JS: Rewrite LodashUnderscore::AnalyzedThisInBoundCallback

2026-05-01 03:35:13 +02:00 · 2020-02-06 12:38:54 +00:00
parent fea5a4331d
commit 254af4f3a8
1 changed files with 71 additions and 74 deletions
--- a/javascript/ql/src/semmle/javascript/frameworks/LodashUnderscore.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/LodashUnderscore.qll
@@ -407,103 +407,100 @@ module LodashUnderscore {
 * However, since the function could be invoked in another way, we additionally
 * still infer the ordinary abstract value.
 */
-private class AnalyzedThisInBoundCallback extends AnalyzedNode, DataFlow::ThisNode {
-  AnalyzedNode thisSource;
+private class LodashCallbackAsPartialInvoke extends DataFlow::PartialInvokeNode::Range,
+  DataFlow::CallNode {
+  int callbackIndex;
+  int contextIndex;

-  AnalyzedThisInBoundCallback() {
-    exists(
-      DataFlow::CallNode bindingCall, string binderName, int callbackIndex, int contextIndex,
-      int argumentCount
-    |
-      bindingCall = LodashUnderscore::member(binderName).getACall() and
-      bindingCall.getNumArgument() = argumentCount and
-      getBinder() = bindingCall.getCallback(callbackIndex) and
-      thisSource = bindingCall.getArgument(contextIndex)
+  LodashCallbackAsPartialInvoke() {
+    exists(string name, int argumentCount |
+      this = LodashUnderscore::member(name).getACall() and
+      getNumArgument() = argumentCount
    |
      (
-        binderName = "bind" or
-        binderName = "callback" or
-        binderName = "iteratee"
+        name = "bind" or
+        name = "callback" or
+        name = "iteratee"
      ) and
      callbackIndex = 0 and
      contextIndex = 1 and
      argumentCount = 2
      or
      (
-        binderName = "all" or
-        binderName = "any" or
-        binderName = "collect" or
-        binderName = "countBy" or
-        binderName = "detect" or
-        binderName = "dropRightWhile" or
-        binderName = "dropWhile" or
-        binderName = "each" or
-        binderName = "eachRight" or
-        binderName = "every" or
-        binderName = "filter" or
-        binderName = "find" or
-        binderName = "findIndex" or
-        binderName = "findKey" or
-        binderName = "findLast" or
-        binderName = "findLastIndex" or
-        binderName = "findLastKey" or
-        binderName = "forEach" or
-        binderName = "forEachRight" or
-        binderName = "forIn" or
-        binderName = "forInRight" or
-        binderName = "groupBy" or
-        binderName = "indexBy" or
-        binderName = "map" or
-        binderName = "mapKeys" or
-        binderName = "mapValues" or
-        binderName = "max" or
-        binderName = "min" or
-        binderName = "omit" or
-        binderName = "partition" or
-        binderName = "pick" or
-        binderName = "reject" or
-        binderName = "remove" or
-        binderName = "select" or
-        binderName = "some" or
-        binderName = "sortBy" or
-        binderName = "sum" or
-        binderName = "takeRightWhile" or
-        binderName = "takeWhile" or
-        binderName = "tap" or
-        binderName = "thru" or
-        binderName = "times" or
-        binderName = "unzipWith" or
-        binderName = "zipWith"
+        name = "all" or
+        name = "any" or
+        name = "collect" or
+        name = "countBy" or
+        name = "detect" or
+        name = "dropRightWhile" or
+        name = "dropWhile" or
+        name = "each" or
+        name = "eachRight" or
+        name = "every" or
+        name = "filter" or
+        name = "find" or
+        name = "findIndex" or
+        name = "findKey" or
+        name = "findLast" or
+        name = "findLastIndex" or
+        name = "findLastKey" or
+        name = "forEach" or
+        name = "forEachRight" or
+        name = "forIn" or
+        name = "forInRight" or
+        name = "groupBy" or
+        name = "indexBy" or
+        name = "map" or
+        name = "mapKeys" or
+        name = "mapValues" or
+        name = "max" or
+        name = "min" or
+        name = "omit" or
+        name = "partition" or
+        name = "pick" or
+        name = "reject" or
+        name = "remove" or
+        name = "select" or
+        name = "some" or
+        name = "sortBy" or
+        name = "sum" or
+        name = "takeRightWhile" or
+        name = "takeWhile" or
+        name = "tap" or
+        name = "thru" or
+        name = "times" or
+        name = "unzipWith" or
+        name = "zipWith"
      ) and
      callbackIndex = 1 and
      contextIndex = 2 and
      argumentCount = 3
      or
      (
-        binderName = "foldl" or
-        binderName = "foldr" or
-        binderName = "inject" or
-        binderName = "reduce" or
-        binderName = "reduceRight" or
-        binderName = "transform"
+        name = "foldl" or
+        name = "foldr" or
+        name = "inject" or
+        name = "reduce" or
+        name = "reduceRight" or
+        name = "transform"
      ) and
      callbackIndex = 1 and
      contextIndex = 3 and
      argumentCount = 4
      or
      (
-        binderName = "sortedlastIndex"
+        name = "sortedlastIndex"
        or
-        binderName = "assign"
+        name = "assign"
        or
-        binderName = "eq"
+        name = "eq"
        or
-        binderName = "extend"
+        name = "extend"
        or
-        binderName = "merge"
+        name = "merge"
        or
-        binderName = "sortedIndex" and
-        binderName = "uniq"
+        name = "sortedIndex" and
+        name = "uniq"
      ) and
      callbackIndex = 2 and
      contextIndex = 3 and
@@ -511,8 +508,8 @@ private class AnalyzedThisInBoundCallback extends AnalyzedNode, DataFlow::ThisNo
    )
  }

-  override AbstractValue getALocalValue() {
-    result = thisSource.getALocalValue() or
-    result = AnalyzedNode.super.getALocalValue()
+  override DataFlow::Node getBoundReceiver(DataFlow::Node callback) {
+    callback = getArgument(callbackIndex) and
+    result = getArgument(contextIndex)
  }
 }