hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 20:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #750 from aschackmull/javascript/autoformat

Browse Source 
Approved by xiemaisi
This commit is contained in:
semmle-qlci
2019-01-11 16:35:38 +00:00
committed by GitHub
parent dcdbc00430 db9407bae5
commit 04c15028ab
475 changed files with 1727 additions and 1838 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/semmle/javascript/AST.qll
View File

@@ -47,12 +47,12 @@ class ASTNode extends @ast_node, Locatable {
(
sl < tksl
or
(sl = tksl and sc <= tksc)
sl = tksl and sc <= tksc
) and
(
tkel < el
or
(tkel = el and tkec <= ec)
tkel = el and tkec <= ec
)
) and
// exclude empty EOF token
@@ -236,7 +236,7 @@ class StmtContainer extends @stmt_container, ASTNode {
* function boundaries. In plain JavaScript, all containers are function boundaries.
*/
StmtContainer getFunctionBoundary() {
if (this instanceof Function or this instanceof TopLevel)
if this instanceof Function or this instanceof TopLevel
then result = this
else result = getEnclosingContainer().getFunctionBoundary()
}

10
javascript/ql/src/semmle/javascript/BasicBlocks.qll
View File

@@ -9,7 +9,7 @@ import javascript
* Holds if `nd` starts a new basic block.
*/
private predicate startsBB(ControlFlowNode nd) {
(not exists(nd.getAPredecessor()) and exists(nd.getASuccessor()))
not exists(nd.getAPredecessor()) and exists(nd.getASuccessor())
or
nd.isJoin()
or
@@ -194,7 +194,7 @@ class BasicBlock extends @cfg_node, Locatable {
predicate isLiveAtEntry(Variable v) {
isLocallyLiveAtEntry(v, _)
or
(not this.defAt(_, v, _) and getASuccessor().isLiveAtEntry(v))
not this.defAt(_, v, _) and getASuccessor().isLiveAtEntry(v)
}
/**
@@ -204,7 +204,7 @@ class BasicBlock extends @cfg_node, Locatable {
predicate localIsLiveAtEntry(LocalVariable v, VarUse u) {
isLocallyLiveAtEntry(v, u)
or
(not this.defAt(_, v, _) and getASuccessor().localIsLiveAtEntry(v, u))
not this.defAt(_, v, _) and getASuccessor().localIsLiveAtEntry(v, u)
}
/**
@@ -213,7 +213,7 @@ class BasicBlock extends @cfg_node, Locatable {
predicate localIsLiveAtEntry(LocalVariable v) {
isLocallyLiveAtEntry(v, _)
or
(not this.defAt(_, v, _) and getASuccessor().localIsLiveAtEntry(v))
not this.defAt(_, v, _) and getASuccessor().localIsLiveAtEntry(v)
}
/**
@@ -223,7 +223,7 @@ class BasicBlock extends @cfg_node, Locatable {
predicate localMayBeOverwritten(LocalVariable v, VarDef d) {
isLocallyOverwritten(v, d)
or
(not defAt(_, v, _) and getASuccessor().localMayBeOverwritten(v, d))
not defAt(_, v, _) and getASuccessor().localMayBeOverwritten(v, d)
}
/**

5
javascript/ql/src/semmle/javascript/DefensiveProgramming.qll
View File

@@ -55,9 +55,8 @@ module Internal {
private Expr stripNotsAndParens(Expr e, boolean polarity) {
exists(Expr inner | inner = e.getUnderlyingValue() |
if inner instanceof LogNotExpr
then (
result = stripNotsAndParens(inner.(LogNotExpr).getOperand(), polarity.booleanNot())
) else (
then result = stripNotsAndParens(inner.(LogNotExpr).getOperand(), polarity.booleanNot())
else (
result = inner and polarity = true
)
)

8
javascript/ql/src/semmle/javascript/Expr.qll
View File

@@ -386,7 +386,7 @@ class Property extends @property, Documentable {
* its initializer expression could have side effects.
*/
predicate isImpure() {
(isComputed() and getNameExpr().isImpure())
isComputed() and getNameExpr().isImpure()
or
getInit().isImpure()
}
@@ -530,8 +530,8 @@ class InvokeExpr extends @invokeexpr, Expr {
/** Gets the name of the function or method being invoked, if it can be determined. */
string getCalleeName() {
exists(Expr callee | callee = getCallee().getUnderlyingValue() |
result = (callee.(Identifier)).getName() or
result = (callee.(PropAccess)).getPropertyName()
result = callee.(Identifier).getName() or
result = callee.(PropAccess).getPropertyName()
)
}
@@ -710,7 +710,7 @@ class IndexExpr extends @indexexpr, PropAccess {
/** Gets the expression specifying the name of the accessed property. */
Expr getIndex() { result = getChildExpr(1) }
override string getPropertyName() { result = (getIndex().(Literal)).getValue() }
override string getPropertyName() { result = getIndex().(Literal).getValue() }
override predicate isImpure() {
getBase().isImpure() or

24
javascript/ql/src/semmle/javascript/NPM.qll
View File

@@ -55,15 +55,15 @@ class PackageJSON extends JSONObject {
/** Gets the path of a command defined for this package. */
string getBin(string cmd) {
(cmd = getPackageName() and result = getPropStringValue("bin"))
cmd = getPackageName() and result = getPropStringValue("bin")
or
result = (getPropValue("bin").(JSONObject)).getPropStringValue(cmd)
result = getPropValue("bin").(JSONObject).getPropStringValue(cmd)
}
/** Gets a manual page for this package. */
string getAManFile() {
result = getPropStringValue("man") or
result = (getPropValue("man").(JSONArray)).getElementStringValue(_)
result = getPropValue("man").(JSONArray).getElementStringValue(_)
}
/** Gets information about the directories of this package. */
@@ -129,7 +129,7 @@ class PackageJSON extends JSONObject {
PackageDependencies getEngines() { result = getPropValue("engines") }
/** Holds if this package has strict engine requirements. */
predicate isEngineStrict() { (getPropValue("engineStrict").(JSONBoolean)).getValue() = "true" }
predicate isEngineStrict() { getPropValue("engineStrict").(JSONBoolean).getValue() = "true" }
/** Gets information about operating systems supported by this package. */
JSONArray getOSs() { result = getPropValue("os") }
@@ -191,12 +191,12 @@ class BugTrackerInfo extends JSONValue {
/** Gets the bug tracker URL. */
string getURL() {
result = (this.(JSONObject)).getPropStringValue("url") or
result = (this.(JSONString)).getValue()
result = this.(JSONObject).getPropStringValue("url") or
result = this.(JSONString).getValue()
}
/** Gets the bug reporting email address. */
string getEmail() { result = (this.(JSONObject)).getPropStringValue("email") }
string getEmail() { result = this.(JSONObject).getPropStringValue("email") }
}
/**
@@ -217,26 +217,24 @@ class ContributorInfo extends JSONValue {
* homepage URL.
*/
private string parseInfo(int group) {
result = (this.(JSONString))
.getValue()
.regexpCapture("(.*?)(?: <(.*?)>)?(?: \\((.*)?\\))", group)
result = this.(JSONString).getValue().regexpCapture("(.*?)(?: <(.*?)>)?(?: \\((.*)?\\))", group)
}
/** Gets the contributor's name. */
string getName() {
result = (this.(JSONObject)).getPropStringValue("name") or
result = this.(JSONObject).getPropStringValue("name") or
result = parseInfo(1)
}
/** Gets the contributor's email address. */
string getEmail() {
result = (this.(JSONObject)).getPropStringValue("email") or
result = this.(JSONObject).getPropStringValue("email") or
result = parseInfo(2)
}
/** Gets the contributor's homepage URL. */
string getURL() {
result = (this.(JSONObject)).getPropStringValue("url") or
result = this.(JSONObject).getPropStringValue("url") or
result = parseInfo(3)
}
}

16
javascript/ql/src/semmle/javascript/Regexp.qll
View File

@@ -373,16 +373,14 @@ predicate isInterpretedAsRegExp(DataFlow::Node source) {
mce.getReceiver().analyze().getAType() = TTString() and
mce.getMethodName() = methodName
|
(methodName = "match" and source.asExpr() = mce.getArgument(0) and mce.getNumArgument() = 1)
methodName = "match" and source.asExpr() = mce.getArgument(0) and mce.getNumArgument() = 1
or
(
methodName = "search" and
source.asExpr() = mce.getArgument(0) and
mce.getNumArgument() = 1 and
// "search" is a common method name, and so we exclude chained accesses
// because `String.prototype.search` returns a number
not exists(PropAccess p | p.getBase() = mce)
)
methodName = "search" and
source.asExpr() = mce.getArgument(0) and
mce.getNumArgument() = 1 and
// "search" is a common method name, and so we exclude chained accesses
// because `String.prototype.search` returns a number
not exists(PropAccess p | p.getBase() = mce)
)
}

8
javascript/ql/src/semmle/javascript/Stmt.qll
View File

@@ -270,7 +270,7 @@ abstract class JumpStmt extends Stmt {
/** A break or continue statement. */
abstract class BreakOrContinueStmt extends JumpStmt {
/** Gets the label this statement refers to, if any. */
string getTargetLabel() { result = (getChildExpr(0).(Identifier)).getName() }
string getTargetLabel() { result = getChildExpr(0).(Identifier).getName() }
/** Holds if this statement has an explicit target label. */
predicate hasTargetLabel() { exists(getTargetLabel()) }
@@ -355,10 +355,10 @@ class ThrowStmt extends @throwstmt, JumpStmt {
*/
override ASTNode getTarget() {
if exists(TryStmt ts | getParentStmt+() = ts.getBody())
then (
getParentStmt+() = (result.(TryStmt)).getBody() and
then
getParentStmt+() = result.(TryStmt).getBody() and
not exists(TryStmt mid | getParentStmt+() = mid.getBody() and mid.getParentStmt+() = result)
) else result = getContainer()
else result = getContainer()
}
override ControlFlowNode getFirstControlFlowNode() {

10
javascript/ql/src/semmle/javascript/Variables.qll
View File

@@ -456,12 +456,10 @@ class PropertyPattern extends @property, ASTNode {
/** Gets the name of the property matched by this pattern. */
string getName() {
(
not isComputed() and
result = (getNameExpr().(Identifier)).getName()
)
not isComputed() and
result = getNameExpr().(Identifier).getName()
or
result = (getNameExpr().(Literal)).getValue()
result = getNameExpr().(Literal).getValue()
}
/** Gets the object pattern this property pattern belongs to. */
@@ -472,7 +470,7 @@ class PropertyPattern extends @property, ASTNode {
/** Holds if this pattern is impure, that is, if its evaluation could have side effects. */
predicate isImpure() {
(isComputed() and getNameExpr().isImpure())
isComputed() and getNameExpr().isImpure()
or
getValuePattern().isImpure()
}

26
javascript/ql/src/semmle/javascript/XML.qll
View File

@@ -74,13 +74,11 @@ class XMLParent extends @xmlparent {
* up to a specified (zero-based) index.
*/
deprecated string charsSetUpTo(int n) {
(n = 0 and xmlChars(_, result, this, 0, _, _))
n = 0 and xmlChars(_, result, this, 0, _, _)
or
(
n > 0 and
exists(string chars | xmlChars(_, chars, this, n, _, _) |
result = this.charsSetUpTo(n - 1) + " " + chars
)
n > 0 and
exists(string chars | xmlChars(_, chars, this, n, _, _) |
result = this.charsSetUpTo(n - 1) + " " + chars
)
}
@@ -144,15 +142,11 @@ class XMLDTD extends @xmldtd {
/** Gets a printable representation of this DTD. */
string toString() {
(
this.isPublic() and
result = this.getRoot() + " PUBLIC '" + this.getPublicId() + "' '" + this.getSystemId() + "'"
)
this.isPublic() and
result = this.getRoot() + " PUBLIC '" + this.getPublicId() + "' '" + this.getSystemId() + "'"
or
(
not this.isPublic() and
result = this.getRoot() + " SYSTEM '" + this.getSystemId() + "'"
)
not this.isPublic() and
result = this.getRoot() + " SYSTEM '" + this.getSystemId() + "'"
}
}
@@ -235,9 +229,9 @@ class XMLNamespace extends @xmlnamespace {
/** Gets a printable representation of this XML namespace. */
string toString() {
(this.isDefault() and result = this.getURI())
this.isDefault() and result = this.getURI()
or
(not this.isDefault() and result = this.getPrefix() + ":" + this.getURI())
not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
}
}

5
javascript/ql/src/semmle/javascript/dataflow/internal/FlowSteps.qll
View File

@@ -33,9 +33,8 @@ private predicate partiallyCalls(
invk.isPartialArgument(callback, _, _) and
exists(AbstractFunction callee | callee = callback.getAValue() |
if callback.getAValue().isIndefinite("global")
then (
f = callee.getFunction() and f.getFile() = invk.getFile()
) else f = callee.getFunction()
then f = callee.getFunction() and f.getFile() = invk.getFile()
else f = callee.getFunction()
)
}

8
javascript/ql/src/semmle/javascript/dataflow/internal/VariableTypeInference.qll
View File

@@ -137,11 +137,9 @@ private class AnalyzedParameter extends AnalyzedVarDef, @vardecl {
override predicate isIncomplete(DataFlow::Incompleteness cause) {
getFunction().isIncomplete(cause)
or
(
not getFunction().argumentPassing(this, _) and
getFunction().mayReceiveArgument(this) and
cause = "call"
)
not getFunction().argumentPassing(this, _) and
getFunction().mayReceiveArgument(this) and
cause = "call"
}
}

52
javascript/ql/src/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
View File

@@ -398,10 +398,8 @@ class GeneralDirective extends CustomDirective, MkCustomDirective {
result = getMember("link")
or
// { link: { pre: function preLink() { ... }, post: function postLink() { ... } } }
(
(kind = "pre" or kind = "post") and
result = getMember("link").getAPropertySource(kind)
)
(kind = "pre" or kind = "post") and
result = getMember("link").getAPropertySource(kind)
or
// { compile: function() { ... return link; } }
exists(Expr compileReturn, DataFlow::SourceNode compileReturnSrc |
@@ -413,10 +411,8 @@ class GeneralDirective extends CustomDirective, MkCustomDirective {
result = compileReturnSrc
or
// link = { pre: function preLink() { ... }, post: function postLink() { ... } }
(
(kind = "pre" or kind = "post") and
result = compileReturnSrc.getAPropertySource(kind)
)
(kind = "pre" or kind = "post") and
result = compileReturnSrc.getAPropertySource(kind)
)
}
@@ -732,20 +728,16 @@ private class ServiceMethodCall extends AngularJSCall {
service.getName() = "$sce" and
mce = service.getAMethodCall(methodName)
|
(
// specialized call
(methodName = "trustAsHtml" or methodName = "trustAsCss") and
e = mce.getArgument(0)
)
// specialized call
(methodName = "trustAsHtml" or methodName = "trustAsCss") and
e = mce.getArgument(0)
or
(
// generic call with enum argument
methodName = "trustAs" and
exists(DataFlow::PropRead prn |
prn.asExpr() = mce.getArgument(0) and
(prn = service.getAPropertyAccess("HTML") or prn = service.getAPropertyAccess("CSS")) and
e = mce.getArgument(1)
)
// generic call with enum argument
methodName = "trustAs" and
exists(DataFlow::PropRead prn |
prn.asExpr() = mce.getArgument(0) and
(prn = service.getAPropertyAccess("HTML") or prn = service.getAPropertyAccess("CSS")) and
e = mce.getArgument(1)
)
)
}
@@ -755,18 +747,14 @@ private class ServiceMethodCall extends AngularJSCall {
service.getName() = serviceName and
mce = service.getAMethodCall(methodName)
|
(
// AngularJS caches (only available during runtime, so similar to sessionStorage)
(serviceName = "$cacheFactory" or serviceName = "$templateCache") and
methodName = "put" and
e = mce.getArgument(1)
)
// AngularJS caches (only available during runtime, so similar to sessionStorage)
(serviceName = "$cacheFactory" or serviceName = "$templateCache") and
methodName = "put" and
e = mce.getArgument(1)
or
(
serviceName = "$cookies" and
(methodName = "put" or methodName = "putObject") and
e = mce.getArgument(1)
)
serviceName = "$cookies" and
(methodName = "put" or methodName = "putObject") and
e = mce.getArgument(1)
)
}

22
javascript/ql/src/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll
View File

@@ -450,9 +450,9 @@ class NgFilterChain extends TNgFilterChain, NgAstNode {
override string pp() { result = "(NgFilterChain: " + ppChildren() + ")" }
override NgAstNode getChild(int n) {
(n = 0 and result = getExpr())
n = 0 and result = getExpr()
or
(n = 1 and result = getFilter())
n = 1 and result = getFilter()
}
/**
@@ -482,9 +482,9 @@ class NgFilter extends TNgFilter, NgMaybeFilter {
override string pp() { result = "(NgFilter: " + ppChildren() + ")" }
override NgAstNode getChild(int n) {
(n = 0 and result = getHeadFilter())
n = 0 and result = getHeadFilter()
or
(n = 1 and result = getTailFilter())
n = 1 and result = getTailFilter()
}
/**
@@ -585,9 +585,9 @@ class NgCallExpr extends TNgCallExpr, NgExpr {
override string pp() { result = "(NgCallExpr: " + ppChildren() + ")" }
override NgAstNode getChild(int n) {
(n = 0 and this = TNgCallExpr(_, _, result, _))
n = 0 and this = TNgCallExpr(_, _, result, _)
or
(n = 1 and this = TNgCallExpr(_, _, _, result))
n = 1 and this = TNgCallExpr(_, _, _, result)
}
/**
@@ -660,9 +660,9 @@ class NgFilterArgument extends TNgFilterArgument, NgMaybeFilterArgument {
override string pp() { result = "(NgFilterArgument: " + ppChildren() + ")" }
override NgAstNode getChild(int n) {
(n = 0 and this = TNgFilterArgument(_, _, result, _))
n = 0 and this = TNgFilterArgument(_, _, result, _)
or
(n = 1 and this = TNgFilterArgument(_, _, _, result))
n = 1 and this = TNgFilterArgument(_, _, _, result)
}
/**
@@ -689,9 +689,9 @@ class NgConsCallArgument extends TNgConsCallArgument, NgCallArguments {
override string pp() { result = "(NgConsCallArgument: " + ppChildren() + ")" }
override NgAstNode getChild(int n) {
(n = 0 and this = TNgConsCallArgument(_, _, result, _))
n = 0 and this = TNgConsCallArgument(_, _, result, _)
or
(n = 1 and this = TNgConsCallArgument(_, _, _, result))
n = 1 and this = TNgConsCallArgument(_, _, _, result)
}
/**
@@ -761,7 +761,7 @@ private module Parser {
not exists(start.pre()) and
not exists(end.succ()) and
exists(NgToken stmtStart |
if (start.(NgOtherToken).is(":") and start.succ().(NgOtherToken).is(":"))
if start.(NgOtherToken).is(":") and start.succ().(NgOtherToken).is(":")
then (
stmtStart = start.succ().succ() and oneTime = true
) else (

224
javascript/ql/src/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll
View File

@@ -116,121 +116,115 @@ private string getBuiltinKind(string name) {
// according to https://docs.angularjs.org/api
result = "controller-only" and name = "$scope"
or
result = "service" and
(
result = "service" and
(
// ng
name = "$anchorScroll" or
name = "$animate" or
name = "$animateCss" or
name = "$cacheFactory" or
name = "$controller" or
name = "$document" or
name = "$exceptionHandler" or
name = "$filter" or
name = "$http" or
name = "$httpBackend" or
name = "$httpParamSerializer" or
name = "$httpParamSerializerJQLike" or
name = "$interpolate" or
name = "$interval" or
name = "$jsonpCallbacks" or
name = "$locale" or
name = "$location" or
name = "$log" or
name = "$parse" or
name = "$q" or
name = "$rootElement" or
name = "$rootScope" or
name = "$sce" or
name = "$sceDelegate" or
name = "$templateCache" or
name = "$templateRequest" or
name = "$timeout" or
name = "$window" or
name = "$xhrFactory" or
// auto
name = "$injector" or
name = "$provide" or
// ngAnimate
name = "$animate" or
name = "$animateCss" or
// ngAria
name = "$aria" or
// ngComponentRouter
name = "$rootRouter" or
name = "$routerRootComponent" or
// ngCookies
name = "$cookieStore" or
name = "$cookies" or
//ngMock
name = "$animate" or
name = "$componentController" or
name = "$controller" or
name = "$exceptionHandler" or
name = "$httpBackend" or
name = "$interval" or
name = "$log" or
name = "$timeout" or
//ngMockE2E
name = "$httpBackend" or
// ngResource
name = "$resource" or
// ngRoute
name = "$route" or
name = "$routeParams" or
// ngSanitize
name = "$sanitize" or
// ngTouch
name = "$swipe"
)
// ng
name = "$anchorScroll" or
name = "$animate" or
name = "$animateCss" or
name = "$cacheFactory" or
name = "$controller" or
name = "$document" or
name = "$exceptionHandler" or
name = "$filter" or
name = "$http" or
name = "$httpBackend" or
name = "$httpParamSerializer" or
name = "$httpParamSerializerJQLike" or
name = "$interpolate" or
name = "$interval" or
name = "$jsonpCallbacks" or
name = "$locale" or
name = "$location" or
name = "$log" or
name = "$parse" or
name = "$q" or
name = "$rootElement" or
name = "$rootScope" or
name = "$sce" or
name = "$sceDelegate" or
name = "$templateCache" or
name = "$templateRequest" or
name = "$timeout" or
name = "$window" or
name = "$xhrFactory" or
// auto
name = "$injector" or
name = "$provide" or
// ngAnimate
name = "$animate" or
name = "$animateCss" or
// ngAria
name = "$aria" or
// ngComponentRouter
name = "$rootRouter" or
name = "$routerRootComponent" or
// ngCookies
name = "$cookieStore" or
name = "$cookies" or
//ngMock
name = "$animate" or
name = "$componentController" or
name = "$controller" or
name = "$exceptionHandler" or
name = "$httpBackend" or
name = "$interval" or
name = "$log" or
name = "$timeout" or
//ngMockE2E
name = "$httpBackend" or
// ngResource
name = "$resource" or
// ngRoute
name = "$route" or
name = "$routeParams" or
// ngSanitize
name = "$sanitize" or
// ngTouch
name = "$swipe"
)
or
result = "provider" and
(
result = "provider" and
(
// ng
name = "$anchorScrollProvider" or
name = "$animateProvider" or
name = "$compileProvider" or
name = "$controllerProvider" or
name = "$filterProvider" or
name = "$httpProvider" or
name = "$interpolateProvider" or
name = "$locationProvider" or
name = "$logProvider" or
name = "$parseProvider" or
name = "$provider" or
name = "$qProvider" or
name = "$rootScopeProvider" or
name = "$sceDelegateProvider" or
name = "$sceProvider" or
name = "$templateRequestProvider" or
// ngAria
name = "$ariaProvider" or
// ngCookies
name = "$cookiesProvider" or
// ngmock
name = "$exceptionHandlerProvider" or
// ngResource
name = "$resourceProvider" or
// ngRoute
name = "$routeProvider" or
// ngSanitize
name = "$sanitizeProvider"
)
// ng
name = "$anchorScrollProvider" or
name = "$animateProvider" or
name = "$compileProvider" or
name = "$controllerProvider" or
name = "$filterProvider" or
name = "$httpProvider" or
name = "$interpolateProvider" or
name = "$locationProvider" or
name = "$logProvider" or
name = "$parseProvider" or
name = "$provider" or
name = "$qProvider" or
name = "$rootScopeProvider" or
name = "$sceDelegateProvider" or
name = "$sceProvider" or
name = "$templateRequestProvider" or
// ngAria
name = "$ariaProvider" or
// ngCookies
name = "$cookiesProvider" or
// ngmock
name = "$exceptionHandlerProvider" or
// ngResource
name = "$resourceProvider" or
// ngRoute
name = "$routeProvider" or
// ngSanitize
name = "$sanitizeProvider"
)
or
result = "type" and
(
result = "type" and
(
// ng
name = "$cacheFactory" or
name = "$compile" or
name = "$rootScope" or
// ngMock
name = "$rootScope"
)
// ng
name = "$cacheFactory" or
name = "$compile" or
name = "$rootScope" or
// ngMock
name = "$rootScope"
)
}
@@ -319,16 +313,12 @@ private predicate isCustomServiceDefinitionOnProvider(
) {
mce = builtinServiceRef(providerName).getAMethodCall(providerMethodName) and
(
(
mce.getNumArgument() = 1 and
factoryFunction.flowsTo(mce.getOptionArgument(0, serviceName))
)
mce.getNumArgument() = 1 and
factoryFunction.flowsTo(mce.getOptionArgument(0, serviceName))
or
(
mce.getNumArgument() = 2 and
mce.getArgument(0).asExpr().mayHaveStringValue(serviceName) and
factoryFunction.flowsTo(mce.getArgument(1))
)
mce.getNumArgument() = 2 and
mce.getArgument(0).asExpr().mayHaveStringValue(serviceName) and
factoryFunction.flowsTo(mce.getArgument(1))
)
}

6
javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll
View File

@@ -163,10 +163,8 @@ private class FetchUrlRequest extends CustomClientRequest {
url = getArgument(0)
)
or
(
this = DataFlow::globalVarRef("fetch").getACall() and
url = getArgument(0)
)
this = DataFlow::globalVarRef("fetch").getACall() and
url = getArgument(0)
}
override DataFlow::Node getUrl() { result = url }

2
javascript/ql/src/semmle/javascript/frameworks/ConnectExpressShared.qll
View File

@@ -37,7 +37,7 @@ module ConnectExpressShared {
exists(string request, string response, string next, string error |
(request = "request" or request = "req") and
(response = "response" or response = "res") and
(next = "next") and
next = "next" and
(error = "error" or error = "err")
|
// heuristic: parameter names match the documentation

12
javascript/ql/src/semmle/javascript/frameworks/CryptoLibraries.qll
View File

@@ -88,19 +88,19 @@ private import AlgorithmNames
*/
private newtype TCryptographicAlgorithm =
MkHashingAlgorithm(string name, boolean isWeak) {
(isStrongHashingAlgorithm(name) and isWeak = false)
isStrongHashingAlgorithm(name) and isWeak = false
or
(isWeakHashingAlgorithm(name) and isWeak = true)
isWeakHashingAlgorithm(name) and isWeak = true
} or
MkEncryptionAlgorithm(string name, boolean isWeak) {
(isStrongEncryptionAlgorithm(name) and isWeak = false)
isStrongEncryptionAlgorithm(name) and isWeak = false
or
(isWeakEncryptionAlgorithm(name) and isWeak = true)
isWeakEncryptionAlgorithm(name) and isWeak = true
} or
MkPasswordHashingAlgorithm(string name, boolean isWeak) {
(isStrongPasswordHashingAlgorithm(name) and isWeak = false)
isStrongPasswordHashingAlgorithm(name) and isWeak = false
or
(isWeakPasswordHashingAlgorithm(name) and isWeak = true)
isWeakPasswordHashingAlgorithm(name) and isWeak = true
}
/**

6
javascript/ql/src/semmle/javascript/frameworks/Hapi.qll
View File

@@ -213,10 +213,8 @@ module Hapi {
astNode.getParameter(0).getName() = request and
astNode.getParameter(1).getName() = responseToolkit
|
not (
// heuristic: is not invoked (Hapi invokes this at a call site we cannot reason precisely about)
exists(DataFlow::InvokeNode cs | cs.getACallee() = astNode)
)
// heuristic: is not invoked (Hapi invokes this at a call site we cannot reason precisely about)
not exists(DataFlow::InvokeNode cs | cs.getACallee() = astNode)
)
}
}

170
javascript/ql/src/semmle/javascript/frameworks/LodashUnderscore.qll
View File

@@ -65,101 +65,93 @@ private class AnalyzedThisInBoundCallback extends AnalyzedNode, DataFlow::ThisNo
thisSource = bindingCall.getArgument(contextIndex)
|
(
(
binderName = "bind" or
binderName = "callback" or
binderName = "iteratee"
) and
callbackIndex = 0 and
contextIndex = 1 and
argumentCount = 2
)
binderName = "bind" or
binderName = "callback" or
binderName = "iteratee"
) and
callbackIndex = 0 and
contextIndex = 1 and
argumentCount = 2
or
(
(
binderName = "all" or
binderName = "any" or
binderName = "collect" or
binderName = "countBy" or
binderName = "detect" or
binderName = "dropRightWhile" or
binderName = "dropWhile" or
binderName = "each" or
binderName = "eachRight" or
binderName = "every" or
binderName = "filter" or
binderName = "find" or
binderName = "findIndex" or
binderName = "findKey" or
binderName = "findLast" or
binderName = "findLastIndex" or
binderName = "findLastKey" or
binderName = "forEach" or
binderName = "forEachRight" or
binderName = "forIn" or
binderName = "forInRight" or
binderName = "groupBy" or
binderName = "indexBy" or
binderName = "map" or
binderName = "mapKeys" or
binderName = "mapValues" or
binderName = "max" or
binderName = "min" or
binderName = "omit" or
binderName = "partition" or
binderName = "pick" or
binderName = "reject" or
binderName = "remove" or
binderName = "select" or
binderName = "some" or
binderName = "sortBy" or
binderName = "sum" or
binderName = "takeRightWhile" or
binderName = "takeWhile" or
binderName = "tap" or
binderName = "thru" or
binderName = "times" or
binderName = "unzipWith" or
binderName = "zipWith"
) and
callbackIndex = 1 and
contextIndex = 2 and
argumentCount = 3
)
binderName = "all" or
binderName = "any" or
binderName = "collect" or
binderName = "countBy" or
binderName = "detect" or
binderName = "dropRightWhile" or
binderName = "dropWhile" or
binderName = "each" or
binderName = "eachRight" or
binderName = "every" or
binderName = "filter" or
binderName = "find" or
binderName = "findIndex" or
binderName = "findKey" or
binderName = "findLast" or
binderName = "findLastIndex" or
binderName = "findLastKey" or
binderName = "forEach" or
binderName = "forEachRight" or
binderName = "forIn" or
binderName = "forInRight" or
binderName = "groupBy" or
binderName = "indexBy" or
binderName = "map" or
binderName = "mapKeys" or
binderName = "mapValues" or
binderName = "max" or
binderName = "min" or
binderName = "omit" or
binderName = "partition" or
binderName = "pick" or
binderName = "reject" or
binderName = "remove" or
binderName = "select" or
binderName = "some" or
binderName = "sortBy" or
binderName = "sum" or
binderName = "takeRightWhile" or
binderName = "takeWhile" or
binderName = "tap" or
binderName = "thru" or
binderName = "times" or
binderName = "unzipWith" or
binderName = "zipWith"
) and
callbackIndex = 1 and
contextIndex = 2 and
argumentCount = 3
or
(
(
binderName = "foldl" or
binderName = "foldr" or
binderName = "inject" or
binderName = "reduce" or
binderName = "reduceRight" or
binderName = "transform"
) and
callbackIndex = 1 and
contextIndex = 3 and
argumentCount = 4
)
binderName = "foldl" or
binderName = "foldr" or
binderName = "inject" or
binderName = "reduce" or
binderName = "reduceRight" or
binderName = "transform"
) and
callbackIndex = 1 and
contextIndex = 3 and
argumentCount = 4
or
(
(
binderName = "sortedlastIndex"
or
binderName = "assign"
or
binderName = "eq"
or
binderName = "extend"
or
binderName = "merge"
or
binderName = "sortedIndex" and
binderName = "uniq"
) and
callbackIndex = 2 and
contextIndex = 3 and
argumentCount = 4
)
binderName = "sortedlastIndex"
or
binderName = "assign"
or
binderName = "eq"
or
binderName = "extend"
or
binderName = "merge"
or
binderName = "sortedIndex" and
binderName = "uniq"
) and
callbackIndex = 2 and
contextIndex = 3 and
argumentCount = 4
)
}

16
javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll
View File

@@ -243,22 +243,22 @@ module NodeJSLib {
PathFlowTarget() {
exists(string methodName | this = DataFlow::moduleMember("path", methodName).getACall() |
// getters
(methodName = "basename" and tainted = getArgument(0))
methodName = "basename" and tainted = getArgument(0)
or
(methodName = "dirname" and tainted = getArgument(0))
methodName = "dirname" and tainted = getArgument(0)
or
(methodName = "extname" and tainted = getArgument(0))
methodName = "extname" and tainted = getArgument(0)
or
// transformers
(methodName = "join" and tainted = getAnArgument())
methodName = "join" and tainted = getAnArgument()
or
(methodName = "normalize" and tainted = getArgument(0))
methodName = "normalize" and tainted = getArgument(0)
or
(methodName = "relative" and tainted = getArgument([0 .. 1]))
methodName = "relative" and tainted = getArgument([0 .. 1])
or
(methodName = "resolve" and tainted = getAnArgument())
methodName = "resolve" and tainted = getAnArgument()
or
(methodName = "toNamespacedPath" and tainted = getArgument(0))
methodName = "toNamespacedPath" and tainted = getArgument(0)
)
}

30
javascript/ql/src/semmle/javascript/frameworks/PkgCloud.qll
View File

@@ -60,30 +60,24 @@ module PkgCloud {
* - RedisToGo
*/
kind = "user name" and
(
kind = "user name" and
(
propertyName = "account" or
propertyName = "keyId" or
propertyName = "storageAccount" or
propertyName = "username"
)
propertyName = "account" or
propertyName = "keyId" or
propertyName = "storageAccount" or
propertyName = "username"
)
or
kind = "password" and
(
kind = "password" and
(
propertyName = "key" or
propertyName = "apiKey" or
propertyName = "storageAccessKey" or
propertyName = "password"
)
propertyName = "key" or
propertyName = "apiKey" or
propertyName = "storageAccessKey" or
propertyName = "password"
)
or
(
kind = "token" and
(propertyName = "token")
)
kind = "token" and
propertyName = "token"
)
}

56
javascript/ql/src/semmle/javascript/frameworks/PropertyProjection.qll
View File

@@ -69,17 +69,13 @@ private class SimplePropertyProjection extends CustomPropertyProjection {
exists(DataFlow::SourceNode callee | this = callee.getACall() |
singleton = false and
(
(
callee = LodashUnderscore::member("pick") and
objectIndex = 0 and
selectorIndex = [1 .. getNumArgument()]
)
callee = LodashUnderscore::member("pick") and
objectIndex = 0 and
selectorIndex = [1 .. getNumArgument()]
or
(
callee = LodashUnderscore::member("pickBy") and
objectIndex = 0 and
selectorIndex = 1
)
callee = LodashUnderscore::member("pickBy") and
objectIndex = 0 and
selectorIndex = 1
or
exists(string name |
name = "pick" or
@@ -91,38 +87,28 @@ private class SimplePropertyProjection extends CustomPropertyProjection {
selectorIndex = 0
)
or
(
callee = DataFlow::moduleMember("dotty", "search") and
objectIndex = 0 and
selectorIndex = 1
)
callee = DataFlow::moduleMember("dotty", "search") and
objectIndex = 0 and
selectorIndex = 1
)
or
singleton = true and
(
(
callee = LodashUnderscore::member("get") and
objectIndex = 0 and
selectorIndex = 1
)
callee = LodashUnderscore::member("get") and
objectIndex = 0 and
selectorIndex = 1
or
(
callee = DataFlow::moduleMember("ramda", "path") and
objectIndex = 1 and
selectorIndex = 0
)
callee = DataFlow::moduleMember("ramda", "path") and
objectIndex = 1 and
selectorIndex = 0
or
(
callee = DataFlow::moduleMember("dottie", "get") and
objectIndex = 0 and
selectorIndex = 1
)
callee = DataFlow::moduleMember("dottie", "get") and
objectIndex = 0 and
selectorIndex = 1
or
(
callee = DataFlow::moduleMember("dotty", "get") and
objectIndex = 0 and
selectorIndex = 1
)
callee = DataFlow::moduleMember("dotty", "get") and
objectIndex = 0 and
selectorIndex = 1
)
)
}

20
javascript/ql/src/semmle/javascript/frameworks/Request.qll
View File

@@ -25,11 +25,11 @@ module Request {
auth = action.getAMemberCall("auth").asExpr() and
this = auth.getArgument(argIndex)
|
(argIndex = 0 and kind = "user name")
argIndex = 0 and kind = "user name"
or
(argIndex = 1 and kind = "password")
argIndex = 1 and kind = "password"
or
(argIndex = 3 and kind = "token")
argIndex = 3 and kind = "token"
)
or
exists(DataFlow::ObjectLiteralNode auth, string propertyName |
@@ -37,17 +37,13 @@ module Request {
auth.flowsTo(action.getOptionArgument(1, "auth")) and
auth.hasPropertyWrite(propertyName, DataFlow::valueNode(this))
|
(
(propertyName = "user" or propertyName = "username") and
kind = "user name"
)
(propertyName = "user" or propertyName = "username") and
kind = "user name"
or
(
(propertyName = "pass" or propertyName = "password") and
kind = "password"
)
(propertyName = "pass" or propertyName = "password") and
kind = "password"
or
(propertyName = "bearer" and kind = "token")
propertyName = "bearer" and kind = "token"
)
)
}

156
javascript/ql/src/semmle/javascript/linters/JSLint.qll
View File

@@ -48,13 +48,13 @@ abstract class JSLintDirective extends SlashStarComment {
(
fsl < dsl
or
(fsl = dsl and fsc <= dsc)
fsl = dsl and fsc <= dsc
) and
// and it ends after this directive
(
del < fel
or
(del = fel and dec <= fec)
del = fel and dec <= fec
)
)
}
@@ -153,100 +153,90 @@ class JSLintOptions extends JSLintDirective {
*/
private string jsLintImplicitGlobal(string category) {
// cf. http://www.jslint.com/help.html#global
category = "browser" and
(
category = "browser" and
(
result = "clearInterval" or
result = "clearTimeout" or
result = "document" or
result = "event" or
result = "frames" or
result = "history" or
result = "Image" or
result = "location" or
result = "name" or
result = "navigator" or
result = "Option" or
result = "parent" or
result = "screen" or
result = "setInterval" or
result = "setTimeout" or
result = "window" or
result = "XMLHttpRequest"
)
result = "clearInterval" or
result = "clearTimeout" or
result = "document" or
result = "event" or
result = "frames" or
result = "history" or
result = "Image" or
result = "location" or
result = "name" or
result = "navigator" or
result = "Option" or
result = "parent" or
result = "screen" or
result = "setInterval" or
result = "setTimeout" or
result = "window" or
result = "XMLHttpRequest"
)
or
category = "devel" and
(
category = "devel" and
(
result = "alert" or
result = "confirm" or
result = "console" or
result = "Debug" or
result = "opera" or
result = "prompt" or
result = "WSH"
)
result = "alert" or
result = "confirm" or
result = "console" or
result = "Debug" or
result = "opera" or
result = "prompt" or
result = "WSH"
)
or
category = "node" and
(
category = "node" and
(
result = "Buffer" or
result = "clearInterval" or
result = "clearTimeout" or
result = "console" or
result = "exports" or
result = "result" or
result = "module" or
result = "process" or
result = "querystring" or
result = "require" or
result = "setInterval" or
result = "setTimeout" or
result = "__filename" or
result = "__dirname"
)
result = "Buffer" or
result = "clearInterval" or
result = "clearTimeout" or
result = "console" or
result = "exports" or
result = "result" or
result = "module" or
result = "process" or
result = "querystring" or
result = "require" or
result = "setInterval" or
result = "setTimeout" or
result = "__filename" or
result = "__dirname"
)
or
category = "couch" and
(
category = "couch" and
(
result = "emit" or
result = "getRow" or
result = "isArray" or
result = "log" or
result = "provides" or
result = "registerType" or
result = "require" or
result = "send" or
result = "start" or
result = "sum" or
result = "toJSON"
)
result = "emit" or
result = "getRow" or
result = "isArray" or
result = "log" or
result = "provides" or
result = "registerType" or
result = "require" or
result = "send" or
result = "start" or
result = "sum" or
result = "toJSON"
)
or
category = "rhino" and
(
category = "rhino" and
(
result = "defineClass" or
result = "deserialize" or
result = "gc" or
result = "help" or
result = "load" or
result = "loadClass" or
result = "print" or
result = "quit" or
result = "readFile" or
result = "readUrl" or
result = "runCommand" or
result = "seal" or
result = "serialize" or
result = "spawn" or
result = "sync" or
result = "toint32" or
result = "version"
)
result = "defineClass" or
result = "deserialize" or
result = "gc" or
result = "help" or
result = "load" or
result = "loadClass" or
result = "print" or
result = "quit" or
result = "readFile" or
result = "readUrl" or
result = "runCommand" or
result = "seal" or
result = "serialize" or
result = "spawn" or
result = "sync" or
result = "toint32" or
result = "version"
)
}