Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7e3feb4

Browse files
author
james
committed
add beta note and tweak intro text
1 parent 4720e6c commit 7e3feb4

2 files changed

Lines changed: 10 additions & 4 deletions

File tree

docs/codeql/codeql-language-guides/codeql-for-javascript.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
2828

2929
- :doc:`Using flow labels for precise data flow analysis <using-flow-labels-for-precise-data-flow-analysis>`: You can associate flow labels with each value tracked by the flow analysis to determine whether the flow contains potential vulnerabilities.
3030

31-
- :doc:`Specifying remote flow sources for JavaScript <specifying-additional-remote-flow-sources-for-javascript>`: You can model potential sources of untrusted user input without making changes to the CodeQL standard library for JavaScript.
31+
- :doc:`Specifying remote flow sources for JavaScript <specifying-additional-remote-flow-sources-for-javascript>`: You can model potential sources of untrusted user input in external files without making changes to the CodeQL standard library.
3232

3333
- :doc:`Using type tracking for API modeling <using-type-tracking-for-api-modeling>`: You can track data through an API by creating a model using the CodeQL type-tracking library for JavaScript.
3434

docs/codeql/codeql-language-guides/specifying-additional-remote-flow-sources-for-javascript.rst

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,17 @@
33
Specifying additional remote flow sources for JavaScript
44
========================================================
55

6-
You can model potential sources of untrusted user input without making changes to the CodeQL standard library for JavaScript.
6+
You can model potential sources of untrusted user input in external files without making changes to the CodeQL standard library.
7+
8+
.. pull-quote::
9+
10+
Note
11+
12+
Specifying remote flow sources in external files is currently in beta and subject to change.
713

814
As mentioned in the :doc:`Data flow cheat sheet for JavaScript <data-flow-cheat-sheet-for-javascript>`, the CodeQL libraries for JavaScript
9-
provide a class `RemoteFlowSource <https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/security/dataflow/RemoteFlowSources.qll/type.RemoteFlowSources$RemoteFlowSource.html>`__ to represent sources of untrusted user input, sometimes also referred to as `remote flow
10-
sources`.
15+
provide a class `RemoteFlowSource <https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/security/dataflow/RemoteFlowSources.qll/type.RemoteFlowSources$RemoteFlowSource.html>`__ to represent sources of untrusted user input, sometimes also referred to as remote flow
16+
sources.
1117

1218
To model a new source of untrusted input, such as a previously unmodelled library API, you can
1319
define a subclass of ``RemoteFlowSource`` that covers all uses of that API. All standard analyses

0 commit comments

Comments
 (0)