mirror of
https://github.com/github/codeql.git
synced 2026-04-26 17:25:19 +02:00
update lots of links
This commit is contained in:
james
@@ -34,12 +34,12 @@ This query reports flow paths which:
|
||||
- Step through variables, function calls, properties, strings, arrays, promises, exceptions, and steps added by `isAdditionalTaintStep <https://help.semmle.com/qldoc/javascript/semmle/javascript/dataflow/TaintTracking.qll/predicate.TaintTracking$TaintTracking$Configuration$isAdditionalTaintStep.2.html>`__.
|
||||
- End at a node matched by `isSink <https://help.semmle.com/qldoc/javascript/semmle/javascript/dataflow/Configuration.qll/predicate.Configuration$Configuration$isSink.1.html>`__.
|
||||
|
||||
See also: `Global data flow <https://help.semmle.com/QL/learn-ql/javascript/dataflow.html#global-data-flow>`__ and :doc:`Creating path queries <../writing-queries/path-queries>`.
|
||||
See also: "`Global data flow <https://help.semmle.com/QL/learn-ql/javascript/dataflow.html#global-data-flow>`__" and ":doc:`Creating path queries <../writing-queries/path-queries>`."
|
||||
|
||||
DataFlow module
|
||||
---------------
|
||||
|
||||
Use data flow nodes to match program elements independently of syntax. See also: :doc:`Analyzing data flow in JavaScript and TypeScript <dataflow>`.
|
||||
Use data flow nodes to match program elements independently of syntax. See also: ":doc:`Analyzing data flow in JavaScript and TypeScript <dataflow>`."
|
||||
|
||||
Predicates in the ``DataFlow::`` module:
|
||||
|
||||
@@ -142,7 +142,7 @@ Files
|
||||
AST nodes
|
||||
---------
|
||||
|
||||
See also: :doc:`Abstract syntax tree classes for working with JavaScript and TypeScript programs <ast-class-reference>`.
|
||||
See also: ":doc:`Abstract syntax tree classes for working with JavaScript and TypeScript programs <ast-class-reference>`."
|
||||
|
||||
Conversion between DataFlow and AST nodes:
|
||||
|
||||
@@ -163,7 +163,7 @@ String matching
|
||||
Type tracking
|
||||
-------------
|
||||
|
||||
See also: :doc:`Using type tracking for API modeling <type-tracking>`.
|
||||
See also: ":doc:`Using type tracking for API modeling <type-tracking>`."
|
||||
|
||||
Use the following template to define forward type tracking predicates:
|
||||
|
||||
@@ -220,7 +220,8 @@ Troubleshooting
|
||||
Further reading
|
||||
---------------
|
||||
|
||||
- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
|
||||
- "`Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__"
|
||||
|
||||
|
||||
.. include:: ../../reusables/javascript-further-reading.rst
|
||||
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst
|
||||
@@ -9,7 +9,7 @@ The various sections in this article describe how to utilize the libraries for l
|
||||
As our running example, we will develop a query that identifies command-line arguments that are passed as a file path to the standard Node.js ``readFile`` function.
|
||||
While this is not a problematic pattern as such, it is typical of the kind of reasoning that is frequently used in security queries.
|
||||
|
||||
For a more general introduction to modeling data flow, see :doc:`About data flow analysis <../intro-to-data-flow>`.
|
||||
For a more general introduction to modeling data flow, see ":doc:`About data flow analysis <../intro-to-data-flow>`."
|
||||
|
||||
Data flow nodes
|
||||
---------------
|
||||
@@ -554,7 +554,8 @@ Exercise 4
|
||||
Further reading
|
||||
---------------
|
||||
|
||||
- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
|
||||
- "`Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__"
|
||||
|
||||
|
||||
.. include:: ../../reusables/java-further-reading.rst
|
||||
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst
|
||||
@@ -7,7 +7,7 @@ Overview
|
||||
--------
|
||||
|
||||
You can use basic inter-procedural data-flow analysis and taint tracking as described in
|
||||
:doc:`Analyzing data flow in JavaScript and TypeScript <dataflow>` to check whether there is a path in
|
||||
":doc:`Analyzing data flow in JavaScript and TypeScript <dataflow>`" to check whether there is a path in
|
||||
the data-flow graph from some source node to a sink node that does not pass through any sanitizer
|
||||
nodes. Another way of thinking about this is that it statically models the flow of data through the
|
||||
program, and associates a flag with every data value telling us whether it might have come from a
|
||||
@@ -398,7 +398,8 @@ string may be an absolute path and whether it may contain ``..`` components.
|
||||
Further reading
|
||||
---------------
|
||||
|
||||
- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
|
||||
- "`Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__"
|
||||
|
||||
|
||||
.. include:: ../../reusables/javascript-further-reading.rst
|
||||
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst
|
||||
|
||||
@@ -136,7 +136,7 @@ The CodeQL class `ClassOrInterface <https://help.semmle.com/qldoc/javascript/sem
|
||||
|
||||
Note that the superclass of a class is an expression, not a type annotation. If the superclass has type arguments, it will be an expression of kind `ExpressionWithTypeArguments <https://help.semmle.com/qldoc/javascript/semmle/javascript/TypeScript.qll/type.TypeScript$ExpressionWithTypeArguments.html>`__.
|
||||
|
||||
Also see the documentation for classes in the `CodeQL libraries for JavaScript <introduce-libraries-js#classes>`__.
|
||||
Also see the documentation for classes in the "`CodeQL libraries for JavaScript <introduce-libraries-js#classes>`__."
|
||||
|
||||
To select the type references to a class or an interface, use ``getTypeName()``.
|
||||
|
||||
|
||||
@@ -490,10 +490,10 @@ Prefer type tracking when:
|
||||
Prefer data-flow configurations when:
|
||||
|
||||
- Tracking user-controlled data -- use `taint tracking <https://help.semmle.com/QL/learn-ql/javascript/dataflow.html#using-global-taint-tracking>`__.
|
||||
- Differentiating between different kinds of user-controlled data -- see :doc:`Using flow labels for precise data flow analysis <flow-labels>`.
|
||||
- Differentiating between different kinds of user-controlled data -- see ":doc:`Using flow labels for precise data flow analysis <flow-labels>`."
|
||||
- Tracking transformations of a value through generic utility functions.
|
||||
- Tracking values through string manipulation.
|
||||
- Generating a path from source to sink -- see :doc:`Creating path queries <../writing-queries/path-queries>`.
|
||||
- Generating a path from source to sink -- see ":doc:`Creating path queries <../writing-queries/path-queries>`."
|
||||
|
||||
Lastly, depending on the code base being analyzed, some alternatives to consider are:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user