hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

recognize the define(..) call in PackageExports.qll

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-05-05 11:23:25 +02:00
parent 3ca670146e
commit 28eef264e5
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/PackageExports.qll
View File

@@ -67,7 +67,8 @@ private DataFlow::Node getAValueExportedByPackage() {
exists(ImmediatelyInvokedFunctionExpr func, DataFlow::ParameterNode prev, int i |
prev.getName() = "factory" and
func.getParameter(i) = prev.getParameter() and
result = func.getInvocation().getArgument(i).flow().getAFunctionValue().getAReturn()
result = func.getInvocation().getArgument(i).flow().getAFunctionValue().getAReturn() and
DataFlow::globalVarRef("define").getACall().getArgument(1) = prev.getALocalUse()
)
or
// the exported value is a call to a unique callee