add model for htmlparser2

2026-04-28 10:15:14 +02:00 · 2021-02-04 18:26:24 +01:00
parent e2a66bf3ed
commit 0ca2310594
3 changed files with 39 additions and 0 deletions
--- a/javascript/ql/src/semmle/javascript/frameworks/XmlParsers.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/XmlParsers.qll
@@ -247,6 +247,35 @@ module XML {
    override js::DataFlow::Node getAResult() { result.asExpr() = this }
  }

+  /**
+   * An invocation of `htmlparser2`.
+   */
+  private class HtmlParser2Invocation extends XML::ParserInvocation {
+    js::DataFlow::NewNode parser;
+
+    HtmlParser2Invocation() {
+      parser = js::DataFlow::moduleMember("htmlparser2", "Parser").getAnInstantiation() and
+      this = parser.getAMemberCall("write").asExpr()
+    }
+
+    override js::Expr getSourceArgument() { result = getArgument(0) }
+
+    override predicate resolvesEntities(XML::EntityKind kind) {
+      // htmlparser2 does not expand entities.
+      none()
+    }
+
+    override js::DataFlow::Node getAResult() {
+      result =
+        parser
+            .getArgument(0)
+            .getALocalSource()
+            .getAPropertySource()
+            .getAFunctionValue()
+            .getAParameter()
+    }
+  }
+
  private class XMLParserTaintStep extends js::TaintTracking::AdditionalTaintStep {
    XML::ParserInvocation parser;