github · asgerf · Mar 6, 2026 · Feb 25, 2026
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: aliasModel
+    data:
+      - ["amd-define", "PredefinedVar[define]"]
+      - ["require", "PredefinedVar[require]"]
+      - ["module", "PredefinedVar[module]"]
+      - ["exports", "PredefinedVar[exports]"]
+      - ["exports", "PredefinedVar[module].Member[exports]"]
@@ -0,0 +1,35 @@
+/**
+ * @name Print DFG
+ * @description Produces a representation of a file's data flow graph.
+ *              This query is used by the VS Code extension.
+ * @id javascript/print-dfg
+ * @kind graph
+ * @tags ide-contextual-queries/print-dfg
+ */
+
+private import semmle.javascript.internal.unified.minimal.minimal
+private import semmle.javascript.internal.unified.JSUnified
+
+external string selectedSourceFile();
+
+private predicate selectedSourceFileAlias = selectedSourceFile/0;
+
+external int selectedSourceLine();
+
+private predicate selectedSourceLineAlias = selectedSourceLine/0;
+
+external int selectedSourceColumn();
+
+private predicate selectedSourceColumnAlias = selectedSourceColumn/0;
+
+module ViewDfgQueryInput implements ViewDfgQueryInputSig<File> {
+  predicate selectedSourceFile = selectedSourceFileAlias/0;
+
+  predicate selectedSourceLine = selectedSourceLineAlias/0;
+
+  predicate selectedSourceColumn = selectedSourceColumnAlias/0;
+
+  File getFileFromLocation(Location loc) { result = loc.getFile() }
+}
+
+import ViewDfgQuery<File, ViewDfgQueryInput>
@@ -17,6 +17,7 @@ dependencies:
   codeql/util: ${workspace}
   codeql/xml: ${workspace}
   codeql/yaml: ${workspace}
+  codeql/unified: ${workspace}
 dataExtensions:
   - semmle/javascript/frameworks/**/model.yml
   - semmle/javascript/frameworks/**/*.model.yml

@@ -574,6 +574,9 @@ class ArrayExpr extends @array_expr, Expr {
   override predicate isImpure() { this.getAnElement().isImpure() }
 
   override string getAPrimaryQlClass() { result = "ArrayExpr" }
+
+  /** Gets the first index at which a `...` operator appears in this array literal. */
+  int getFirstSpreadIndex() { result = min(int i | this.getElement(i) instanceof SpreadElement) }
 }
 
 /**
@@ -1001,6 +1004,9 @@ class InvokeExpr extends @invokeexpr, Expr {
    */
   predicate isSpreadArgument(int i) { this.getArgument(i).stripParens() instanceof SpreadElement }
 
+  /** Gets the first index of a spread argument (`...`), if any. */
+  int getFirstSpreadIndex() { result = min(int i | this.isSpreadArgument(i)) }
+
   /**
    * Holds if the `i`th argument of this invocation is an object literal whose property
    * `name` is set to `value`.
@@ -2915,7 +2921,8 @@ deprecated private class LiteralDynamicImportPath extends PathExpr, ConstantStri
  * Examples:
  *
  * ```
- * x ?? f
+ * x?.f
+ * x?.()
  * ```
  */
 class OptionalUse extends Expr, @optionalchainable {

@@ -1,4 +1,3 @@
-private import javascript
 private import OverlayXml
 
 /** Holds if the database is an overlay. */

@@ -0,0 +1,61 @@
+overlay[local]
+module;
+
+private import minimal.minimal
+private import codeql.util.Boolean
+
+private newtype TConstant =
+  TInt(int n) {
+    n = [0 .. 10] or
+    n = any(Expr e).getIntValue() or
+    n = any(Parameter p).getIndex() or
+    exists(any(InvokeExpr e).getArgument(n))
+  } or
+  TString(string s) { s = any(Expr e).getStringValue() } or
+  TBoolean(Boolean b) or
+  TNull() or
+  TUndefined()
+
+class Constant extends TConstant {
+  int asInt() { this = TInt(result) }
+
+  string asString() { this = TString(result) }
+
+  boolean asBoolean() { this = TBoolean(result) }
+
+  predicate isNull() { this = TNull() }
+
+  predicate isUndefined() { this = TUndefined() }
+
+  string toString() {
+    result = this.asInt().toString()
+    or
+    result = "\"" + this.asString() + "\""
+    or
+    result = this.asBoolean().toString()
+    or
+    this.isNull() and result = "null"
+    or
+    this.isUndefined() and result = "undefined"
+  }
+
+  int asArrayIndex() { result = this.asInt() and result >= 0 }
+
+  string getAsOperand() {
+    result = this.asInt().toString()
+    or
+    result = "\"" + this.asString() + "\""
+  }
+}
+
+module Constant {
+  Constant fromInt(int n) { result = TInt(n) }
+
+  Constant fromString(string s) { result = TString(s) }
+
+  Constant fromBoolean(boolean b) { result = TBoolean(b) }
+
+  Constant null() { result = TNull() }
+
+  Constant undefined() { result = TUndefined() }
+}