mirror of
https://github.com/github/codeql.git
synced 2026-04-26 01:05:15 +02:00
Added missing doc strings for Tanstack queries
This commit is contained in:
@@ -862,6 +862,10 @@ module ClientRequest {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Threat model source representing HTTP response data.
|
||||
* Marks nodes originating from a client request's response data as tainted.
|
||||
*/
|
||||
private class ClientRequestThreatModel extends ThreatModelSource::Range {
|
||||
ClientRequestThreatModel() { this = any(ClientRequest r).getAResponseDataNode() }
|
||||
|
||||
@@ -870,6 +874,10 @@ module ClientRequest {
|
||||
override string getSourceType() { result = "HTTP response data" }
|
||||
}
|
||||
|
||||
/**
|
||||
* An additional taint step that captures taint propagation from the receiver of fetch response methods
|
||||
* (such as "json", "text", "blob", and "arrayBuffer") to the call result.
|
||||
*/
|
||||
class FetchResponseStep extends TaintTracking::AdditionalTaintStep {
|
||||
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
|
||||
exists(DataFlow::MethodCallNode call |
|
||||
|
||||
@@ -1,5 +1,13 @@
|
||||
/**
|
||||
* Provides an additional flow step that propagates data from the receiver of fetch response methods.
|
||||
*/
|
||||
|
||||
private import javascript
|
||||
|
||||
/**
|
||||
* An additional flow step that propagates data from the receiver of fetch response methods
|
||||
* (like "json", "text", "blob", and "arrayBuffer") to the call result.
|
||||
*/
|
||||
class Fetch extends DataFlow::AdditionalFlowStep {
|
||||
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
|
||||
exists(DataFlow::MethodCallNode call |
|
||||
|
||||
@@ -1,5 +1,13 @@
|
||||
/**
|
||||
* Provides classes and predicates modeling the Tanstack/react-query library.
|
||||
*/
|
||||
|
||||
private import javascript
|
||||
|
||||
/**
|
||||
* An additional flow step that propagates data from the return value of the query function,
|
||||
* defined in a useQuery call from the '@tanstack/react-query' module, to the 'data' property.
|
||||
*/
|
||||
class TanstackStep extends DataFlow::AdditionalFlowStep {
|
||||
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
|
||||
exists(DataFlow::CallNode useQuery |
|
||||
@@ -17,6 +25,9 @@ class TanstackStep extends DataFlow::AdditionalFlowStep {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves a call node representing a useQuery invocation from the '@tanstack/react-query' module.
|
||||
*/
|
||||
DataFlow::CallNode useQueryCall() {
|
||||
result = DataFlow::moduleImport("@tanstack/react-query").getAPropertyRead("useQuery").getACall()
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user