Add ql docs CDSUtils

knewbury01 · knewbury01 · commit 9e81393e8eb0 · 2025-08-13T13:18:05.000-04:00
diff --git a/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDSUtils.qll b/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDSUtils.qll
@@ -8,50 +8,89 @@ class CdsUtilsModuleAccess extends API::Node {
   CdsUtilsModuleAccess() { exists(CdsFacade cds | this = cds.getMember("utils")) }
 }
 
+/**
+ * CDS Utils:
+ * `decodeURI`, `decodeURIComponent`, `local`
+ */
 class PathConverters extends DataFlow::CallNode {
   PathConverters() {
     exists(CdsUtilsModuleAccess utils |
       utils.getMember(["decodeURI", "decodeURIComponent", "local"]).getACall() = this
     )
   }
 
+  /**
+   * Gets the arguments to these calls.
+   */
   DataFlow::Node getPath() { this.getAnArgument() = result }
 }
 
+/**
+ * CDS Utils:
+ * `isdir`, `isfile`
+ */
 class PathPredicates extends DataFlow::CallNode {
   PathPredicates() {
     exists(CdsUtilsModuleAccess utils | utils.getMember(["isdir", "isfile"]).getACall() = this)
   }
 
+  /**
+   * Gets the arguments to these calls.
+   */
   DataFlow::Node getPath() { this.getAnArgument() = result }
 }
 
+/**
+ * CDS Utils:
+ * `find`, `stat`, `readdir`
+ */
 class DirectoryReaders extends DataFlow::CallNode {
   DirectoryReaders() {
     exists(CdsUtilsModuleAccess utils |
       utils.getMember(["find", "stat", "readdir"]).getACall() = this
     )
   }
 
+  /**
+   * Gets the arguments to these calls.
+   */
   DataFlow::Node getPath() { this.getAnArgument() = result }
 }
 
+/**
+ * CDS Utils:
+ * `mkdirp`, `rmdir`, `rimraf`, `rm`
+ */
 class DirectoryWriters extends DataFlow::CallNode {
   DirectoryWriters() {
     exists(CdsUtilsModuleAccess utils |
       utils.getMember(["mkdirp", "rmdir", "rimraf", "rm"]).getACall() = this
     )
   }
 
+  /**
+   * Gets the arguments to these calls.
+   */
   DataFlow::Node getPath() { this.getAnArgument() = result }
 }
 
+/**
+ * CDS Utils:
+ * `read`
+ */
 class FileReaders extends DataFlow::CallNode {
   FileReaders() { exists(CdsUtilsModuleAccess utils | utils.getMember(["read"]).getACall() = this) }
 
+  /**
+   * Gets the 0th argument to these calls.
+   */
   DataFlow::Node getPath() { this.getArgument(0) = result }
 }
 
+/**
+ * CDS Utils:
+ * `append`, `write`
+ */
 class FileWriters extends DataFlow::CallNode {
   FileWriters() {
     exists(CdsUtilsModuleAccess utils | utils.getMember(["append", "write"]).getACall() = this)
@@ -66,6 +105,9 @@ class FileWriters extends DataFlow::CallNode {
 
   SourceNode fileReaderWriterUtils() { result = fileReaderWriterUtils(TypeTracker::end()) }
 
+  /**
+   * Gets the arguments to these calls that represent data.
+   */
   DataFlow::Node getData() {
     this.getNumArgument() = 1 and
     this.getArgument(0) = result
@@ -74,6 +116,10 @@ class FileWriters extends DataFlow::CallNode {
     this.getArgument(1) = result
   }
 
+  /**
+   * Gets the arguments to these calls that represent a path.
+   * Includes arguments to chained calls `to`, where that argument also represents a path.
+   */
   DataFlow::Node getPath() {
     fileReaderWriterUtils().getAMemberCall("to").getAnArgument() = result
     or
@@ -82,6 +128,10 @@ class FileWriters extends DataFlow::CallNode {
   }
 }
 
+/**
+ * CDS Utils:
+ * `copy`
+ */
 class FileReaderWriters extends DataFlow::CallNode {
   FileReaderWriters() {
     exists(CdsUtilsModuleAccess utils | utils.getMember(["copy"]).getACall() = this)
@@ -96,6 +146,10 @@ class FileReaderWriters extends DataFlow::CallNode {
 
   SourceNode fileReaderWriterUtils() { result = fileReaderWriterUtils(TypeTracker::end()) }
 
+  /**
+   * Gets the arguments to these calls that represent a path.
+   * Includes arguments to chained calls `to`, where that argument also represents a path.
+   */
   DataFlow::Node getPath() {
     fileReaderWriterUtils().getAMemberCall("to").getArgument(_) = result
     or
