hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

add introduction to article

Browse Source
This commit is contained in:
james
2020-12-15 12:11:29 +00:00
parent 00f244c1d4
commit 99a634d2c2
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/codeql/codeql-language-guides/codeql-for-javascript.rst
View File

@@ -13,6 +13,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
codeql-library-for-typescript
analyzing-data-flow-in-javascript
using-flow-labels-for-precise-data-flow-analysis
specifying-additional-remote-flow-sources-for-javascript
using-type-tracking-for-api-modeling
abstract-syntax-tree-classes-for-working-with-javascript-and-typescript-programs
data-flow-cheat-sheet-for-javascript
@@ -27,6 +28,8 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
- :doc:`Using flow labels for precise data flow analysis <using-flow-labels-for-precise-data-flow-analysis>`: You can associate flow labels with each value tracked by the flow analysis to determine whether the flow contains potential vulnerabilities.
- :doc:`Specifying remote flow sources for JavaScript <specifying-additional-remote-flow-sources-for-javascript>`: You can model potential sources of untrusted user input without making changes to the CodeQL standard libary fror JavaScript.
- :doc:`Using type tracking for API modeling <using-type-tracking-for-api-modeling>`: You can track data through an API by creating a model using the CodeQL type-tracking library for JavaScript.
- :doc:`Abstract syntax tree classes for working with JavaScript and TypeScript programs <abstract-syntax-tree-classes-for-working-with-javascript-and-typescript-programs>`: CodeQL has a large selection of classes for representing the abstract syntax tree of JavaScript and TypeScript programs.

4
docs/codeql/codeql-language-guides/specifying-additional-remote-flow-sources-for-javascript.rst
View File

@@ -1,8 +1,10 @@
.. specifying-additional-remote-flow-sources-for-javascript:
.. _specifying-additional-remote-flow-sources-for-javascript:
Specifying additional remote flow sources for JavaScript
========================================================
You can model potential sources of untrusted user input without making changes to the CodeQL standard libary fror JavaScript.
As mentioned in the :doc:`Data flow cheat sheet for JavaScript <data-flow-cheat-sheet-for-javascript>`, the CodeQL libraries for JavaScript
provide a class `RemoteFlowSource <https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/security/dataflow/RemoteFlowSources.qll/type.RemoteFlowSources$RemoteFlowSource.html>`__ to represent sources of untrusted user input, sometimes also referred to as `remote flow
sources`.