.Sources$SourceNode.html">SourceNode</a> object literal</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/predicate.Sources$SourceNode$getAPropertyWrite.1.html">getAPropertyWrite</a> a property in the object literal</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/predicate.Sources$SourceNode$getAPropertySource.1.html">getAPropertySource</a> value flowing into a property</p></li>
</ul>
</dd>
</dl>
</li>
<li><dl class="simple">
<dt><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/type.Nodes$ArrayCreationNode.html">ArrayCreationNode</a> extends <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/type.Sources$SourceNode.html">SourceNode</a> array literal or call to <code class="docutils literal notranslate"><span class="pre">Array</span></code> constructor</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$ArrayCreationNode$getElement.1.html">getElement</a> an element of the array</p></li>
</ul>
</dd>
</dl>
</li>
<li><dl class="simple">
<dt><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/type.DataFlow$DataFlow$PropRef.html">PropRef</a>, <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/type.DataFlow$DataFlow$PropRead.html">PropRead</a>, <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/type.DataFlow$DataFlow$PropWrite.html">PropWrite</a> read or write of a property</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$PropRef$getPropertyName.0.html">getPropertyName</a> name of the property, if it is constant</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$PropRef$getPropertyNameExpr.0.html">getPropertyNameExpr</a> expression holding the name of the property</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$PropRef$getBase.0.html">getBase</a> object whose property is accessed</p></li>
<li><p>(PropWrite).<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$PropWrite$getRhs.0.html">getRhs</a> right-hand side of the property assignment</p></li>
</ul>
</dd>
</dl>
</li>
</ul>
</section>
<section id="stringops-module">
<h2>StringOps module<a class="headerlink" href="#stringops-module" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p>StringOps::<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/StringOps.qll/type.StringOps$StringOps$Concatenation.html">Concatenation</a> string concatenation, using a plus operator, template literal, or array join call</p></li>
<li><p>StringOps::<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/StringOps.qll/type.StringOps$StringOps$StartsWith.html">StartsWith</a> check if a string starts with something</p></li>
<li><p>StringOps::<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/StringOps.qll/type.StringOps$StringOps$EndsWith.html">EndsWith</a> check if a string ends with something</p></li>
<li><p>StringOps::<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/StringOps.qll/type.StringOps$StringOps$Includes.html">Includes</a> check if a string contains something</p></li>
<li><p>StringOps::<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/StringOps.qll/type.StringOps$StringOps$RegExpTest.html">RegExpTest</a> check if a string matches a RegExp</p></li>
</ul>
</section>
<section id="utility">
<h2>Utility<a class="headerlink" href="#utility" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Extend.qll/type.Extend$ExtendCall.html">ExtendCall</a> call that copies properties from one object to another</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/JsonParsers.qll/type.JsonParsers$JsonParserCall.html">JsonParserCall</a> call that deserializes a JSON string</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/JsonStringifiers.qll/type.JsonStringifiers$JsonStringifyCall.html">JsonStringifyCall</a> call that serializes a JSON string</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/frameworks/PropertyProjection.qll/type.PropertyProjection$PropertyProjection.html">PropertyProjection</a> call that extracts nested properties by name</p></li>
</ul>
</section>
<section id="system-and-network">
<h2>System and Network<a class="headerlink" href="#system-and-network" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/frameworks/ClientRequests.qll/type.ClientRequests$ClientRequest.html">ClientRequest</a> outgoing network request</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Concepts.qll/type.Concepts$DatabaseAccess.html">DatabaseAccess</a> query being submitted to a database</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Concepts.qll/type.Concepts$FileNameSource.html">FileNameSource</a> reference to a filename</p></li>
<li><dl class="simple">
<dt><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Concepts.qll/type.Concepts$FileSystemAccess.html">FileSystemAccess</a> file system operation</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Concepts.qll/type.Concepts$FileSystemReadAccess.html">FileSystemReadAccess</a> reading the contents of a file</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Concepts.qll/type.Concepts$FileSystemWriteAccess.html">FileSystemWriteAccess</a> writing to the contents of a file</p></li>
</ul>
</dd>
</dl>
</li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Concepts.qll/type.Concepts$PersistentReadAccess.html">PersistentReadAccess</a> reading from persistent storage, like cookies</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Concepts.qll/type.Concepts$PersistentWriteAccess.html">PersistentWriteAccess</a> writing to persistent storage</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Concepts.qll/type.Concepts$SystemCommandExecution.html">SystemCommandExecution</a> execution of a system command</p></li>
</ul>
</section>
<section id="untrusted-data">
<span id="data-flow-cheat-sheet-for-javascript-untrusted-data"></span><h2>Untrusted data<a class="headerlink" href="#untrusted-data" title="Link to this heading"></a></h2>
<ul class="simple">
<li><dl class="simple">
<dt><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/security/dataflow/RemoteFlowSources.qll/type.RemoteFlowSources$Cached$RemoteFlowSource.html">RemoteFlowSource</a> source of untrusted user input</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/security/dataflow/RemoteFlowSources.qll/predicate.RemoteFlowSources$Cached$RemoteFlowSource$isUserControlledObject.0.html">isUserControlledObject</a> is the input deserialized to a JSON-like object? (as opposed to just being a string)</p></li>
</ul>
</dd>
</dl>
</li>
<li><dl class="simple">
<dt><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/security/dataflow/RemoteFlowSources.qll/type.RemoteFlowSources$Cached$ClientSideRemoteFlowSource.html">ClientSideRemoteFlowSource</a> extends <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/security/dataflow/RemoteFlowSources.qll/type.RemoteFlowSources$Cached$RemoteFlowSource.html">RemoteFlowSource</a> input specific to the browser environment</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/security/dataflow/RemoteFlowSources.qll/predicate.RemoteFlowSources$Cached$ClientSideRemoteFlowSource$getKind.0.html">getKind</a> is this derived from the <code class="docutils literal notranslate"><span class="pre">path</span></code>, <code class="docutils literal notranslate"><span class="pre">fragment</span></code>, <code class="docutils literal notranslate"><span class="pre">query</span></code>, <code class="docutils literal notranslate"><span class="pre">url</span></code>, or <code class="docutils literal notranslate"><span class="pre">name</span></code>?</p></li>
</ul>
</dd>
</dl>
</li>
<li><dl class="simple">
<dt>HTTP::<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/frameworks/HTTP.qll/type.HTTP$HTTP$RequestInputAccess.html">RequestInputAccess</a> extends <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/security/dataflow/RemoteFlowSources.qll/type.RemoteFlowSources$Cached$RemoteFlowSource.html">RemoteFlowSource</a> input from an incoming HTTP request</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/frameworks/HTTP.qll/predicate.HTTP$HTTP$RequestInputAccess$getKind.0.html">getKind</a> is this derived from a <code class="docutils literal notranslate"><span class="pre">parameter</span></code>, <code class="docutils literal notranslate"><span class="pre">header</span></code>, <code class="docutils literal notranslate"><span class="pre">body</span></code>, <code class="docutils literal notranslate"><span class="pre">url</span></code>, or <code class="docutils literal notranslate"><span class="pre">cookie</span></code>?</p></li>
</ul>
</dd>
</dl>
</li>
<li><dl class="simple">
<dt>HTTP::<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/frameworks/HTTP.qll/type.HTTP$HTTP$RequestHeaderAccess.html">RequestHeaderAccess</a> extends <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/frameworks/HTTP.qll/type.HTTP$HTTP$RequestInputAccess.html">RequestInputAccess</a> access to a specific header</dt><dd><ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/frameworks/HTTP.qll/predicate.HTTP$HTTP$RequestHeaderAccess$getAHeaderName.0.html">getAHeaderName</a> the name of a header being accessed</p></li>
</ul>
</dd>
</dl>
</li>
</ul>
<p>Note: some <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/security/dataflow/RemoteFlowSources.qll/type.RemoteFlowSources$Cached$RemoteFlowSource.html">RemoteFlowSource</a> instances, such as input from a web socket,
belong to none of the specific subcategories above.</p>
</section>
<section id="files">
<h2>Files<a class="headerlink" href="#files" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Files.qll/type.Files$File.html">File</a>,
<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Files.qll/type.Files$Folder.html">Folder</a> extends
<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Files.qll/type.Files$Container.html">Container</a> file or folder in the database</p>
<ul>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Files.qll/predicate.Files$Container$getBaseName.0.html">getBaseName</a> the name of the file or folder</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/Files.qll/predicate.Files$Container$getRelativePath.0.html">getRelativePath</a> path relative to the database root</p></li>
</ul>
</li>
</ul>
</section>
<section id="ast-nodes">
<h2>AST nodes<a class="headerlink" href="#ast-nodes" title="Link to this heading"></a></h2>
<p>See also: “<a class="reference internal" href="abstract-syntax-tree-classes-for-working-with-javascript-and-typescript-programs.html"><span class="doc">Abstract syntax tree classes for working with JavaScript and TypeScript programs</span></a>.”</p>
<p>Conversion between DataFlow and AST nodes:</p>
<ul class="simple">
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$Node$asExpr.0.html">Node.asExpr()</a> convert node to an expression, if possible</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/AST.qll/predicate.AST$AST$ValueNode$flow.0.html">Expr.flow()</a> convert expression to a node (always possible)</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$valueNode.1.html">DataFlow::valueNode</a> convert expression or declaration to a node</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$parameterNode.1.html">DataFlow::parameterNode</a> convert a parameter to a node</p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$thisNode.1.html">DataFlow::thisNode</a> get the receiver node of a function</p></li>
</ul>
</section>
<section id="string-matching">
<h2>String matching<a class="headerlink" href="#string-matching" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p>x.<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/predicate.string$matches.1.html">matches</a>(“escape%”) holds if x starts with “escape”</p></li>
<li><p>x.<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/predicate.string$regexpMatch.1.html">regexpMatch</a>(“escape.*”) holds if x starts with “escape”</p></li>
<li><p>x.<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/predicate.string$regexpMatch.1.html">regexpMatch</a>(“(?i).*escape.*”) holds if x contains
“escape” (case insensitive)</p></li>
</ul>
</section>
<section id="access-paths">
<h2>Access paths<a class="headerlink" href="#access-paths" title="Link to this heading"></a></h2>
<p>When multiple property accesses are chained together they form whats called an “access path”.</p>
<p>To identify nodes based on access paths, use the following predicates in <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/GlobalAccessPaths.qll/module.GlobalAccessPaths$AccessPath.html">AccessPath</a> module:</p>
<ul class="simple">
<li><p>AccessPath::<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/GlobalAccessPaths.qll/predicate.GlobalAccessPaths$AccessPath$getAReferenceTo.2.html">getAReferenceTo</a> find nodes that refer to the given access path</p></li>
<li><p>AccessPath::<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/GlobalAccessPaths.qll/predicate.GlobalAccessPaths$AccessPath$getAnAssignmentTo.2.html">getAnAssignmentTo</a> finds nodes that are assigned to the given access path</p></li>
<li><p>AccessPath::<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/GlobalAccessPaths.qll/predicate.GlobalAccessPaths$AccessPath$getAnAliasedSourceNode.1.html">getAnAliasedSourceNode</a> finds nodes that refer to the same access path</p></li>
</ul>
<p><code class="docutils literal notranslate"><span class="pre">getAReferenceTo</span></code> and <code class="docutils literal notranslate"><span class="pre">getAnAssignmentTo</span></code> have a 1-argument version for global access paths, and a 2-argument version for access paths starting at a given node.</p>
</section>
<section id="type-tracking">
<h2>Type tracking<a class="headerlink" href="#type-tracking" title="Link to this heading"></a></h2>
<p>See also: “<a class="reference internal" href="using-type-tracking-for-api-modeling.html"><span class="doc">Using type tracking for API modeling</span></a>.”</p>
<p>Use the following template to define forward type tracking predicates:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>import DataFlow
SourceNode myType(TypeTracker t) {
t.start() and
result = /* SourceNode to track */
or
exists(TypeTracker t2 |
result = myType(t2).track(t2, t)
)
}
SourceNode myType() {
result = myType(TypeTracker::end())
}
</pre></div>
</div>
<p>Use the following template to define backward type tracking predicates:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>import DataFlow
SourceNode myType(TypeBackTracker t) {
t.start() and
result = (/* argument to track */).getALocalSource()
or
exists(TypeBackTracker t2 |
result = myType(t2).backtrack(t2, t)
)
}
SourceNode myType() {
result = myType(TypeBackTracker::end())
}
</pre></div>
</div>
</section>
<section id="troubleshooting">
<h2>Troubleshooting<a class="headerlink" href="#troubleshooting" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p>Using a call node as as sink? Try using <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$InvokeNode$getArgument.1.html">getArgument</a>
to get an <em>argument</em> of the call node instead.</p></li>
<li><p>Trying to use <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$moduleImport.1.html">moduleImport</a>
or <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Nodes.qll/predicate.Nodes$moduleMember.2.html">moduleMember</a>
as a call node?
Try using <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/Sources.qll/predicate.Sources$SourceNode$getACall.0.html">getACall</a>
to get a <em>call</em> to the imported function, instead of the function itself.</p></li>
<li><p>Compilation fails due to incompatible types? Make sure AST nodes and
DataFlow nodes are not mixed up. Use <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$Node$asExpr.0.html">asExpr()</a> or
<a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/AST.qll/predicate.AST$AST$ValueNode$flow.0.html">flow()</a> to convert.</p></li>
</ul>
</section>
<section id="further-reading">
<h2>Further reading<a class="headerlink" href="#further-reading" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p><a class="reference internal" href="../codeql-for-visual-studio-code/exploring-data-flow-with-path-queries.html#exploring-data-flow-with-path-queries"><span class="std std-ref">Exploring data flow with path queries</span></a></p></li>
</ul>
<ul class="simple">
<li><p><a class="reference external" href="https://github.com/github/codeql/tree/main/javascript/ql/src">CodeQL queries for JavaScript</a></p></li>
<li><p><a class="reference external" href="https://github.com/github/codeql/tree/main/javascript/ql/examples">Example queries for JavaScript</a></p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/javascript/">CodeQL library reference for JavaScript</a></p></li>
</ul>
<ul class="simple">
<li><p><a class="reference internal" href="../ql-language-reference/index.html#ql-language-reference"><span class="std std-ref">QL language reference</span></a></p></li>
<li><p><a class="reference internal" href="../codeql-overview/codeql-tools.html#codeql-tools"><span class="std std-ref">CodeQL tools</span></a></p></li>
</ul>
</section>
</section>
</article>
<!-- GitHub footer, with links to terms and privacy statement -->
<div class="px-3 px-md-6 f6 py-4 d-sm-flex flex-justify-between flex-row-reverse flex-items-center border-top">
<ul class="list-style-none d-flex flex-items-center mb-3 mb-sm-0 lh-condensed-ultra">
<li class="mr-3">
<a href="https://twitter.com/github" title="GitHub on Twitter" style="color: #959da5;">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 273.5 222.3" class="d-block" height="18">
<path
d="M273.5 26.3a109.77 109.77 0 0 1-32.2 8.8 56.07 56.07 0 0 0 24.7-31 113.39 113.39 0 0 1-35.7 13.6 56.1 56.1 0 0 0-97 38.4 54 54 0 0 0 1.5 12.8A159.68 159.68 0 0 1 19.1 10.3a56.12 56.12 0 0 0 17.4 74.9 56.06 56.06 0 0 1-25.4-7v.7a56.11 56.11 0 0 0 45 55 55.65 55.65 0 0 1-14.8 2 62.39 62.39 0 0 1-10.6-1 56.24 56.24 0 0 0 52.4 39 112.87 112.87 0 0 1-69.7 24 119 119 0 0 1-13.4-.8 158.83 158.83 0 0 0 86 25.2c103.2 0 159.6-85.5 159.6-159.6 0-2.4-.1-4.9-.2-7.3a114.25 114.25 0 0 0 28.1-29.1"
fill="currentColor"></path>
</svg>
</a>
</li>
<li class="mr-3">
<a href="https://www.facebook.com/GitHub" title="GitHub on Facebook" style="color: #959da5;">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 15.3 15.4" class="d-block" height="18">
<path
d="M14.5 0H.8a.88.88 0 0 0-.8.9v13.6a.88.88 0 0 0 .8.9h7.3v-6h-2V7.1h2V5.4a2.87 2.87 0 0 1 2.5-3.1h.5a10.87 10.87 0 0 1 1.8.1v2.1h-1.3c-1 0-1.1.5-1.1 1.1v1.5h2.3l-.3 2.3h-2v5.9h3.9a.88.88 0 0 0 .9-.8V.8a.86.86 0 0 0-.8-.8z"
fill="currentColor"></path>
</svg>
</a>
</li>
<li class="mr-3">
<a href="https://www.youtube.com/github" title="GitHub on YouTube" style="color: #959da5;">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.17 13.6" class="d-block" height="16">
<path
d="M18.77 2.13A2.4 2.4 0 0 0 17.09.42C15.59 0 9.58 0 9.58 0a57.55 57.55 0 0 0-7.5.4A2.49 2.49 0 0 0 .39 2.13 26.27 26.27 0 0 0 0 6.8a26.15 26.15 0 0 0 .39 4.67 2.43 2.43 0 0 0 1.69 1.71c1.52.42 7.5.42 7.5.42a57.69 57.69 0 0 0 7.51-.4 2.4 2.4 0 0 0 1.68-1.71 25.63 25.63 0 0 0 .4-4.67 24 24 0 0 0-.4-4.69zM7.67 9.71V3.89l5 2.91z"
fill="currentColor"></path>
</svg>
</a>
</li>
<li class="mr-3 flex-self-start">
<a href="https://www.linkedin.com/company/github" title="GitHub on Linkedin" style="color: #959da5;">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19 18" class="d-block" height="18">
<path
d="M3.94 2A2 2 0 1 1 2 0a2 2 0 0 1 1.94 2zM4 5.48H0V18h4zm6.32 0H6.34V18h3.94v-6.57c0-3.66 4.77-4 4.77 0V18H19v-7.93c0-6.17-7.06-5.94-8.72-2.91z"
fill="currentColor"></path>
</svg>
</a>
</li>
<li>
<a href="https://github.com/github" title="GitHub's organization" style="color: #959da5;">
<svg version="1.1" width="20" height="20" viewBox="0 0 16 16" class="octicon octicon-mark-github"
aria-hidden="true">
<path fill-rule="evenodd"
d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z">
</path>
</svg>
</a>
</li>
</ul>
<ul class="list-style-none d-flex text-gray">
<li class="mr-3">&copy;
<script type="text/javascript">document.write(new Date().getFullYear());</script> GitHub, Inc.</li>
<li class="mr-3"><a
href="https://docs.github.com/github/site-policy/github-terms-of-service"
class="link-gray">Terms </a></li>
<li><a href="https://docs.github.com/github/site-policy/github-privacy-statement"
class="link-gray">Privacy </a></li>
</ul>
</div>
</div>
</main>
<script type="text/javascript">
$(document).ready(function () {
$(".toggle > *").hide();
$(".toggle .name").show();
$(".toggle .name").click(function () {
$(this).parent().children().not(".name").toggle(400);
$(this).parent().children(".name").toggleClass("open");
})
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink