Skip to content

Commit 79477a4

Browse files
jf205jf205
authored
Merge pull request #1748 from asger-semmle/type-tracking-tutorial
JS: Type tracking tutorial
2 parents b4856e9 + d5f43fb commit 79477a4

File tree

5 files changed

+605
-4
lines changed

5 files changed

+605
-4
lines changed

docs/language/learn-ql/javascript/dataflow-cheat-sheet.rst

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,49 @@ String matching
160160
- x.\ `regexpMatch <https://help.semmle.com/qldoc/javascript/predicate.string$regexpMatch.1.html>`__\ ("(?i).*escape.*") -- holds if x contains
161161
"escape" (case insensitive)
162162

163+
Type tracking
164+
-------------
165+
166+
See also: :doc:`Type tracking tutorial <type-tracking>`.
167+
168+
Use the following template to define forward type tracking predicates:
169+
170+
.. code-block:: ql
171+
172+
import DataFlow
173+
174+
SourceNode myType(TypeTracker t) {
175+
t.start() and
176+
result = /* SourceNode to track */
177+
or
178+
exists(TypeTracker t2 |
179+
result = myType(t2).track(t2, t)
180+
)
181+
}
182+
183+
SourceNode myType() {
184+
result = myType(TypeTracker::end())
185+
}
186+
187+
Use the following template to define backward type tracking predicates:
188+
189+
.. code-block:: ql
190+
191+
import DataFlow
192+
193+
SourceNode myType(TypeBackTracker t) {
194+
t.start() and
195+
result = (/* argument to track */).getALocalSource()
196+
or
197+
exists(TypeBackTracker t2 |
198+
result = myType(t2).backtrack(t2, t)
199+
)
200+
}
201+
202+
SourceNode myType() {
203+
result = myType(TypeBackTracker::end())
204+
}
205+
163206
Troubleshooting
164207
---------------
165208

docs/language/learn-ql/javascript/flow-labels.rst

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
Advanced data-flow analysis using flow labels
2-
=============================================
1+
Tutorial: Precise data-flow analysis using flow labels
2+
======================================================
33

44
You can use basic inter-procedural data-flow analysis and taint tracking as described in
55
:doc:`Analyzing data flow in JavaScript/TypeScript <dataflow>` to check whether there is a path in
@@ -393,6 +393,6 @@ string may be an absolute path and whether it may contain ``..`` components.
393393
What next?
394394
----------
395395

396-
- Learn about the QL standard libraries used to write queries for JavaScript in :doc:`Introducing the Javacript libraries <introduce-libraries-js>`.
396+
- Learn about the QL standard libraries used to write queries for JavaScript in :doc:`Introducing the JavaScript libraries <introduce-libraries-js>`.
397397
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.
398398
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__.

docs/language/learn-ql/javascript/ql-for-javascript.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ QL for JavaScript
99
introduce-libraries-ts
1010
dataflow
1111
flow-labels
12+
type-tracking
1213
ast-class-reference
1314
dataflow-cheat-sheet
1415

0 commit comments

Comments
 (0)