Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3c785ec

Browse files
author
Max Schaefer
committed
JavaScript: Move flow summaries to experimental.
Also update description and change note to call out their experimental character more clearly.
1 parent 5a1bf94 commit 3c785ec

17 files changed

Lines changed: 15 additions & 9 deletions

change-notes/1.24/analysis-javascript.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,8 @@
1919
- Calls can now be resolved to indirectly-defined class members in more cases.
2020
- Calls through partial invocations such as `.bind` can now be resolved in more cases.
2121

22+
* Support for flow summaries has been more clearly marked as being experimental and moved to the new `experimental` folder.
23+
2224
* Support for the following frameworks and libraries has been improved:
2325
- [Electron](https://electronjs.org/)
2426
- [Handlebars](https://www.npmjs.com/package/handlebars)

javascript/config/suites/javascript/flow-summaries

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
1-
+ semmlecode-javascript-queries/Security/Summaries/ExtractSourceSummaries.ql
2-
+ semmlecode-javascript-queries/Security/Summaries/ExtractSinkSummaries.ql
1+
+ semmlecode-javascript-queries/experimental/Summaries/ExtractSourceSummaries.ql
2+
+ semmlecode-javascript-queries/experimental/Summaries/ExtractSinkSummaries.ql

javascript/documentation/flow-summaries.rst

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,10 @@ added as external data), and are picked up by the standard security queries, all
1414
about flow into, out of and through the npm packages as though they had been included as part of the
1515
build.
1616

17+
Note that flow summaries are an experimental technology, and not ready to be used in production
18+
queries or libraries. Also note that flow summaries do not currently work with CodeQL, but require
19+
the legacy Semmle Core toolchain.
20+
1721
Motivating example
1822
------------------
1923

@@ -87,11 +91,11 @@ package. (Note that this requires a working installation of Semmle Core.)
8791
There are three default summary extraction queries:
8892

8993
- Extract flow step summaries (``js/step-summary-extraction``,
90-
``Security/Summaries/ExtractSourceSummaries.ql``)
94+
``experimental/Summaries/ExtractSourceSummaries.ql``)
9195
- Extract sink summaries (``js/sink-summary-extraction``,
92-
``Security/Summaries/ExtractSinkSummaries.ql``)
96+
``experimental/Summaries/ExtractSinkSummaries.ql``)
9397
- Extract source summaries (``js/source-summary-extraction``,
94-
``Security/Summaries/ExtractSourceSummaries.ql``)
98+
``experimental/Summaries/ExtractSourceSummaries.ql``)
9599

96100
You can run these queries individually against a snapshot of the npm package you want to create
97101
flow summaries for using ``odasa runQuery``, and store the output as CSV files named
@@ -103,7 +107,7 @@ project, we can extract sink summaries using the command
103107
.. code-block:: bash
104108
105109
odasa runQuery \
106-
--query $SEMMLE_DIST/queries/semmlecode-javascript-queries/Security/Summaries/ExtractSinkSummaries.ql \
110+
--query $SEMMLE_DIST/queries/semmlecode-javascript-queries/experimental/Summaries/ExtractSinkSummaries.ql \
107111
--output-file additional-sinks.csv --snapshot mkdirp-snapshot
108112
109113

javascript/ql/src/Security/Summaries/Configurations.qll renamed to javascript/ql/src/experimental/Summaries/Configurations.qll

File renamed without changes.

javascript/ql/src/Security/Summaries/ExtractFlowStepSummaries.ql renamed to javascript/ql/src/experimental/Summaries/ExtractFlowStepSummaries.ql

File renamed without changes.

javascript/ql/src/Security/Summaries/ExtractSinkSummaries.ql renamed to javascript/ql/src/experimental/Summaries/ExtractSinkSummaries.ql

File renamed without changes.

javascript/ql/src/Security/Summaries/ExtractSourceSummaries.ql renamed to javascript/ql/src/experimental/Summaries/ExtractSourceSummaries.ql

File renamed without changes.

javascript/ql/src/Security/Summaries/ImportFromCsv.qll renamed to javascript/ql/src/experimental/Summaries/ImportFromCsv.qll

File renamed without changes.

javascript/ql/src/Security/Summaries/ImportFromExternalPredicates.qll renamed to javascript/ql/src/experimental/Summaries/ImportFromExternalPredicates.qll

File renamed without changes.

javascript/ql/src/Security/Summaries/PortalEntrySink.qll renamed to javascript/ql/src/experimental/Summaries/PortalEntrySink.qll

File renamed without changes.

0 commit comments

Comments
 (0)