hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port Angular2 test

Browse Source
This commit is contained in:
Asger F
2023-10-05 15:05:59 +02:00
parent 92812eee78
commit 09b0ba0c1f
2 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
javascript/ql/test/library-tests/frameworks/Angular2/test.expected
View File

@@ -1,3 +1,4 @@
legacyDataFlowDifference
pipeRef
| source.component.html:3:22:3:32 | unknownPipe |
| source.component.html:4:22:4:32 | unknownPipe |

22
javascript/ql/test/library-tests/frameworks/Angular2/test.ql
View File

@@ -14,21 +14,31 @@ query Angular2::PipeClass pipeClass() { any() }
query DataFlow::Node pipeClassRef(Angular2::PipeClass cls) { result = cls.getAPipeRef() }
class TaintConfig extends TaintTracking::Configuration {
TaintConfig() { this = "TaintConfig" }
override predicate isSource(DataFlow::Node source) {
module TestConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source.(DataFlow::CallNode).getCalleeName() = "source"
}
override predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink }
predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink }
}
module TestFlow = TaintTracking::Global<TestConfig>;
query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) {
any(TaintConfig c).hasFlow(source, sink)
TestFlow::flow(source, sink)
}
query predicate testAttrSourceLocation(HTML::Attribute attrib, Angular2::TemplateTopLevel top) {
attrib.getName() = "[testAttr]" and
top = attrib.getCodeInAttribute()
}
class LegacyConfig extends TaintTracking::Configuration {
LegacyConfig() { this = "LegacyConfig" }
override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) }
override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) }
}
import testUtilities.LegacyDataFlowDiff::DataFlowDiff<TestFlow, LegacyConfig>