Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JS: Add deprecation qldoc to Configuration classes #18349

Draft
wants to merge 2 commits into
base: js/shared-dataflow-branch
Choose a base branch
from
Draft

JS: Add deprecation qldoc to Configuration classes #18349

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9b2b34c
JS: Add deprecation qldoc to Configuration classes
asgerf Dec 20, 2024
db9cc18
JS: Remove notes about changing API in the future
asgerf Jan 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 9 additions & 4 deletions javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,6 @@
* Additional data flow edges can be specified, and conversely certain nodes or
* edges can be designated as _barriers_ that block flow.
*
* NOTE: The API of this library is not stable yet and may change in
* the future.
*
*
* # Technical overview
*
* This module implements a summarization-based inter-procedural data flow
Expand Down Expand Up @@ -76,6 +72,15 @@ private import semmle.javascript.internal.CachedStages
private import AdditionalFlowSteps

/**
* DEPRECATED.
* Subclasses of this class should be replaced by a module implementing the new `ConfigSig` or `StateConfigSig` interface.
* See the [data flow guide](https://codeql.github.com/docs/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript/#using-global-data-flow)
* for details about how to use this new interface.
*
* Data flow configurations that used the `FlowLabel` class should be translated to use the `StateConfigSig` interface.
* See [guide on using flow state](https://codeql.github.com/docs/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis) for more details.
*
* #### Legacy documentation
* A data flow tracking configuration for finding inter-procedural paths from
* sources to sinks.
*
Expand Down
14 changes: 11 additions & 3 deletions javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,6 @@
* substrings. As for data flow configurations, additional flow edges can be
* specified, and conversely certain nodes or edges can be designated as taint
* _sanitizers_ that block flow.
*
* NOTE: The API of this library is not stable yet and may change in
* the future.
*/

import javascript
Expand All @@ -27,6 +24,17 @@ module TaintTracking {
import AdditionalTaintSteps

/**
* DEPRECATED.
* Subclasses of this class should be replaced by a module implementing the new `ConfigSig` or `StateConfigSig` interface.
* See the [data flow guide](https://codeql.github.com/docs/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript/#using-global-taint-tracking)
* for details about how to use this new interface.
*
* When migrating a `TaintTracking::Configuration` to `DataFlow::ConfigSig`, use `TaintTracking::Global<...>` instead of `DataFlow::Global<...>`.
*
* Taint-tracking configurations that used the `FlowLabel` class should be translated to use the `StateConfigSig` interface.
* See [guide on using flow state](https://codeql.github.com/docs/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis) for more details.
*
* #### Legacy documentation
* A data flow tracking configuration that considers taint propagation through
* objects, arrays, promises and strings in addition to standard data flow.
*
Expand Down
Loading