hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1683 from asger-semmle/type-tracking-non-exp

Browse Source 
Approved by xiemaisi
This commit is contained in:
semmle-qlci
2019-08-05 11:06:53 +01:00
committed by GitHub
parent 77ae2bc8b7 eb543c1ceb
commit f60af2cfba
2 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/semmle/javascript/dataflow/Sources.qll
View File

@@ -163,8 +163,6 @@ class SourceNode extends DataFlow::Node {
}
/**
* EXPERIMENTAL.
*
* Gets a node that this node may flow to using one heap and/or interprocedural step.
*
* See `TypeTracker` for more details about how to use this.
@@ -175,8 +173,6 @@ class SourceNode extends DataFlow::Node {
}
/**
* EXPERIMENTAL.
*
* Gets a node that may flow into this one using one heap and/or interprocedural step.
*
* See `TypeBackTracker` for more details about how to use this.

12
javascript/ql/src/semmle/javascript/dataflow/TypeTracking.qll
View File

@@ -92,12 +92,10 @@ module StepSummary {
private newtype TTypeTracker = MkTypeTracker(Boolean hasCall, OptionalPropertyName prop)
/**
* EXPERIMENTAL.
*
* Summary of the steps needed to track a value to a given dataflow node.
*
* This can be used to track objects that implement a certain API in order to
* recognize calls to that API. Note that type-tracking does not provide a
* recognize calls to that API. Note that type-tracking does not by itself provide a
* source/sink relation, that is, it may determine that a node has a given type,
* but it won't determine where that type came from.
*
@@ -210,14 +208,15 @@ class TypeTracker extends TTypeTracker {
}
module TypeTracker {
/**
* Gets a valid end point of type tracking.
*/
TypeTracker end() { result.end() }
}
private newtype TTypeBackTracker = MkTypeBackTracker(Boolean hasReturn, OptionalPropertyName prop)
/**
* EXPERIMENTAL.
*
* Summary of the steps needed to back-track a use of a value to a given dataflow node.
*
* This can be used to track callbacks that are passed to a certian API call, and are
@@ -334,5 +333,8 @@ class TypeBackTracker extends TTypeBackTracker {
}
module TypeBackTracker {
/**
* Gets a valid end point of type back-tracking.
*/
TypeBackTracker end() { result.end() }
}