hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 21:44:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move imports to usage sections

Browse Source
This commit is contained in:
Marcono1234
2023-07-15 16:59:46 +02:00
committed by GitHub
parent 94e9848d61
commit 09fa2a7d50
1 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst
View File

@@ -17,18 +17,6 @@ The following sections describe how to use the libraries for local data flow, gl
For a more general introduction to modeling data flow, see ":ref:`About data flow analysis <about-data-flow-analysis>`."
For data flow you need the following import:
.. code-block:: ql
import semmle.code.java.dataflow.DataFlow
For taint tracking you need this import:
.. code-block:: ql
import semmle.code.java.dataflow.TaintTracking
Local data flow
---------------
@@ -37,7 +25,13 @@ Local data flow is data flow within a single method or callable. Local data flow
Using local data flow
~~~~~~~~~~~~~~~~~~~~~
The local data flow library is in the module ``DataFlow``, which defines the class ``Node`` denoting any element that data can flow through. ``Node``\ s are divided into expression nodes (``ExprNode``) and parameter nodes (``ParameterNode``). You can map between data flow nodes and expressions/parameters using the member predicates ``asExpr`` and ``asParameter``:
To use the data flow library you need the following import:
.. code-block:: ql
import semmle.code.java.dataflow.DataFlow
The ``DataFlow`` module defines the class ``Node`` denoting any element that data can flow through. ``Node``\ s are divided into expression nodes (``ExprNode``) and parameter nodes (``ParameterNode``). You can map between data flow nodes and expressions/parameters using the member predicates ``asExpr`` and ``asParameter``:
.. code-block:: ql
@@ -85,7 +79,14 @@ Local taint tracking extends local data flow by including non-value-preserving f
If ``x`` is a tainted string then ``y`` is also tainted.
The local taint tracking library is in the module ``TaintTracking``. Like local data flow, a predicate ``localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo)`` holds if there is an immediate taint propagation edge from the node ``nodeFrom`` to the node ``nodeTo``. You can apply the predicate recursively by using the ``+`` and ``*`` operators, or by using the predefined recursive predicate ``localTaint``, which is equivalent to ``localTaintStep*``.
To use the taint tracking library you need the following import:
.. code-block:: ql
import semmle.code.java.dataflow.TaintTracking
Like local data flow, a predicate ``localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo)`` holds if there is an immediate taint propagation edge from the node ``nodeFrom`` to the node ``nodeTo``. You can apply the predicate recursively by using the ``+`` and ``*`` operators, or by using the predefined recursive predicate ``localTaint``, which is equivalent to ``localTaintStep*``.
For example, you can find taint propagation from a parameter ``source`` to an expression ``sink`` in zero or more local steps: