JS: Support Promise.try and Array.prototype.with #20375
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
asgerf
force-pushed
the
js/promise-try
branch
from
76214f6 to
6b6caba
Compare
asgerf
changed the title
Note: This was authored by Copilot
asgerf
force-pushed
the
js/promise-try
branch
from
a162be5 to
429c4ea
Compare
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for data flow tracking through two JavaScript methods: Promise.try and Array.prototype.with. These are modern JavaScript features that enable better promise handling and immutable array operations respectively.
- Implements flow summaries for
Promise.tryto track data flow through promise creation and execution - Implements flow summaries for
Array.prototype.withto track data flow through immutable array updates - Adds comprehensive test cases to verify data flow behavior for both methods
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| javascript/ql/test/library-tests/TripleDot/promise-try.js | Test cases for Promise.try data flow tracking |
| javascript/ql/test/library-tests/TripleDot/array-with.js | Test cases for Array.prototype.with data flow tracking |
| javascript/ql/src/change-notes/2025-09-16-promise-try-array-with.md | Release notes documenting the new features |
| javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll | Flow summary implementation for Promise.try |
| javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll | Utility function to generate argument positions |
| javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll | Flow summary implementation for Array.prototype.with |
javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll
Show resolved
Hide resolved
Napalys
reviewed
Sep 16, 2025
Comment on lines
+384
to
+387
| exists(int i | i = getAnArgumentPosition() | | ||
| input = "Argument[" + (i + 1) + "]" and | ||
| output = "Argument[0].Parameter[" + i + "]" | ||
| ) |
Contributor
There was a problem hiding this comment.
Just a quick question for my understanding. We would not have flow if a lambda would have more then 10 arguments?
Also what happens if we have ...args(arbitrary number of arguments), will it work?
Contributor
Author
There was a problem hiding this comment.
Correct on both accounts
Napalys
approved these changes
Sep 16, 2025
Contributor
Napalys
left a comment
Napalys
left a comment
There was a problem hiding this comment.
Looks great 👍 , I have just a small question so I would understand better.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds support for
Promise.tryandArray.prototype.with