hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

add beta note and tweak intro text

Browse Source
This commit is contained in:
james
2020-12-15 15:35:28 +00:00
parent 4720e6cd3b
commit 7e3feb4f52
2 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/codeql/codeql-language-guides/codeql-for-javascript.rst
View File

@@ -28,7 +28,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
- :doc:`Using flow labels for precise data flow analysis <using-flow-labels-for-precise-data-flow-analysis>`: You can associate flow labels with each value tracked by the flow analysis to determine whether the flow contains potential vulnerabilities.
- :doc:`Specifying remote flow sources for JavaScript <specifying-additional-remote-flow-sources-for-javascript>`: You can model potential sources of untrusted user input without making changes to the CodeQL standard library for JavaScript.
- :doc:`Specifying remote flow sources for JavaScript <specifying-additional-remote-flow-sources-for-javascript>`: You can model potential sources of untrusted user input in external files without making changes to the CodeQL standard library.
- :doc:`Using type tracking for API modeling <using-type-tracking-for-api-modeling>`: You can track data through an API by creating a model using the CodeQL type-tracking library for JavaScript.

12
docs/codeql/codeql-language-guides/specifying-additional-remote-flow-sources-for-javascript.rst
View File

@@ -3,11 +3,17 @@
Specifying additional remote flow sources for JavaScript
========================================================
You can model potential sources of untrusted user input without making changes to the CodeQL standard library for JavaScript.
You can model potential sources of untrusted user input in external files without making changes to the CodeQL standard library.
.. pull-quote::
Note
Specifying remote flow sources in external files is currently in beta and subject to change.
As mentioned in the :doc:`Data flow cheat sheet for JavaScript <data-flow-cheat-sheet-for-javascript>`, the CodeQL libraries for JavaScript
provide a class `RemoteFlowSource <https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/security/dataflow/RemoteFlowSources.qll/type.RemoteFlowSources$RemoteFlowSource.html>`__ to represent sources of untrusted user input, sometimes also referred to as `remote flow
sources`.
provide a class `RemoteFlowSource <https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/security/dataflow/RemoteFlowSources.qll/type.RemoteFlowSources$RemoteFlowSource.html>`__ to represent sources of untrusted user input, sometimes also referred to as remote flow
sources.
To model a new source of untrusted input, such as a previously unmodelled library API, you can
define a subclass of ``RemoteFlowSource`` that covers all uses of that API. All standard analyses