JS: Add type tracking templates to cheat sheet

2026-05-05 21:55:19 +02:00 · 2019-08-16 12:06:32 +01:00
parent 54661f0e14
commit d05b90473c
1 changed files with 43 additions and 0 deletions
--- a/docs/language/learn-ql/javascript/dataflow-cheat-sheet.rst
+++ b/docs/language/learn-ql/javascript/dataflow-cheat-sheet.rst
@@ -160,6 +160,49 @@ String matching
 -  x.\ `regexpMatch <https://help.semmle.com/qldoc/javascript/predicate.string$regexpMatch.1.html>`__\ ("(?i).*escape.*") -- holds if x contains
   "escape" (case insensitive)

+Type tracking
+-------------
+
+See also: :doc:`Type tracking tutorial <type-tracking>`.
+
+Use the following template to define forward type tracking predicates:
+
+.. code-block:: ql
+
+  import DataFlow
+
+  SourceNode myType(TypeTracker t) {
+    t.start() and
+    result = /* SourceNode to track */
+    or
+    exists(TypeTracker t2 |
+      result = myType(t2).track(t2, t)
+    )
+  }
+
+  SourceNode myType() {
+    result = myType(TypeTracker::end())
+  }
+
+Use the following template to define backward type tracking predicates:
+
+.. code-block:: ql
+
+  import DataFlow
+
+  SourceNode myType(TypeBackTracker t) {
+    t.start() and
+    result = (/* argument to track */).getALocalSource()
+    or
+    exists(TypeBackTracker t2 |
+      result = myType(t2).backtrack(t2, t)
+    )
+  }
+
+  SourceNode myType() {
+    result = myType(TypeBackTracker::end())
+  }
+
 Troubleshooting
 ---------------