hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactored the attribute checks based on code-review

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2019-10-02 15:46:20 +02:00
parent 1bbe1ecdba
commit 0b48999718
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/src/Statements/UseOfReturnlessFunction.ql
View File

@@ -50,6 +50,10 @@ predicate benignContext(Expr e) {
exists(VoidExpr voidExpr | voidExpr.getOperand() = e)
or
// weeds out calls inside HTML-attributes.
e.getContainer() instanceof CodeInAttribute or
// and JSX-attributes.
e = any(JSXAttribute attr).getValue() or
// It is ok (or to be flagged by another query?) to await a non-async function.
exists(AwaitExpr await | await.getOperand() = e and benignContext(await))
@@ -83,11 +87,6 @@ predicate callBlacklist(DataFlow::CallNode call) {
// anonymous one-shot closure. Those are used in weird ways and we ignore them.
call.asExpr() = any(ImmediatelyInvokedFunctionExpr f).getInvocation() or
// weeds out calls inside html-attributes.
call.asExpr().getParent*() instanceof CodeInAttribute or
// and JSX-attributes.
call.asExpr().getParent*() instanceof JSXAttribute or
// Calls on "this" tend to overloaded. So future overloads might start returning something.
call.asExpr().(MethodCallExpr).getReceiver() instanceof ThisExpr or