Merge pull request #5990 from erik-krogh/prettier

Approved by asgerf
2026-04-26 09:15:12 +02:00 · 2021-06-08 12:17:24 -07:00
parent 8fb15666ee 4b98af0c2b
commit 169e67cbb8
9 changed files with 133 additions and 0 deletions
--- a/javascript/ql/src/javascript.qll
+++ b/javascript/ql/src/javascript.qll
@@ -104,6 +104,7 @@ import semmle.javascript.frameworks.Nest
 import semmle.javascript.frameworks.Next
 import semmle.javascript.frameworks.NoSQL
 import semmle.javascript.frameworks.PkgCloud
+import semmle.javascript.frameworks.Prettier
 import semmle.javascript.frameworks.PropertyProjection
 import semmle.javascript.frameworks.Puppeteer
 import semmle.javascript.frameworks.React
--- a/javascript/ql/src/semmle/javascript/frameworks/Prettier.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Prettier.qll
@@ -0,0 +1,29 @@
+/**
+ * Provides classes and predicates for working with the [prettier](https://www.npmjs.com/package/prettier) library.
+ */
+
+import javascript
+
+/** Provides classes and predicates modelling aspects of the [prettier](https://www.npmjs.com/package/prettier) library. */
+private module Prettier {
+  /**
+   * A taint step from the [prettier API](https://prettier.io/docs/en/api.html).
+   */
+  private class PrettierTaintStep extends TaintTracking::SharedTaintStep {
+    override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+      exists(API::CallNode call |
+        call = API::moduleImport("prettier").getMember("format").getACall()
+      |
+        pred = call.getArgument(0) and
+        succ = call
+      )
+      or
+      exists(API::CallNode call |
+        call = API::moduleImport("prettier").getMember("formatWithCursor").getACall()
+      |
+        pred = call.getArgument(0) and
+        succ = call.getReturn().getMember("formatted").getAnImmediateUse()
+      )
+    }
+  }
+}
--- a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
@@ -661,6 +661,27 @@ module TaintedPath {
    }
  }

+  /**
+   * An argument given to the `prettier` library specifying the location of a config file.
+   */
+  private class PrettierFileSink extends TaintedPath::Sink {
+    PrettierFileSink() {
+      this =
+        API::moduleImport("prettier")
+            .getMember(["resolveConfig", "resolveConfigFile", "getFileInfo"])
+            .getACall()
+            .getArgument(0)
+      or
+      this =
+        API::moduleImport("prettier")
+            .getMember("resolveConfig")
+            .getACall()
+            .getParameter(1)
+            .getMember("config")
+            .getARhs()
+    }
+  }
+
  /**
   * Holds if there is a step `src -> dst` mapping `srclabel` to `dstlabel` relevant for path traversal vulnerabilities.
   */