hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20844 from Eliav2/20823-globalVarRef-document-defaultView

Browse Source 
javascript: Add support for `document.defaultView` in global variable references
This commit is contained in:
Asger F
2025-11-27 11:50:23 +01:00
committed by GitHub
parent 7db06ca573 69ba764e9d
commit 0896be0df6
6 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/lib/change-notes/2025-11-19-default-view.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
---
- JavaScript `DataFlow::globalVarRef` now recognizes `document.defaultView` as an alias of `window`, allowing flows such as `document.defaultView.history.pushState(...)` to be modeled and found by queries relying on `globalVarRef("history")`.

3
javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll
View File

@@ -393,6 +393,9 @@ DataFlow::SourceNode globalObjectRef() {
// DOM // DOM
result = globalVariable("window") result = globalVariable("window")
or or
// DOM alias via `document.defaultView`
result = globalVariable("document").getAPropertyRead("defaultView")
or
// Node.js // Node.js
result = globalVariable("global") result = globalVariable("global")
or or

3
javascript/ql/test/library-tests/Nodes/globalObjectRef.expected
View File

@@ -5,9 +5,12 @@
| tst2.js:8:1:8:6 | global | | tst2.js:8:1:8:6 | global |
| tst3.js:1:1:1:0 | this | | tst3.js:1:1:1:0 | this |
| tst3.js:3:9:3:19 | goog.global | | tst3.js:3:9:3:19 | goog.global |
| tst4.js:1:1:1:0 | this |
| tst4.js:1:1:1:38 | require ... ultView |
| tst.js:1:1:1:0 | this | | tst.js:1:1:1:0 | this |
| tst.js:1:1:1:6 | window | | tst.js:1:1:1:6 | window |
| tst.js:3:1:3:6 | window | | tst.js:3:1:3:6 | window |
| tst.js:4:1:4:6 | window | | tst.js:4:1:4:6 | window |
| tst.js:5:1:5:4 | self | | tst.js:5:1:5:4 | self |
| tst.js:6:1:6:10 | globalThis | | tst.js:6:1:6:10 | globalThis |
| tst.js:7:1:7:20 | document.defaultView |

4
javascript/ql/test/library-tests/Nodes/globalVarRef.expected
View File

@@ -1,15 +1,19 @@
| Object | tst2.js:8:1:8:13 | global.Object | | Object | tst2.js:8:1:8:13 | global.Object |
| String | tst2.js:9:1:9:11 | this.String | | String | tst2.js:9:1:9:11 | this.String |
| document | tst2.js:2:1:2:26 | require ... ument") | | document | tst2.js:2:1:2:26 | require ... ument") |
| document | tst4.js:1:1:1:26 | require ... ument") |
| document | tst.js:3:1:3:15 | window.document | | document | tst.js:3:1:3:15 | window.document |
| document | tst.js:5:1:5:13 | self.document | | document | tst.js:5:1:5:13 | self.document |
| document | tst.js:6:1:6:19 | globalThis.document | | document | tst.js:6:1:6:19 | globalThis.document |
| document | tst.js:7:1:7:8 | document |
| foo | tst3.js:4:1:4:5 | w.foo | | foo | tst3.js:4:1:4:5 | w.foo |
| global | tst2.js:7:1:7:6 | global | | global | tst2.js:7:1:7:6 | global |
| global | tst2.js:8:1:8:6 | global | | global | tst2.js:8:1:8:6 | global |
| globalThis | tst.js:6:1:6:10 | globalThis | | globalThis | tst.js:6:1:6:10 | globalThis |
| goog | tst3.js:1:1:1:4 | goog | | goog | tst3.js:1:1:1:4 | goog |
| goog | tst3.js:3:9:3:12 | goog | | goog | tst3.js:3:9:3:12 | goog |
| history | tst4.js:1:1:1:46 | require ... history |
| history | tst.js:7:1:7:28 | documen ... history |
| self | tst.js:5:1:5:4 | self | | self | tst.js:5:1:5:4 | self |
| setTimeout | tst2.js:5:1:5:12 | g.setTimeout | | setTimeout | tst2.js:5:1:5:12 | g.setTimeout |
| window | tst2.js:3:1:3:24 | require ... indow") | | window | tst2.js:3:1:3:24 | require ... indow") |

1
javascript/ql/test/library-tests/Nodes/tst.js
View File

@@ -4,3 +4,4 @@ window.document;
window.window.document; window.window.document;
self.document; self.document;
globalThis.document; globalThis.document;
document.defaultView.history;

1
javascript/ql/test/library-tests/Nodes/tst4.js Normal file
View File

@@ -0,0 +1 @@
require("global/document").defaultView.history;