JS: Promote js/template-syntax-in-string-literal to the Code Quality suite.
#19726
+69
−5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR promotes the js/template-syntax-in-string-literal query into the Code Quality suite by updating its metadata tags and including it in the integration test list.
- Expanded the query’s
@tagsmetadata to classify it under quality, reliability, correctness, and language-features. - Added the query path to
javascript-code-quality.qls.expectedfor integration testing.
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql | Updated @tags metadata lines to add new classifications. |
| javascript/ql/integration-tests/query-suite/javascript-code-quality.qls.expected | Inserted the new query into the Code Quality suite expected list. |
asgerf
reviewed
Jun 12, 2025
javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql
Outdated
Show resolved
Hide resolved
| * Tracks data flow from a string literal that may flow to a replace operation. | ||
| */ | ||
| DataFlow::SourceNode trackString(CandidateStringLiteral lit, DataFlow::TypeTracker t) { | ||
| t.start() and result = lit.flow() |
There was a problem hiding this comment.
Tracking all string literals in the program seems unnecessarily expensive. Could you restrict this to just the string literals that we might have flagged otherwise?
Adding exists(lit.getAReferencedVariable()) might be good enough.
There was a problem hiding this comment.
Added here d7ad625.
…al.ql Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
asgerf
approved these changes
Jun 13, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request adds the query
js/template-syntax-in-string-literalto the Code Quality suite. The problem that the query aims to highlight is straightforward forautofixto fix.While running MRVA, a few patterns of false positives were observed. Note that all of these cases are rare:
${min},${max},${path},${less}, etc., which are correctly interpolated, even when included inside single ('') or double ("") quotes and passed to the respective yup methods. These false positives are uncommon, as they only occur when there is a variable with the exact same name in the current scope.In certain test framework code, template placeholders likeFixed bafe7e6${expected}are used to inform users about variable values.Some cases involve "manual interpolation", where a placeholder likeFixed 923aff2${usedAsPlaceHolder}is later replaced usingreplaceAllorreplacefunctions.Highaccuracy seems appropriate for the following query.