python/javascript: add qldoc

yoff · yoff · commit 222ac68c70ef · 2026-01-16T08:58:04.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll
@@ -36,6 +36,9 @@ module MakeBarrierGuard<BarrierGuardSig BaseGuard> {
   }
 }
 
+/**
+ * Provides access to barrier guards defined via models-as-data.
+ */
 module ExternalBarrierGuard {
   private predicate guardCheck(DataFlow::Node g, Expr e, boolean branch, string kind) {
     exists(API::CallNode call, API::Node parameter |
@@ -47,14 +50,17 @@ module ExternalBarrierGuard {
     )
   }
 
-  class BarrierGuard extends DataFlow::Node {
+  private class BarrierGuard extends DataFlow::Node {
     BarrierGuard() { guardCheck(this, _, _, _) }
 
     predicate blocksExpr(boolean outcome, Expr e, string kind) {
       guardCheck(this, e, outcome, kind)
     }
   }
 
+  /**
+   * Gets a barrier guard node of the given `kind` defined via models-as-data.
+   */
   DataFlow::Node getAnExternalBarrierNode(string kind) {
     result = MakeStateBarrierGuard<string, BarrierGuard>::getABarrierNode(kind)
   }
diff --git a/python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll
@@ -161,6 +161,9 @@ module UrlRedirect {
   /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
   deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 
+  /**
+   * A sanitizer defined via models-as-data with kind "url-redirection".
+   */
   class SanitizerFromModel extends Sanitizer {
     SanitizerFromModel() {
       this = DataFlow::ExternalBarrierGuard::getAnExternalBarrierNode("url-redirection")

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,9 @@ module MakeBarrierGuard<BarrierGuardSig BaseGuard> {`
`36`	`36`	`}`
`37`	`37`	`}`
`38`	`38`
	`39`	`+/**`
	`40`	`+ * Provides access to barrier guards defined via models-as-data.`
	`41`	`+ */`
`39`	`42`	`module ExternalBarrierGuard {`
`40`	`43`	`private predicate guardCheck(DataFlow::Node g, Expr e, boolean branch, string kind) {`
`41`	`44`	`exists(API::CallNode call, API::Node parameter \|`
`@@ -47,14 +50,17 @@ module ExternalBarrierGuard {`
`47`	`50`	`)`
`48`	`51`	`}`
`49`	`52`
`50`		`- class BarrierGuard extends DataFlow::Node {`
	`53`	`+ private class BarrierGuard extends DataFlow::Node {`
`51`	`54`	`BarrierGuard() { guardCheck(this, _, _, _) }`
`52`	`55`
`53`	`56`	`predicate blocksExpr(boolean outcome, Expr e, string kind) {`
`54`	`57`	`guardCheck(this, e, outcome, kind)`
`55`	`58`	`}`
`56`	`59`	`}`
`57`	`60`
	`61`	`+ /**`
	`62`	+ * Gets a barrier guard node of the given `kind` defined via models-as-data.
	`63`	`+ */`
`58`	`64`	`DataFlow::Node getAnExternalBarrierNode(string kind) {`
`59`	`65`	`result = MakeStateBarrierGuard<string, BarrierGuard>::getABarrierNode(kind)`
`60`	`66`	`}`