add query for detecting suspisous method names in TypeScript

2026-05-04 13:15:21 +02:00 · 2019-09-12 15:13:56 +01:00
parent 9a8b62250f
commit 0320f0f26b
9 changed files with 217 additions and 0 deletions
--- a/javascript/ql/test/query-tests/Declarations/SuspiciousMethodName/SuspiciousMethodName.expected
+++ b/javascript/ql/test/query-tests/Declarations/SuspiciousMethodName/SuspiciousMethodName.expected
@@ -0,0 +1,4 @@
+| tst.ts:7:3:7:24 | constru ... string; | Declares a suspiciously named method "constructor". Did you mean "new"? |
+| tst.ts:16:3:16:21 | function(): number; | Declares a suspiciously named method "function". Did you mean to omit "function"? |
+| tst.ts:37:3:37:21 | function(): number; | Declares a suspiciously named method "function". Did you mean to omit "function"? |
+| tst.ts:48:3:48:13 | new(): Quz; | Declares a suspiciously named method "new". Did you mean "constructor"? |
--- a/javascript/ql/test/query-tests/Declarations/SuspiciousMethodName/SuspiciousMethodName.qlref
+++ b/javascript/ql/test/query-tests/Declarations/SuspiciousMethodName/SuspiciousMethodName.qlref
@@ -0,0 +1 @@
+Declarations/SuspiciousMethodName.ql
--- a/javascript/ql/test/query-tests/Declarations/SuspiciousMethodName/tst.js
+++ b/javascript/ql/test/query-tests/Declarations/SuspiciousMethodName/tst.js
@@ -0,0 +1,19 @@
+ // OK: don't report anything in .js files.
+function getStuff(number) {
+    return {
+        "new": function() {
+            
+        },
+        "constructor": 123,
+        "function": "this is a string!"
+    }
+}
+
+class Foobar {
+    new() {
+        return 123;
+    }
+    function() {
+        return "string";
+    }
+}
--- a/javascript/ql/test/query-tests/Declarations/SuspiciousMethodName/tst.ts
+++ b/javascript/ql/test/query-tests/Declarations/SuspiciousMethodName/tst.ts
@@ -0,0 +1,52 @@
+var foo: MyInterface = 123 as any;
+
+interface MyInterface {
+  function (): number; // OK. Highly unlikely that it is an accident when there are other named methods in the interface.
+  (): number; // OK: What was probaly meant above. 
+  new:() => void; // OK! This is a property, not a method, we ignore those.
+  constructor(): string; // NOT OK! This a called "constructor"
+  new(): Date; // OK! This a constructor signature.
+
+  myNumber: 123; 
+}
+
+var a : MyFunction = null as any;
+
+interface MyFunction {
+  function(): number; // NOT OK!
+}
+
+
+class Foo {
+  new(): number { // OK! Highly unlikely that a developer confuses "constructor" and "new" when both are present. 
+    return 123;
+  }
+  constructor() { // OK! This is a constructor.
+
+  }
+  myString = "foobar"
+  
+  myMethod(): boolean {
+    return Math.random() > 0.5;
+  }
+}
+
+var b : FunctionClass = new FunctionClass();
+
+declare class FunctionClass {
+  function(): number; // NOT OK:
+}
+
+class Baz {
+    new(): Baz { // OK! When there is a method body I assume the developer knows what they are doing.
+        return null as any;
+    }
+}
+
+
+declare class Quz {
+  new(): Quz; // NOT OK! The developer likely meant to write constructor.
+}
+
+var bla = new Foo();
+var blab = new Baz();