github · asgerf · Aug 29, 2025 · Oct 3, 2025 · Oct 10, 2025 · Oct 10, 2025
@@ -8,5 +8,7 @@
  * `FileSystemAccess`, or the `Source` and `Sink` classes associated with the security queries
  * to model frameworks that are not covered by the standard library.
  */
+overlay[local?]
+module;
 
 import javascript
@@ -2,6 +2,8 @@
  * Provides predicates for finding variable references and declarations
  * in a given function or toplevel.
  */
+overlay[local?]
+module;
 
 import javascript
 

@@ -1,6 +1,8 @@
 /**
  * Provides classes and predicates for the 'js/unused-local-variable' query.
  */
+overlay[local?]
+module;
 
 import javascript
 import LanguageFeatures.UnusedIndexVariable

@@ -1,6 +1,8 @@
 /**
  * Provides predicates for working with the DOM type hierarchy.
  */
+overlay[local?]
+module;
 
 import semmle.javascript.Externs
 

@@ -1,6 +1,8 @@
 /**
  * Provides classes and predicates for the 'js/useless-expression' query.
  */
+overlay[local]
+module;
 
 import javascript
 import DOMProperties
@@ -60,6 +62,7 @@ predicate isDeclaration(Expr e) {
 /**
  * Holds if there exists a getter for a property called `name` anywhere in the program.
  */
+overlay[global]
 predicate isGetterProperty(string name) {
   // there is a call of the form `Object.defineProperty(..., name, descriptor)` ...
   exists(CallToObjectDefineProperty defProp | name = defProp.getPropertyName() |
@@ -85,6 +88,7 @@ predicate isGetterProperty(string name) {
 /**
  * A property access that may invoke a getter.
  */
+overlay[global]
 class GetterPropertyAccess extends PropAccess {
   override predicate isImpure() { isGetterProperty(this.getPropertyName()) }
 }
@@ -123,6 +127,7 @@ predicate isReceiverSuppressingCall(CallExpr c, Expr dummy, PropAccess callee) {
  * even if they do, the call itself is useless and should be flagged by this
  * query.
  */
+overlay[global]
 predicate noSideEffects(Expr e) {
   e.isPure()
   or
@@ -148,6 +153,7 @@ predicate isCompoundExpression(Expr e) {
 /**
  * Holds if the expression `e` should be reported as having no effect.
  */
+overlay[global]
 predicate hasNoEffect(Expr e) {
   noSideEffects(e) and
   inVoidContext(e) and

@@ -1,6 +1,8 @@
 /**
  * Provides shared predicates related to contextual queries in the code viewer.
  */
+overlay[local?]
+module;
 
 import semmle.files.FileSystem
 private import codeql.util.FileSystem

@@ -1,6 +1,8 @@
 /**
  * Provides a predicate for identifying unused index variables in loops.
  */
+overlay[local?]
+module;
 
 import javascript
 

@@ -3,5 +3,7 @@
  *
  * Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.
  */
+overlay[local?]
+module;
 
 import javascript
@@ -2,6 +2,8 @@
  * Provides classes and predicates related to jump-to-definition links
  * in the code viewer.
  */
+overlay[local?]
+module;
 
 import javascript
 import IDEContextual

@@ -1,6 +1,8 @@
 /**
  * Provides classes for working with external data.
  */
+overlay[local?]
+module;
 
 import semmle.javascript.Locations
 

@@ -1,6 +1,8 @@
 /**
  * Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.
  */
+overlay[local?]
+module;
 
 import Customizations
 import semmle.javascript.Aliases

@@ -1,3 +1,5 @@
 /** Provides classes for working with files and folders. */
+overlay[local?]
+module;
 
 import semmle.javascript.Files
@@ -2,6 +2,8 @@
  * Provides classes for working with
  * [Asynchronous Module Definitions](https://github.com/amdjs/amdjs-api/wiki/AMD).
  */
+overlay[local]
+module;
 
 import javascript
 private import semmle.javascript.internal.CachedStages
@@ -62,9 +64,11 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
   }
 
   /** DEPRECATED. Use `getDependencyExpr` instead. */
+  overlay[global]
   deprecated PathExpr getDependency(int i) { result = this.getDependencyExpr(i) }
 
   /** DEPRECATED. Use `getADependencyExpr` instead. */
+  overlay[global]
   deprecated PathExpr getADependency() { result = this.getADependencyExpr() }
 
   /** Gets the `i`th dependency of this module definition. */
@@ -194,16 +198,19 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
    * Gets an abstract value representing one or more values that may flow
    * into this module's `module.exports` property.
    */
+  overlay[global]
   DefiniteAbstractValue getAModuleExportsValue() {
     result = [this.getAnImplicitExportsValue(), this.getAnExplicitExportsValue()]
   }
 
+  overlay[global]
   pragma[noinline, nomagic]
   private AbstractValue getAnImplicitExportsValue() {
     // implicit exports: anything that is returned from the factory function
     result = this.getModuleExpr().analyze().getAValue()
   }
 
+  overlay[global]
   pragma[noinline]
   private AbstractValue getAnExplicitExportsValue() {
     // explicit exports: anything assigned to `module.exports`
@@ -227,6 +234,7 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
 private predicate isPseudoDependency(string s) { s = ["exports", "require", "module"] }
 
 /** An AMD dependency, considered as a path expression. */
+overlay[global]
 private class AmdDependencyPath extends PathExprCandidate {
   AmdDependencyPath() {
     exists(AmdModuleDefinition amd |
@@ -239,6 +247,7 @@ private class AmdDependencyPath extends PathExprCandidate {
 }
 
 /** A constant path element appearing in an AMD dependency expression. */
+overlay[global]
 deprecated private class ConstantAmdDependencyPathElement extends PathExpr, ConstantString {
   ConstantAmdDependencyPathElement() { this = any(AmdDependencyPath amd).getAPart() }
 
@@ -281,6 +290,7 @@ private class AmdDependencyImport extends Import {
    * Specifically, we look for files whose absolute path ends with the imported path, possibly
    * adding well-known JavaScript file extensions like `.js`.
    */
+  overlay[global]
   private File guessTarget() {
     exists(FilePath imported, string abspath, string dirname, string basename |
       this.targetCandidate(result, abspath, imported, dirname, basename)
@@ -303,6 +313,7 @@ private class AmdDependencyImport extends Import {
    * Additionally, `abspath` is bound to the absolute path of `f`, `imported` to the imported path, and
    * `dirname` and `basename` to the dirname and basename (respectively) of `imported`.
    */
+  overlay[global]
   private predicate targetCandidate(
     File f, string abspath, FilePath imported, string dirname, string basename
   ) {
@@ -316,10 +327,12 @@ private class AmdDependencyImport extends Import {
   /**
    * Gets the module whose absolute path matches this import, if there is only a single such module.
    */
+  overlay[global]
   private Module resolveByAbsolutePath() {
     result.getFile() = unique(File file | file = this.guessTarget())
   }
 
+  overlay[global]
   override Module getImportedModule() {
     result = super.getImportedModule()
     or
@@ -348,21 +361,20 @@ private class AmdDependencyImport extends Import {
  */
 class AmdModule extends Module {
   cached
-  AmdModule() {
-    Stages::DataFlowStage::ref() and
-    exists(unique(AmdModuleDefinition def | amdModuleTopLevel(def, this)))
-  }
+  AmdModule() { exists(unique(AmdModuleDefinition def | amdModuleTopLevel(def, this))) }
 
   /** Gets the definition of this module. */
   AmdModuleDefinition getDefine() { amdModuleTopLevel(result, this) }
 
+  overlay[global]
   override DataFlow::Node getAnExportedValue(string name) {
     exists(DataFlow::PropWrite pwn | result = pwn.getRhs() |
       pwn.getBase().analyze().getAValue() = this.getDefine().getAModuleExportsValue() and
       name = pwn.getPropertyName()
     )
   }
 
+  overlay[global]
   override DataFlow::Node getABulkExportedNode() {
     // Assigned to `module.exports` via the factory's `module` parameter
     exists(AbstractModuleObject m, DataFlow::PropWrite write |

@@ -1,6 +1,8 @@
 /**
  * Provides classes for working with the AST-based representation of JavaScript programs.
  */
+overlay[local]
+module;
 
 import javascript
 private import internal.StmtContainers
@@ -172,6 +174,7 @@ class AstNode extends @ast_node, NodeInStmtContainer {
    * The TypeScript compiler emits no code for ambient declarations, but they
    * can affect name resolution and type checking at compile-time.
    */
+  overlay[caller?]
   pragma[inline]
   predicate isAmbient() {
     this.isAmbientInternal()
@@ -470,9 +473,12 @@ module AST {
    */
   class ValueNode extends AstNode, @dataflownode {
     /** Gets type inference results for this element. */
+    overlay[global]
     DataFlow::AnalyzedNode analyze() { result = DataFlow::valueNode(this).analyze() }
 
     /** Gets the data flow node associated with this program element. */
+    overlay[caller]
+    pragma[inline]
     DataFlow::ValueNode flow() { result = DataFlow::valueNode(this) }
 
     /**
@@ -481,6 +487,7 @@ module AST {
      * This can be used to map an expression to the class it refers to, or
      * associate it with a named value coming from an dependency.
      */
+    overlay[global]
     ExprNameBindingNode getNameBinding() { result = this }
 
     /**
@@ -490,6 +497,7 @@ module AST {
      * (according to the type system), or to associate it with a named type coming
      * from a dependency.
      */
+    overlay[global]
     TypeNameBindingNode getTypeBinding() { TypeResolution::valueHasType(this, result) }
   }
 }
@@ -4,6 +4,8 @@
  * Libraries for modeling GitHub Actions workflow files written in YAML.
  * See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions.
  */
+overlay[local?]
+module;
 
 import javascript
 

@@ -2,6 +2,8 @@
  * Provides aliases for commonly used classes that have different names
  * in the QL libraries for other languages.
  */
+overlay[local?]
+module;
 
 import javascript